Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

trojan or spyware cannot remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

trojan or spyware cannot remove

Unread postby jb1111 » May 22nd, 2009, 12:39 pm

Hello,

I have ran AVG, removed it and ran Avast, Sptbot S&d, Spyware Blaster, Antimalware and Zone Alarm and still have problems.

Any help is greatly appreciated. Here is a copy of my hijackthis log.

Thank you,
JB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:53 AM, on 5/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ablyss.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rpt
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEEventObj Class - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-790525478-1409082233-682003330-1009\..\Run: [Google Update] "C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-790525478-1409082233-682003330-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSIns ... 2101-27-28
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8735268923
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9058621421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9513 bytes
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm
Advertisement
Register to Remove

Re: trojan or spyware cannot remove

Unread postby Katana » May 24th, 2009, 5:54 pm

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

What problems are you having ?


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » May 26th, 2009, 7:25 pm

Hi Katana,

Thank you for your help. Here are the two logs you asked for.

Jerry

log.txt-
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shelby at 2009-05-26 17:21:56
WIN_XP Service Pack 2
System drive C: has 53 GB (69%) free of 76 GB
Total RAM: 1015 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:19 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Shelby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shelby.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ablyss.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409 ... sp?Ext=rpt
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: IEEventObj Class - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-790525478-1409082233-682003330-1009\..\Run: [Google Update] "C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-790525478-1409082233-682003330-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSIns ... 2101-27-28
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8735268923
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9058621421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9621 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1157407420.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1157483359.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1409082233-682003330-1009.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A69DD619-0385-4347-801D-781C09701BF2}]
IEEventObj Class - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2005-11-16 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-16 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5}]
Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2005-11-16 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2005-11-16 102400]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-06 29744]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintServer Diagnostic]
C:\Program Files\Print Server\PTP\PSDiagnostic.exe [2004-11-24 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-01-31 100056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-01-22 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2005-06-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2007-04-19 972320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
C:\PROGRA~1\802~1.11W\80211G~1.00\WlanCU.exe [2004-12-14 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2
"SDhelper"=2
"SBService"=2
"Pml Driver HPZ12"=3
"iPod Service"=3
"Apple Mobile Device"=2
"WZCSVC"=2
"SQLAgent$MICROSOFTBCM"=3
"QuickBooksDB17"=2
"QBFCService"=3
"QBCFMonitorService"=2
"mnmsrvc"=3
"MSSQL$MICROSOFTBCM"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\\MDR-9X05Z638FIO\shared\DM2000\DMLUpdt.exe"="\\MDR-9X05Z638FIO\shared\DM2000\DMLUpdt.exe:*:Enabled:DMLUpdt.exe"
"C:\Program Files\xerox\Network Scan\XrsUt12.exe"="C:\Program Files\xerox\Network Scan\XrsUt12.exe:*:Enabled:xrsut12"
"C:\WINDOWS\system32\xrsslm12.exe"="C:\WINDOWS\system32\xrsslm12.exe:*:Enabled:xrsslm12"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\WINDOWS\LMI66.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI66.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\WINDOWS\LMI25.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI25.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-26 17:21:56 ----D---- C:\rsit
2009-05-04 16:20:00 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-28 17:50:25 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-28 17:50:20 ----D---- C:\Program Files\Alwil Software
2009-04-27 16:16:56 ----SHD---- C:\Config.Msi
2009-04-27 16:03:53 ----D---- C:\Program Files\a-squared Free
2009-04-27 11:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-27 11:47:00 ----D---- C:\Program Files\SUPERAntiSpyware

======List of files/folders modified in the last 1 months======

2009-05-26 17:21:59 ----D---- C:\WINDOWS\Prefetch
2009-05-26 14:26:03 ----D---- C:\WINDOWS\Temp
2009-05-26 10:49:03 ----A---- C:\WINDOWS\system32\Fxxplfnt.tmp
2009-05-22 09:48:36 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-05-22 09:48:36 ----D---- C:\WINDOWS\system32\drivers
2009-05-22 09:48:36 ----D---- C:\WINDOWS\system32
2009-05-22 09:48:36 ----D---- C:\WINDOWS\Internet Logs
2009-05-22 09:47:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-22 09:47:06 ----D---- C:\WINDOWS
2009-05-22 09:41:16 ----SH---- C:\boot.ini
2009-05-22 09:41:16 ----A---- C:\WINDOWS\win.ini
2009-05-22 09:41:16 ----A---- C:\WINDOWS\system.ini
2009-05-22 09:18:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-06 09:06:54 ----SD---- C:\WINDOWS\Tasks
2009-05-04 16:23:29 ----HD---- C:\WINDOWS\inf
2009-05-04 16:20:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-04 16:20:00 ----RD---- C:\Program Files
2009-04-28 21:24:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-28 21:24:15 ----D---- C:\Program Files\Movie Maker
2009-04-28 21:11:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-28 21:10:26 ----SHD---- C:\WINDOWS\Installer
2009-04-28 21:08:51 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-04-28 21:08:47 ----D---- C:\WINDOWS\Help
2009-04-28 21:03:35 ----A---- C:\rollback.ini
2009-04-28 20:56:12 ----D---- C:\WINDOWS\system32\config
2009-04-28 17:38:00 ----SD---- C:\Documents and Settings\Shelby\Application Data\Microsoft
2009-04-28 09:25:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-28 09:25:32 ----D---- C:\Program Files\SpywareBlaster
2009-04-27 23:32:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-27 16:18:24 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-09-04 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-04 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-06-20 44288]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2006-12-08 68961]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MOSUMAC;MosChip 7830 USB-Ethernet Driver; C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2004-11-08 21760]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 np100;Network Everywhere Fast Ethernet 10/100 PC Card NT Driver; C:\WINDOWS\system32\DRIVERS\np100nd5.sys [2001-11-15 32589]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-09-15 108672]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-09-03 62592]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2005-08-30 36608]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51; C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-09-17 253440]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-01-21 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-06 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S4 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S4 QBCFMonitorService;QuickBooks Database Manager Service; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2007-04-19 20480]
S4 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S4 QuickBooksDB17;QuickBooksDB17; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S4 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]

-----------------EOF-----------------


info.txt-
info.txt logfile of random's system information tool 1.06 2009-05-26 17:22:22

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.9 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD LT 2009 - English-->C:\Program Files\AutoCAD LT 2009\Setup\Setup.exe /P {5783F2D7-7009-0409-0002-0060B0CE6BBA} /M ACADLT
Autodesk CAD Manager Tools-->MsiExec.exe /X{5783F2D7-0111-0409-0010-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk DWF Writer 3-->MsiExec.exe /I{AA7B1779-8E5C-4FDC-8207-8A4000786175}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL2.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Business Card Maker-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Business Card Maker\DeIsL1.isu" -c"C:\Program Files\Cosmi\Business Card Maker\_ISREG32.DLL"
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Design Manager 2000-->C:\WINDOWS\uninst.exe -fC:\DM2000\DeIsL2.isu -cC:\DM2000\_ISREG32.DLL
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
hp officejet 6100 series-->MsiExec.exe /X{12BB7942-1E1F-43D9-B441-4668C1629425}
hp officejet 6100 series-->rundll32 hpzcon07.dll,VendorJettison hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp officejet 6100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
IEEE 802.11g Wireless Cardbus/PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{29F15D3F-5B37-44DB-BB89-390B3AD1404E}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU2312.inf
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MGI PhotoSuite SE (Remove Only)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite SE\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Easy Assist-->MsiExec.exe /I{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MosChip 7830 USB-Ethernet Adapter Device-->MacUnInstall.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print Server Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
Privacy Guardian 4.1-->"C:\Program Files\Privacy Guardian\unins000.exe"
QuickBooks Pro 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe
USB-Ethernet Adapter Device-->MacUnInstall.exe
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xerox Network Scanner Utility2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81C9205D-3BC2-4059-A303-61405032A482}\Setup.exe" -l0x9 UNINSTALL:
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
ZoneAlarm Spy Blocker Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

=====HijackThis Backups=====

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Christmasville\Images\stg_drm.ocx [2009-04-18]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Christmasville\Images\armhelper.ocx [2009-04-18]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-18]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-04-18]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-04-18]
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-05-22]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » May 27th, 2009, 5:25 am

katana wrote:What problems are you having ?


It will help me diagnose the cause if you can answer the above :)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » May 27th, 2009, 5:47 pm

We have sites that on many occasions cannot be accessed by IE and/or Chrome. The screen replies with something like the site is not available, or site is down

AVG could do updates. We removed it and put on Avast.

Very hard to get anything to load. I have many troubles trying to download the anti virus programs and it took several attempts.

Cannot use the "regedit" command, screen goes black and if it does come back the regedit command does not execute. Sometimes the laptop resets.

Sometimes everything on the desktop disappears except the background picture.

Whenever I launch IE or Chrome; 2 processes are started not one as usual.

I have a file that maybe needed but I am not familar with it. The file that I am not familar with is "qernton.wyy" located in user/local settings. I have never heard of this extension and when I try to delete this file it pops back. sometimes it pops back with a longer file extension like .wyyxx

Hope this helps.

Thanks,
JB
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » May 28th, 2009, 5:41 am

jb1111 wrote:Hope this helps.

It does :)


Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » May 29th, 2009, 3:24 pm

OK, here is what happened.

I tried to update Antimalware and it didn't work. I got a pop-up stating the computer is not connected to the internet. This is the same pop-up I have had many times when trying to install or update anti-virus software. I ran the version of Antimalware I have and it didn't find anything. I can't post the results as the laptop is hung up as described below.

I loaded ComboFix and when it started to run I got a shutdown pop-up. I didn't get to copy the verbage of the message but it didn't appear to cause a shutdown, ComboFix kept running. ComboFix stopped at stage 50 and was deleting some files.

Here are the files it was deleting-
qerntom.wyy
windows\system32\Packet.dll
windows\system32\PthreadVC.dll
windows\system32\WanPacket.dll
there was one more but I didn't have enough time to capture the name.

I noticed the qerntom.wyy file was one of them. It stayed on the screen for a little bit. (I was wondering if it was having troubles with the qerntom file as when I tried to delete it manually in the past it rebuilds itself). Well after a few minutes ComboFix reported it was going to restart the laptop. It has now been a few hours and the screen shows "Windows is shutting down".

Any ideas??

Thanks,
Jerry
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » May 29th, 2009, 5:32 pm

Please reboot the machine.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » May 29th, 2009, 5:52 pm

That helped, thank you.

Here are the logs

ComboFix-
ComboFix 09-05-28.07 - Shelby 05/29/2009 9:25.1 - NTFSx86
Running from: c:\documents and settings\Shelby\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Shelby\LOCALS~1\QERNTO~2.WYY
c:\program files\Trojan Guarder
c:\program files\Trojan Guarder\button.png
c:\program files\Trojan Guarder\fmon.sys
c:\program files\Trojan Guarder\pthreadVC2.dll
c:\program files\Trojan Guarder\rars.dll
c:\program files\Trojan Guarder\skin.png
c:\program files\Trojan Guarder\softhook.dll
c:\program files\Trojan Guarder\unrar.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-26 23:21 . 2009-05-26 23:22 -------- d-----w C:\rsit
2009-05-04 22:20 . 2009-05-04 22:23 -------- d-----w c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 16:49 . 2006-02-08 21:54 12576 ----a-w c:\windows\system32\Fxxplfnt.tmp
2009-05-22 15:20 . 2009-04-22 12:46 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-22 15:18 . 2009-03-16 23:06 375296 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-29 03:11 . 2006-01-31 19:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 03:08 . 2006-01-31 19:22 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-28 23:50 . 2009-04-28 23:50 -------- d-----w c:\program files\Alwil Software
2009-04-28 23:26 . 2009-04-27 22:03 -------- d-----w c:\program files\a-squared Free
2009-04-28 15:25 . 2006-12-12 18:33 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-28 15:25 . 2008-11-06 14:26 -------- d-----w c:\program files\SpywareBlaster
2009-04-27 22:17 . 2009-04-27 17:47 -------- d-----w c:\documents and settings\Shelly\Application Data\SUPERAntiSpyware.com
2009-04-27 22:17 . 2009-04-27 17:47 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 17:47 . 2009-04-27 17:47 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-24 20:11 . 2008-12-07 00:01 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-24 00:02 . 2009-04-23 23:49 -------- d-----w c:\documents and settings\Shelly\Application Data\MailFrontier
2009-04-22 15:56 . 2009-04-22 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-22 15:10 . 2009-04-22 15:10 0 ----a-w c:\windows\nsreg.dat
2009-04-22 14:11 . 2009-04-22 12:48 -------- d-----w c:\program files\AskBarDis
2009-04-22 12:38 . 2009-04-22 12:38 -------- d-----w c:\program files\Zone Labs
2009-04-22 04:14 . 2009-04-22 04:14 -------- d-----w c:\documents and settings\Shelby\Application Data\PC Tools
2009-04-22 04:10 . 2008-11-10 03:39 -------- d-----w c:\documents and settings\Shelly\Application Data\DataCast
2009-04-19 01:33 . 2006-01-31 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 01:21 . 2009-04-19 01:21 57344 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-533de0a7-n\Decora-SSE.dll
2009-04-19 01:21 . 2009-04-19 01:21 24064 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6bdf3afe-n\Decora-D3D.dll
2009-04-19 01:21 . 2009-04-19 01:21 315392 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6db6a46a-n\jogl.dll
2009-04-19 01:21 . 2009-04-19 01:21 20480 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6db6a46a-n\jogl_awt.dll
2009-04-19 01:21 . 2009-04-19 01:21 114688 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6db6a46a-n\jogl_cg.dll
2009-04-19 01:21 . 2009-04-19 01:21 20480 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3ea38a25-n\gluegen-rt.dll
2009-04-19 01:21 . 2009-04-19 01:21 499712 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33a166c9-n\msvcp71.dll
2009-04-19 01:21 . 2009-04-19 01:21 499712 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33a166c9-n\jmc.dll
2009-04-19 01:21 . 2009-04-19 01:21 348160 ----a-w c:\documents and settings\Shelby\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-33a166c9-n\msvcr71.dll
2009-04-19 01:21 . 2009-04-19 01:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 01:20 . 2006-03-15 20:51 -------- d-----w c:\program files\Java
2009-04-18 14:52 . 2009-04-18 14:52 -------- d-----w c:\documents and settings\Shelby\Application Data\Malwarebytes
2009-04-18 14:52 . 2009-04-18 14:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 14:36 . 2006-12-11 22:39 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-18 14:35 . 2009-04-18 14:35 -------- d-----w c:\documents and settings\Shelby\Application Data\Hewlett-Packard
2009-04-18 14:02 . 2009-04-18 14:02 -------- d-----w c:\program files\Trend Micro
2009-04-14 22:02 . 2009-04-14 21:55 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-14 21:55 . 2009-04-14 21:55 948311 ----a-w c:\program files\EFRCSetup.exe
2009-04-07 16:42 . 2006-01-31 20:37 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-06 21:32 . 2009-04-18 14:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 21:32 . 2009-04-18 14:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-08 10:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 10:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 10:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 10:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 10:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 10:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 10:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 10:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 10:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 10:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2006-12-07 01:06 . 2006-12-07 01:05 212849 ----a-w c:\program files\HijackThis.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 00:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-06 29744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"SDhelper"=2 (0x2)
"SBService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WZCSVC"=2 (0x2)
"SQLAgent$MICROSOFTBCM"=3 (0x3)
"QuickBooksDB17"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MSSQL$MICROSOFTBCM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"\\\\MDR-9X05Z638FIO\\shared\\DM2000\\DMLUpdt.exe"=
"c:\\Program Files\\xerox\\Network Scan\\XrsUt12.exe"=
"c:\\WINDOWS\\system32\\xrsslm12.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-06 29744]
R3 MOSUMAC;MosChip 7830 USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2004-11-09 21760]
R3 np100;Network Everywhere Fast Ethernet 10/100 PC Card NT Driver;c:\windows\system32\DRIVERS\np100nd5.sys [2001-11-15 32589]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-17 464264]
R4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - Ip6Fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NWCWorkstation
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - NWRDR
*Deregistered* - PartMgr
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPWD
*Deregistered* - RemoteRegistry
*Deregistered* - ROOTMODEM
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - Tosrfcom
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WudfPf
*Deregistered* - WudfSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4157407420.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

2006-12-07 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4157483359.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1409082233-682003330-1009.job
- c:\documents and settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 16:45]

2009-05-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-01-31 16:04]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ablyss.com/
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409 ... sp?Ext=rpt
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 15:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Privacy Guardian\Shredder\ShredderShellExtension.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-05-29 15:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 21:44
ComboFix2.txt 2006-12-07 19:53

Pre-Run: 55,546,880,000 bytes free
Post-Run: 55,781,339,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

357


Anitmalware-------
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

5/29/2009 9:14:49 AM
mbam-log-2009-05-29 (09-14-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 145412
Time elapsed: 37 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » May 30th, 2009, 4:31 pm

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » May 31st, 2009, 11:56 am

Katana,

ok Kaspersky found something, here is the log. I didn't see anything that shows if Kaspersky does anything with the Trojans other than identify. Was there anything I needed to direct Kaspersk to do??

Thanks,
Jerry

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 31, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 31, 2009 15:24:53
Records in database: 2285278
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
S:\

Scan statistics:
Files scanned: 56281
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:49:17


File name / Threat name / Threats count
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000d3f Infected: Trojan-Downloader.Win32.FraudLoad.eht 1
C:\Qoobox\Quarantine\C\DOCUME~1\Shelby\LOCALS~1\QERNTO~2.WYY.vir Infected: Trojan.Win32.Small.aarn 1

The selected area was scanned.
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » June 1st, 2009, 5:04 am

We need to repair some of windows' internal registration settings
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: Image)
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Image
  6. When the window looks like this, press the GO button in the bottom of the window.
    Image
  7. Exit/Close Dial-A-Fix




OTMoveIt
Please download OTM by OldTimer and save it to your desktop
  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
Code: Select all
:Processes
:Files
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000d3f
:Commands
[Purity]
[EmptyTemp]

  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • OTMoveIt Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » June 1st, 2009, 10:49 am

Katana,

When I launch IE it still starts 2 IE processes and the qerntom.wyy file still exists. It does appear I can download file easier but I am thinking that the 2nd IE processes that opens is some type of a tracking mechanism. What is your thoughts about this IE process?

Thanks again,
Jerry

Here is the log-

========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Shelby\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000d3f moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Shelby\LOCALS~1\Temp\IMG4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Shelby\LOCALS~1\Temp\~DF6504.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Shelby\LOCALS~1\Temp\~DFB158.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.0 log created on 06012009_082910

Files moved on Reboot...
File C:\DOCUME~1\Shelby\LOCALS~1\Temp\IMG4.tmp not found!
C:\DOCUME~1\Shelby\LOCALS~1\Temp\~DF6504.tmp moved successfully.
C:\DOCUME~1\Shelby\LOCALS~1\Temp\~DFB158.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4ec.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat moved successfully.

Registry entries deleted on Reboot...
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm

Re: trojan or spyware cannot remove

Unread postby Katana » June 2nd, 2009, 3:43 am

Please run Combofix again, and post the fresh log.




Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small export to notepad button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: trojan or spyware cannot remove

Unread postby jb1111 » June 3rd, 2009, 3:46 pm

Katana,

Ok here are the results of the 2 scans
Thanks,
Jerry

Combo Fix-
ComboFix 09-05-28.07 - Shelby 06/03/2009 8:34.2 - NTFSx86
Running from: c:\documents and settings\Shelby\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-02 20:47 . 2009-06-02 20:47 -------- d-----w c:\windows\system32\KB905474
2009-06-02 20:47 . 2009-03-11 04:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-02 20:47 . 2009-03-11 04:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-06-02 20:46 . 2009-06-02 20:46 -------- d-----w c:\program files\MSXML 6.0
2009-06-01 14:49 . 2009-06-02 13:52 -------- d-----w c:\windows\system32\CatRoot_bak
2009-06-01 14:47 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-06-01 14:47 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-01 14:47 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-01 14:47 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-01 14:46 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-01 14:44 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-06-01 14:29 . 2009-06-01 14:29 -------- d-----w C:\_OTM
2009-06-01 14:23 . 2009-06-03 14:38 -------- d-----w c:\windows\system32\CatRoot2
2009-05-29 22:01 . 2009-05-29 22:01 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 23:21 . 2009-05-26 23:22 -------- d-----w C:\rsit
2009-05-04 22:20 . 2009-05-04 22:23 -------- d-----w c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 14:38 . 2009-03-16 23:06 375296 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-03 14:31 . 2008-12-07 00:01 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-29 22:01 . 2009-04-18 14:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-26 19:20 . 2009-04-18 14:52 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-04-18 14:52 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 16:49 . 2006-02-08 21:54 12576 ----a-w c:\windows\system32\Fxxplfnt.tmp
2009-05-22 15:20 . 2009-04-22 12:46 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-29 03:11 . 2006-01-31 19:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 03:08 . 2006-01-31 19:22 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-28 23:50 . 2009-04-28 23:50 -------- d-----w c:\program files\Alwil Software
2009-04-28 23:26 . 2009-04-27 22:03 -------- d-----w c:\program files\a-squared Free
2009-04-28 15:25 . 2006-12-12 18:33 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-28 15:25 . 2008-11-06 14:26 -------- d-----w c:\program files\SpywareBlaster
2009-04-27 22:17 . 2009-04-27 17:47 -------- d-----w c:\documents and settings\Shelly\Application Data\SUPERAntiSpyware.com
2009-04-27 22:17 . 2009-04-27 17:47 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 17:47 . 2009-04-27 17:47 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-24 00:02 . 2009-04-23 23:49 -------- d-----w c:\documents and settings\Shelly\Application Data\MailFrontier
2009-04-22 15:56 . 2009-04-22 15:47 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-22 15:10 . 2009-04-22 15:10 0 ----a-w c:\windows\nsreg.dat
2009-04-22 14:11 . 2009-04-22 12:48 -------- d-----w c:\program files\AskBarDis
2009-04-22 12:38 . 2009-04-22 12:38 -------- d-----w c:\program files\Zone Labs
2009-04-22 04:14 . 2009-04-22 04:14 -------- d-----w c:\documents and settings\Shelby\Application Data\PC Tools
2009-04-22 04:10 . 2008-11-10 03:39 -------- d-----w c:\documents and settings\Shelly\Application Data\DataCast
2009-04-19 01:33 . 2006-01-31 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 01:21 . 2009-04-19 01:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 01:20 . 2006-03-15 20:51 -------- d-----w c:\program files\Java
2009-04-18 14:52 . 2009-04-18 14:52 -------- d-----w c:\documents and settings\Shelby\Application Data\Malwarebytes
2009-04-18 14:36 . 2006-12-11 22:39 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-18 14:35 . 2009-04-18 14:35 -------- d-----w c:\documents and settings\Shelby\Application Data\Hewlett-Packard
2009-04-18 14:02 . 2009-04-18 14:02 -------- d-----w c:\program files\Trend Micro
2009-04-14 22:02 . 2009-04-14 21:55 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-14 21:55 . 2009-04-14 21:55 948311 ----a-w c:\program files\EFRCSetup.exe
2009-04-07 16:42 . 2006-01-31 20:37 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 10:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 10:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 10:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 10:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 10:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 10:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 10:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 10:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 10:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 10:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2006-12-07 01:06 . 2006-12-07 01:05 212849 ----a-w c:\program files\HijackThis.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-05-29_21.39.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 22:45 . 2008-09-30 22:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-06-03 14:39 . 2009-06-03 14:39 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2009-06-03 14:39 . 2009-06-03 14:39 16384 c:\windows\Temp\Perflib_Perfdata_534.dat
+ 2006-01-31 19:21 . 2008-10-16 20:09 43544 c:\windows\system32\wups2.dll
+ 2006-01-31 00:44 . 2008-10-16 20:08 34328 c:\windows\system32\wups.dll
+ 2006-01-31 00:44 . 2008-10-16 20:09 51224 c:\windows\system32\wuauclt.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\utilman.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2008-10-22 09:47 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2009-06-01 14:37 . 2008-10-16 20:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-01 14:37 . 2008-10-16 20:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\narrator.exe
+ 2006-01-31 00:42 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2006-01-31 00:42 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 72704 c:\windows\system32\magnify.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
+ 2006-09-04 20:27 . 2004-10-08 01:16 35840 c:\windows\system32\drivers\AFS2K.SYS
+ 2006-01-31 00:44 . 2008-10-16 20:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2006-01-31 00:44 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-04 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-04 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
+ 2006-01-31 00:42 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2006-01-31 00:42 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2006-01-31 00:42 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-04 12:00 . 2008-10-16 20:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-01-31 00:42 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 12:00 . 2008-10-16 20:09 92696 c:\windows\system32\cdm.dll
+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_PerfCounter.dll
+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_mscorsn.dll
+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_CORPerfMonExt.dll
+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_PerfCounter.dll
+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_mscorsn.dll
+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_CORPerfMonExt.dll
+ 2009-06-02 13:55 . 2009-06-02 13:55 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2005-05-17 00:25 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2006-01-31 00:44 . 2008-10-16 20:13 202776 c:\windows\system32\wuweb.dll
+ 2006-01-31 00:44 . 2008-10-16 20:12 323608 c:\windows\system32\wucltui.dll
+ 2006-01-31 00:44 . 2008-10-16 20:12 561688 c:\windows\system32\wuapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2006-01-31 00:42 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-01-31 00:42 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-01-31 00:42 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-04 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 215552 c:\windows\system32\osk.exe
+ 2004-08-04 12:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
+ 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-01-31 00:44 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2006-01-30 17:32 . 2009-06-02 20:55 386408 c:\windows\system32\FNTCACHE.DAT
- 2006-01-30 17:32 . 2009-01-22 15:26 386408 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-04 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2006-01-31 00:44 . 2008-10-16 20:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-01-31 00:44 . 2008-10-16 20:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-01-31 00:44 . 2008-10-16 20:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2006-01-31 00:42 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2006-01-31 00:42 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2006-01-31 00:42 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 12:00 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2006-01-31 00:42 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2006-01-31 00:44 . 2004-08-04 12:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2006-01-31 00:44 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-01-31 00:44 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2006-01-31 00:42 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 12:00 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 100352 c:\windows\system32\6to4svc.dll
+ 2004-08-04 12:00 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_msvcr71.dll
+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_mscorjit.dll
+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_fusion.dll
+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_aspnet_isapi.dll
+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_msvcr71.dll
+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_mscorjit.dll
+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_fusion.dll
+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_aspnet_isapi.dll
+ 2009-06-01 14:44 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-01 14:47 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-06-01 14:46 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 22:42 . 2008-09-30 22:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2006-01-31 00:44 . 2008-10-16 20:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-04 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 02:06 . 2008-08-30 02:06 1350664 c:\windows\system32\msxml6.dll
+ 2008-09-30 22:43 . 2008-09-30 22:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2006-01-31 00:44 . 2008-10-16 20:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-04 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_mscorwks.dll
+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_mscorsvr.dll
+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3848\_mscorlib.dll
+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_mscorwks.dll
+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_mscorsvr.dll
+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1200\_mscorlib.dll
+ 2009-06-01 14:47 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-06-01 14:47 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-06-01 14:46 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-06-01 14:47 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 00:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-06 29744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"SDhelper"=2 (0x2)
"SBService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WZCSVC"=2 (0x2)
"SQLAgent$MICROSOFTBCM"=3 (0x3)
"QuickBooksDB17"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MSSQL$MICROSOFTBCM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"\\\\MDR-9X05Z638FIO\\shared\\DM2000\\DMLUpdt.exe"=
"c:\\Program Files\\xerox\\Network Scan\\XrsUt12.exe"=
"c:\\WINDOWS\\system32\\xrsslm12.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-06 29744]
R3 MOSUMAC;MosChip 7830 USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2004-11-09 21760]
R3 np100;Network Everywhere Fast Ethernet 10/100 PC Card NT Driver;c:\windows\system32\DRIVERS\np100nd5.sys [2001-11-15 32589]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-17 464264]
R4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - Ip6Fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NWCWorkstation
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - NWRDR
*Deregistered* - PartMgr
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPWD
*Deregistered* - RemoteRegistry
*Deregistered* - ROOTMODEM
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - Tosrfcom
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4157407420.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

2006-12-07 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4157483359.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]

2009-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1409082233-682003330-1009.job
- c:\documents and settings\Shelby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 16:45]

2009-06-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-01-31 16:04]

2009-06-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-02 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ablyss.com/
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409 ... sp?Ext=rpt
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 08:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2009-06-03 8:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 14:45
ComboFix2.txt 2009-05-29 21:44
ComboFix3.txt 2006-12-07 19:53

Pre-Run: 54,052,270,080 bytes free
Post-Run: 54,046,269,440 bytes free

516 --- E O F --- 2009-06-03 14:32



Active scan-
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-06-03 13:42:18
PROTECTIONS: 0
MALWARE: 8
SUSPECTS: 10
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Shelly\Cookies\shelly@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Shelly\Cookies\shelly@target[2].txt
00341115 Trj/Downloader.LOT Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP440\A0041451.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP466\A0043075.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP430\A0038463.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP430\A0039012.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP428\A0038229.sys
00820834 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\DOCUME~1\Shelby\LOCALS~1\QERNTO~2.WYY.vir
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP466\A0044028.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP470\A0044464.sys
03899005 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP466\A0043078.exe
03899005 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP430\A0039015.exe
03899005 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP430\A0038464.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location I
;===================================================================================================================================================================================
No C:\Documents and Settings\Shelby\Desktop\ComboFix.exe[32788R22FWJFW\n.com] I
No C:\Documents and Settings\Shelby\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] I
No C:\Program Files\AskBarDis\bar\bin\askPopStp.dll I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP439\A0041390.exe I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP466\A0044081.com I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP466\A0044083.com I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP470\A0044440.exe I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP470\A0044512.com I
No C:\System Volume Information\_restore{23E6D2DD-D386-4FEB-89B7-45A2C0C69B05}\RP470\A0044514.com I
No C:\WINDOWS\NIRCMD.exe I
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description I
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 I
184379 MEDIUM MS08-001 I
182046 HIGH MS07-067 I
182043 HIGH MS07-064 I
179553 HIGH MS07-061 I
176383 HIGH MS07-058 I
170907 HIGH MS07-046 I
170904 HIGH MS07-043 I
164915 HIGH MS07-035 I
164911 HIGH MS07-031 I
157262 HIGH MS07-022 I
157261 HIGH MS07-021 I
157260 HIGH MS07-020 I
157259 HIGH MS07-019 I
156477 HIGH MS07-017 I
150249 HIGH MS07-013 I
150248 HIGH MS07-012 I
150247 HIGH MS07-011 I
150243 HIGH MS07-008 I
150242 HIGH MS07-007 I
150241 MEDIUM MS07-006 I
141034 HIGH MS06-076 I
141033 MEDIUM MS06-075 I
137571 HIGH MS06-070 I
133387 MEDIUM MS06-065 I
133386 MEDIUM MS06-064 I
133385 MEDIUM MS06-063 I
133379 HIGH MS06-057 I
129977 MEDIUM MS06-053 I
129976 MEDIUM MS06-052 I
126093 HIGH MS06-051 I
126092 MEDIUM MS06-050 I
126087 HIGH MS06-046 I
126086 MEDIUM MS06-045 I
126082 HIGH MS06-041 I
126081 HIGH MS06-040 I
123421 HIGH MS06-036 I
123420 HIGH MS06-035 I
120825 MEDIUM MS06-032 I
120823 MEDIUM MS06-030 I
120818 HIGH MS06-025 I
120815 HIGH MS06-022 I
117384 MEDIUM MS06-018 I
114666 HIGH MS06-015 I
108744 MEDIUM MS06-008 I
108743 MEDIUM MS06-007 I
108742 MEDIUM MS06-006 I
104567 HIGH MS06-002 I
104237 HIGH MS06-001 I
96574 HIGH MS05-053 I
93395 HIGH MS05-051 I
93394 HIGH MS05-050 I
93454 MEDIUM MS05-049 I
;===================================================================================================================================================================================
jb1111
Regular Member
 
Posts: 23
Joined: May 22nd, 2009, 12:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 317 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware