Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackThis log file

Unread postby theresamisu » September 11th, 2009, 12:33 pm

My problem was that whenever I did a search for anything anti-virus related, my browser was hijacked to another site. this happened both in IE7, IE8, and Firefox. i believe i finally cleaned the virus (using TrendHouseCall, StopZilla, and WebRoot) but i'm not sure. I would like input on this logfile. I cleaned up all unnecessary programs, files, did a disk cleanup and defrag and have 50% free, but it's still running slow.

thanks!
LOGFILE:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:00 AM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Documents and Settings\TMW\Local Settings\Temporary Internet Files\Content.IE5\VQ8FFH0T\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0943702750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1607529152
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://www.mybizportal.net/dana-cached ... tupSP1.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2702.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TMW/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10633 bytes
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm
Advertisement
Register to Remove

Re: HiJackThis log file

Unread postby MWR 3 day Mod » September 14th, 2009, 3:11 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HiJackThis log file

Unread postby jmw3 » September 17th, 2009, 12:03 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 17th, 2009, 10:16 pm

three files you asked for. please let me know if this is not the format, i will re-post. thank you so much!
You do not have the required permissions to view the files attached to this post.
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby jmw3 » September 18th, 2009, 12:16 am

Hi

If I could ask you just to copy/paste the contents of the logs & post in your replies.
Thanks :)


C:\Documents and Settings\TMW\Local Settings\Temporary Internet Files\Content.IE5\VQ8FFH0T\HijackThis[1].exe
It appears as though you downloaded & ran HijackThis by clicking the Run button after downloading. You also appear to have HijackThis installed as it shows in the list of Installed programs. If i ask you to use HijackThis please use the installed version of the program.
For future reference, when downloading any programs I ask you to, please download them to your desktop by choosing Save File, and then selecting Desktop as the location.
If you are allowed to choose Run or Save, always choose Save. Choosing Run downloads and executes the process from temporary Internet files... and does not give you a desktop icon so you can run the program a second time.

Note about Stopzilla:
Stopzilla is quite a resource hog & to be honest, I wouldn't really recommend having it on your computer. It has been pushed by malware - which means, malware causes popups where it asks to install Stopzilla. This makes Stopzilla a questionable application. Your choice but personally I wouldn't touch it.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


If some programs listed are not present, please do not panic

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)


  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
New HijackThis log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 21st, 2009, 7:05 pm

combofix log:
ComboFix 09-09-20.04 - TMW 09/21/2009 17:48.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.236 [GMT -6:00]
Running from: c:\documents and settings\TMW\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\0101120101465154.xe
c:\windows\patch.exe
c:\windows\system32\drivers\Sonyhcp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER
-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-18 01:32 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-13 17:33 . 2009-09-13 17:33 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 17:27 . 2009-09-13 17:27 -------- d-----w- c:\program files\iPod
2009-09-13 17:27 . 2009-09-13 17:30 -------- d-----w- c:\program files\iTunes
2009-09-13 17:27 . 2009-09-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 17:18 . 2009-09-13 17:18 -------- d-----w- c:\program files\Bonjour
2009-09-13 17:15 . 2009-09-13 17:17 -------- d-----w- c:\program files\QuickTime
2009-09-11 01:23 . 2009-09-11 01:23 -------- d-----w- c:\program files\AVG
2009-09-11 01:21 . 2009-09-11 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 00:48 . 2009-09-11 00:48 -------- d-----w- c:\program files\MSSOAP
2009-09-11 00:47 . 2009-05-13 21:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-09-11 00:47 . 2009-09-11 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-09-11 00:47 . 2009-09-11 00:47 -------- d-----w- c:\program files\Webroot
2009-09-11 00:47 . 2009-09-11 00:47 -------- d-----w- c:\documents and settings\TMW\Application Data\Webroot
2009-09-10 23:13 . 2009-09-10 23:13 -------- d-----w- c:\documents and settings\TMW\Application Data\Malwarebytes
2009-09-10 23:13 . 2009-09-10 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 01:42 . 2009-09-11 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-10 01:41 . 2009-09-10 01:41 -------- d-----w- c:\program files\STOPzilla!
2009-09-10 01:41 . 2009-09-10 01:41 -------- d-----w- c:\program files\Common Files\iS3
2009-09-10 01:41 . 2009-09-21 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-10 01:18 . 2009-09-11 16:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-10 00:06 . 2009-09-10 00:06 -------- d-----w- c:\documents and settings\TMW\Local Settings\Application Data\Mozilla
2009-09-09 23:40 . 2009-09-11 02:19 -------- d-----w- c:\program files\webserver
2009-09-08 23:52 . 2009-09-08 23:52 -------- d-sh--w- c:\documents and settings\TMW\IECompatCache
2009-09-08 23:21 . 2009-09-08 23:38 3684 ----a-w- c:\windows\fs1234.dat
2009-09-08 13:30 . 2009-09-08 13:30 1 ---h--w- c:\windows\bk23567.dat
2009-09-04 01:34 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-04 01:34 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-03 00:10 . 2009-09-03 00:10 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 23:56 . 2009-09-21 23:56 1112 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-21 23:56 . 2009-09-21 23:56 416 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-09-21 23:25 . 2005-03-03 01:35 -------- d-----w- c:\program files\Java
2009-09-18 10:10 . 2008-08-09 14:42 -------- d-----w- c:\program files\MozyHome
2009-09-15 13:10 . 2008-11-28 21:55 -------- d-----w- c:\documents and settings\TMW\Application Data\Apple Computer
2009-09-13 17:27 . 2008-11-28 21:53 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 15:55 . 2005-04-27 02:57 -------- d-----w- c:\program files\Nero
2009-09-11 15:53 . 2009-04-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 00:42 . 2006-06-08 02:10 -------- d-----w- c:\program files\Trend Micro
2009-09-05 16:19 . 2005-03-10 18:49 73688 -c--a-w- c:\documents and settings\TMW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 01:42 . 2009-04-11 14:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 01:42 . 2008-11-28 21:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 12:58 . 2009-09-10 01:19 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-12 01:31 . 2009-05-10 15:36 -------- d-----w- c:\program files\Google
2009-08-12 01:10 . 2009-04-01 00:20 -------- d-----w- c:\program files\McAfee
2009-08-12 01:08 . 2006-05-24 22:50 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:23 . 2009-03-14 22:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 20:57 . 2009-07-20 20:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 20:56 . 2009-07-20 20:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 20:56 . 2009-07-20 20:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 21:52 . 2009-07-09 21:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 21:52 . 2009-07-09 21:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 21:51 . 2009-07-09 21:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 21:51 . 2009-07-09 21:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 21:51 . 2009-07-09 21:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 21:50 . 2009-07-09 21:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 21:50 . 2009-07-09 21:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 21:50 . 2009-07-09 21:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 21:47 . 2009-07-09 21:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
2009-06-26 16:50 . 2004-08-04 11:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 21:03 . 2008-08-09 14:42 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-24 11:18 . 2004-08-04 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2006-06-06 02:46 . 2006-06-06 02:46 88 --sh--r- c:\windows\SYSTEM32\84D9348185.sys
2006-06-06 02:46 . 2006-06-06 02:44 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 21:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-09-14 19:04 2847032 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-09-14 19:04 2847032 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\TMW\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-10 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-9-14 2891576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-4-16 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R0 szkg5;szkg;c:\windows\SYSTEM32\DRIVERS\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 mozyFilter;mozyFilter;c:\windows\SYSTEM32\DRIVERS\mozy.sys [8/9/2008 8:42 AM 54776]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [9/10/2009 6:49 PM 1205760]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\Wireless-G USB Network Adapter\WLService.exe [8/16/2005 6:26 PM 41025]
S1 Filter;Filter;\??\c:\windows\system32\drivers\Filter.sys --> c:\windows\system32\drivers\Filter.sys [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe --> c:\program files\webserver\webserver.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2005-03-10 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

2009-09-19 c:\windows\Tasks\wrSpySweeper_LA73C4EB8C59A42D7AB4EFD34E611F12B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-09-11 21:39]

2009-09-19 c:\windows\Tasks\wrSpySweeper_LA73C4EB8C59A42D7AB4EFD34E611F12B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-09-11 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TMW\Application Data\Mozilla\Firefox\Profiles\dwjhl18j.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
AddRemove-HijackThis - c:\documents and settings\TMW\Local Settings\Temporary Internet Files\Content.IE5\VQ8FFH0T\HijackThis.exe
AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 17:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\SST-73E4B678-A163-472C-AECB-AE1A1B7E5B08.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(616)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(1068)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Wireless-G USB Network Adapter\WUSB54G.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-21 18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 00:03

Pre-Run: 40,047,501,312 bytes free
Post-Run: 39,930,687,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

264 --- E O F --- 2009-09-19 03:20
------------------------------------------------
You asked for a new HiJackThis logfile, but told me previously only to do a scan and not to do a scan and create logfile so i do not have one. do you want me to run it again and create one now?

You also ask how things are running - i need some time on it to figure that out - couple of days. please dont close me out!

As for StopZilla - i have no affinity for the program but it was the only antivirus that i could get installed to clean enough of the virus out so i could get to other antivirus sites and forums such as yours. what would you recommend instead?

thanks!
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby jmw3 » September 21st, 2009, 10:55 pm

Hi
Yes... I wanted a new HijackThis log after you had completed ALL instructions.

As for StopZilla - i have no affinity for the program but it was the only antivirus that i could get installed to clean enough of the virus out so i could get to other antivirus sites and forums such as yours. what would you recommend instead?
I'll make some recommendations when you you're clean & ready to wrap this up :)
If you want to remove STOPzilla, you can do that via Add or Remove Programs.

CFScript
Delete the copy of ComboFix you have then download it again:
Link 1
Link 2

Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
DeQuarantine::
c:\windows\system32\drivers\Sonyhcp.dll
Driver::
Filter
webserver
Rootkit::
c:\windows\TEMP\SST-73E4B678-A163-472C-AECB-AE1A1B7E5B08.tmp
File::
c:\windows\fs1234.dat
c:\windows\bk23567.dat
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg
c:\windows\system32\drivers\Filter.sys
c:\windows\Tasks\ISP signup reminder 1.job
Folder::
c:\program files\webserver
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-
"53:TCP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"ddnsfilter"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.

If you have any problems with the Kaspersky Online Scan... it's been a bit hit & miss lately, then try this one:

ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
To post in next reply:
ComboFix log
Kaspersky Scan log (if it ran) or Eset Scan log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 23rd, 2009, 8:22 am

ComboFix 09-09-22.02 - TMW 09/22/2009 19:13.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.143 [GMT -6:00]
Running from: c:\documents and settings\TMW\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TMW\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FILE ::
"c:\windows\bk23567.dat"
"c:\windows\fs1234.dat"
"c:\windows\system32\drivers\Filter.sys"
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\kgpfr2.cfg"
"c:\windows\Tasks\ISP signup reminder 1.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\webserver
c:\windows\bk23567.dat
c:\windows\fs1234.dat
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg
c:\windows\Tasks\ISP signup reminder 1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILTER
-------\Legacy_WEBSERVER
-------\Service_Filter
-------\Service_webserver


((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-18 01:32 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-13 17:33 . 2009-09-13 17:33 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-13 17:27 . 2009-09-13 17:27 -------- d-----w- c:\program files\iPod
2009-09-13 17:27 . 2009-09-13 17:30 -------- d-----w- c:\program files\iTunes
2009-09-13 17:27 . 2009-09-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 17:18 . 2009-09-13 17:18 -------- d-----w- c:\program files\Bonjour
2009-09-13 17:15 . 2009-09-13 17:17 -------- d-----w- c:\program files\QuickTime
2009-09-11 01:23 . 2009-09-11 01:23 -------- d-----w- c:\program files\AVG
2009-09-11 01:21 . 2009-09-11 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-11 00:48 . 2009-09-11 00:48 -------- d-----w- c:\program files\MSSOAP
2009-09-11 00:47 . 2009-05-13 21:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-09-11 00:47 . 2009-09-11 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-09-11 00:47 . 2009-09-11 00:47 -------- d-----w- c:\program files\Webroot
2009-09-11 00:47 . 2009-09-11 00:47 -------- d-----w- c:\documents and settings\TMW\Application Data\Webroot
2009-09-10 23:13 . 2009-09-10 23:13 -------- d-----w- c:\documents and settings\TMW\Application Data\Malwarebytes
2009-09-10 23:13 . 2009-09-10 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 01:42 . 2009-09-11 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-10 01:41 . 2009-09-10 01:41 -------- d-----w- c:\program files\STOPzilla!
2009-09-10 01:41 . 2009-09-10 01:41 -------- d-----w- c:\program files\Common Files\iS3
2009-09-10 01:41 . 2009-09-23 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-10 01:18 . 2009-09-11 16:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-10 00:06 . 2009-09-10 00:06 -------- d-----w- c:\documents and settings\TMW\Local Settings\Application Data\Mozilla
2009-09-08 23:52 . 2009-09-08 23:52 -------- d-sh--w- c:\documents and settings\TMW\IECompatCache
2009-09-04 01:34 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-04 01:34 . 2009-06-26 16:50 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-03 00:10 . 2009-09-03 00:10 -------- d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 23:25 . 2005-03-03 01:35 -------- d-----w- c:\program files\Java
2009-09-18 10:10 . 2008-08-09 14:42 -------- d-----w- c:\program files\MozyHome
2009-09-15 13:10 . 2008-11-28 21:55 -------- d-----w- c:\documents and settings\TMW\Application Data\Apple Computer
2009-09-13 17:27 . 2008-11-28 21:53 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 15:55 . 2005-04-27 02:57 -------- d-----w- c:\program files\Nero
2009-09-11 15:53 . 2009-04-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 00:42 . 2006-06-08 02:10 -------- d-----w- c:\program files\Trend Micro
2009-09-05 16:19 . 2005-03-10 18:49 73688 -c--a-w- c:\documents and settings\TMW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 01:42 . 2009-04-11 14:27 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 01:42 . 2008-11-28 21:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-14 12:58 . 2009-09-10 01:19 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-12 01:31 . 2009-05-10 15:36 -------- d-----w- c:\program files\Google
2009-08-12 01:10 . 2009-04-01 00:20 -------- d-----w- c:\program files\McAfee
2009-08-12 01:08 . 2006-05-24 22:50 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:23 . 2009-03-14 22:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 20:57 . 2009-07-20 20:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 20:56 . 2009-07-20 20:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 20:56 . 2009-07-20 20:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 21:52 . 2009-07-09 21:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 21:52 . 2009-07-09 21:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 21:51 . 2009-07-09 21:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 21:51 . 2009-07-09 21:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 21:51 . 2009-07-09 21:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 21:50 . 2009-07-09 21:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 21:50 . 2009-07-09 21:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 21:50 . 2009-07-09 21:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 21:47 . 2009-07-09 21:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
2009-06-26 16:50 . 2004-08-04 11:00 666624 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2006-06-06 02:46 . 2006-06-06 02:46 88 --sh--r- c:\windows\SYSTEM32\84D9348185.sys
2006-06-06 02:46 . 2006-06-06 02:44 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-21_23.57.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 01:21 . 2009-09-23 01:21 16384 c:\windows\Temp\Perflib_Perfdata_678.dat
+ 2009-09-23 01:21 . 2009-09-23 01:21 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2005-03-10 18:29 . 2009-09-23 01:21 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-03-10 18:29 . 2009-09-21 23:55 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-03-10 18:29 . 2009-09-23 01:21 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-03-10 18:29 . 2009-09-21 23:55 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-03-10 18:29 . 2009-09-23 01:21 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2005-03-10 18:29 . 2009-09-21 23:55 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 21:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-09-14 19:04 2847032 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-09-14 19:04 2847032 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-03 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\TMW\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-10 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-9-14 2891576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-4-16 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R0 szkg5;szkg;c:\windows\SYSTEM32\DRIVERS\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 mozyFilter;mozyFilter;c:\windows\SYSTEM32\DRIVERS\mozy.sys [8/9/2008 8:42 AM 54776]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [9/10/2009 6:49 PM 1205760]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\Wireless-G USB Network Adapter\WLService.exe [8/16/2005 6:26 PM 41025]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TMW\Application Data\Mozilla\Firefox\Profiles\dwjhl18j.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(616)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(3180)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Wireless-G USB Network Adapter\WUSB54G.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZScanner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2009-09-23 19:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-23 01:32
ComboFix2.txt 2009-09-22 00:03

Pre-Run: 39,956,307,968 bytes free
Post-Run: 39,938,228,224 bytes free

236 --- E O F --- 2009-09-19 03:20




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=0449238b4870c24aaf9e5d0f342fc036
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-23 03:26:55
# local_time=2009-09-22 09:26:55 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=74480
# found=3
# cleaned=0
# scan_time=3468
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1617\A0066732.exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1617\A0066733.exe probably a variant of Win32/TrojanProxy.Small.NCJ trojan 00000000000000000000000000000000 I




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:58 AM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0943702750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1607529152
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://www.mybizportal.net/dana-cached ... tupSP1.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2702.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TMW/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10282 bytes
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby jmw3 » September 23rd, 2009, 9:19 am

Hi

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TMW/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg


  • Close all windows except Hijackthis and click
    Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
Reboot your computer.

How's the computer running now?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 23rd, 2009, 9:35 pm

Not good. I am now unable to connect to the Internet either wirelessly or thru hardline. Any way we erased by ISP settings?
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby theresamisu » September 23rd, 2009, 9:54 pm

seems to be better. however (although i know you dislike stopzilla) stopzilla is telling me i have infections. Webroot is also telling me this. should i clean them? do we have more to do?
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby jmw3 » September 24th, 2009, 2:18 am

Hi

When you say, "seems to be better", does that mean you now have your Internet connection back? What exactly are those two programs telling you? Do you have a file name/s or paths?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 24th, 2009, 8:24 am

internet connection is restored - unrelated problem. sorry, i thought i deleted that reply.
by "better" = is no longer being hijacked and is running a lot slower.
regarding the infections, it does not show me the entire path, but i can take a screen shot and attach, do you want me to do that?
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm

Re: HiJackThis log file

Unread postby jmw3 » September 24th, 2009, 9:46 am

Hi
by "better" = is no longer being hijacked and is running a lot slower.
Good to hear no longer being hijacked. Have a look here & follow the step outlined. See if it helps with the slow computer:
What to do if your Computer is running slowly

regarding the infections, it does not show me the entire path, but i can take a screen shot and attach, do you want me to do that?
My guess it is stuff quarantined by ComboFix, but sure, attach a screen shot & we'll have a look.

Could also run DDS again & post the logs.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: HiJackThis log file

Unread postby theresamisu » September 27th, 2009, 8:17 pm

it was better but is getting slower every day. i have not yet tried the link on what to do if computer running slowly, but will try to do it tonight (busy weekend).

i have attached a wordfile with the screenshots and here is another set of DDS log files:
------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2005 12:34:06 PM
System Uptime: 9/25/2009 7:13:29 PM (0 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 37.038 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1534: 6/27/2009 10:04:19 PM - System Checkpoint
RP1535: 6/28/2009 10:40:20 PM - System Checkpoint
RP1536: 6/29/2009 10:52:18 PM - System Checkpoint
RP1537: 6/30/2009 11:52:19 PM - System Checkpoint
RP1538: 7/2/2009 12:16:16 AM - System Checkpoint
RP1539: 7/3/2009 12:28:17 AM - System Checkpoint
RP1540: 7/4/2009 1:04:20 AM - System Checkpoint
RP1541: 7/5/2009 1:40:19 AM - System Checkpoint
RP1542: 7/6/2009 2:16:19 AM - System Checkpoint
RP1543: 7/7/2009 3:04:31 AM - System Checkpoint
RP1544: 7/8/2009 3:16:32 AM - System Checkpoint
RP1545: 7/9/2009 3:40:30 AM - System Checkpoint
RP1546: 7/10/2009 4:16:29 AM - System Checkpoint
RP1547: 7/12/2009 9:46:43 PM - System Checkpoint
RP1548: 7/13/2009 10:23:36 PM - System Checkpoint
RP1549: 7/14/2009 11:23:36 PM - System Checkpoint
RP1550: 7/15/2009 11:59:36 PM - System Checkpoint
RP1551: 7/17/2009 1:36:37 AM - System Checkpoint
RP1552: 7/17/2009 9:15:19 PM - Installed MozyHome Remote Backup
RP1553: 7/18/2009 9:47:36 PM - System Checkpoint
RP1554: 7/19/2009 9:27:01 AM - Software Distribution Service 3.0
RP1555: 7/20/2009 9:35:36 AM - System Checkpoint
RP1556: 7/21/2009 9:47:36 AM - System Checkpoint
RP1557: 7/22/2009 10:23:36 AM - System Checkpoint
RP1558: 7/23/2009 11:23:36 AM - System Checkpoint
RP1559: 7/24/2009 12:05:50 PM - System Checkpoint
RP1560: 7/25/2009 12:17:49 PM - System Checkpoint
RP1561: 7/26/2009 2:42:53 PM - System Checkpoint
RP1562: 7/27/2009 3:29:53 PM - System Checkpoint
RP1563: 7/28/2009 3:41:54 PM - System Checkpoint
RP1564: 7/29/2009 3:53:51 PM - System Checkpoint
RP1565: 7/30/2009 4:41:54 PM - System Checkpoint
RP1566: 7/31/2009 5:34:38 PM - System Checkpoint
RP1567: 8/1/2009 7:59:19 AM - Software Distribution Service 3.0
RP1568: 8/2/2009 8:17:58 AM - System Checkpoint
RP1569: 8/3/2009 9:29:55 AM - System Checkpoint
RP1570: 8/4/2009 10:05:55 AM - System Checkpoint
RP1571: 8/5/2009 11:41:55 AM - System Checkpoint
RP1572: 8/6/2009 11:53:56 AM - System Checkpoint
RP1573: 8/6/2009 5:16:07 PM - Software Distribution Service 3.0
RP1574: 8/6/2009 7:45:13 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1575: 8/7/2009 8:08:17 PM - System Checkpoint
RP1576: 8/8/2009 11:04:44 AM - Installed Windows Internet Explorer 8.
RP1577: 8/8/2009 11:05:33 AM - Software Distribution Service 3.0
RP1578: 8/9/2009 11:43:11 AM - System Checkpoint
RP1579: 8/10/2009 12:31:12 PM - System Checkpoint
RP1580: 8/11/2009 1:52:31 PM - System Checkpoint
RP1581: 8/11/2009 7:08:50 PM - Removed Google Gears
RP1582: 8/11/2009 7:10:02 PM - Removed McAfee VirusScan Enterprise
RP1583: 8/11/2009 7:12:55 PM - Removed Microsoft SQL Server Native Client
RP1584: 8/11/2009 7:17:32 PM - Removed Microsoft SQL Server Setup Support Files (English)
RP1585: 8/11/2009 7:18:08 PM - Removed Microsoft SQL Server VSS Writer
RP1586: 8/11/2009 7:19:11 PM - Removed Photo Click
RP1587: 8/11/2009 7:19:35 PM - Removed Photo Story 3 for Windows
RP1588: 8/12/2009 9:26:59 PM - System Checkpoint
RP1589: 8/14/2009 12:34:36 AM - System Checkpoint
RP1590: 8/15/2009 1:08:51 AM - System Checkpoint
RP1591: 8/16/2009 1:32:47 AM - System Checkpoint
RP1592: 8/17/2009 2:32:46 AM - System Checkpoint
RP1593: 8/18/2009 3:32:46 AM - System Checkpoint
RP1594: 8/19/2009 3:44:47 AM - System Checkpoint
RP1595: 8/20/2009 4:44:46 AM - System Checkpoint
RP1596: 8/21/2009 4:56:46 AM - System Checkpoint
RP1597: 8/22/2009 6:20:46 AM - System Checkpoint
RP1598: 8/23/2009 6:32:47 AM - System Checkpoint
RP1599: 8/24/2009 8:08:47 AM - System Checkpoint
RP1600: 8/25/2009 9:20:46 AM - System Checkpoint
RP1601: 8/26/2009 9:32:46 AM - System Checkpoint
RP1602: 8/27/2009 9:37:02 PM - Software Distribution Service 3.0
RP1603: 8/29/2009 12:34:54 PM - System Checkpoint
RP1604: 8/30/2009 2:02:35 PM - System Checkpoint
RP1605: 8/31/2009 2:14:35 PM - System Checkpoint
RP1606: 9/1/2009 2:50:35 PM - System Checkpoint
RP1607: 9/2/2009 3:14:36 PM - System Checkpoint
RP1608: 9/2/2009 8:03:53 PM - Installed Java(TM) 6 Update 16
RP1609: 9/2/2009 8:16:55 PM - Software Distribution Service 3.0
RP1610: 9/3/2009 6:37:26 PM - Software Distribution Service 3.0
RP1611: 9/4/2009 6:40:30 PM - System Checkpoint
RP1612: 9/5/2009 6:52:30 PM - System Checkpoint
RP1613: 9/6/2009 7:04:28 PM - System Checkpoint
RP1614: 9/7/2009 7:28:30 PM - System Checkpoint
RP1615: 9/9/2009 6:39:22 PM - System Checkpoint
RP1616: 9/9/2009 7:41:23 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1617: 9/10/2009 7:21:35 PM - Installed AVG Free 8.5
RP1618: 9/11/2009 8:46:39 AM - Avg8 Update
RP1619: 9/11/2009 9:07:11 AM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP1620: 9/11/2009 9:11:58 AM - Advanced Registry Optimizer Fri, Sep 11, 09 09:11
RP1621: 9/11/2009 9:27:20 AM - Removed AVG Free 8.5
RP1622: 9/11/2009 9:33:59 AM - Installed AVG Free 8.5
RP1623: 9/11/2009 9:48:38 AM - Removed Bonjour
RP1624: 9/11/2009 9:49:28 AM - Removed Dell Picture Studio v3.0
RP1625: 9/11/2009 9:52:30 AM - Removed McAfee Agent.
RP1626: 9/11/2009 9:53:48 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP1627: 9/11/2009 9:55:24 AM - Removed Nero - Burning Rom
RP1628: 9/12/2009 11:08:20 AM - System Checkpoint
RP1629: 9/16/2009 9:09:47 PM - System Checkpoint
RP1630: 9/17/2009 9:37:49 PM - System Checkpoint
RP1631: 9/18/2009 4:10:23 AM - Installed MozyHome Remote Backup
RP1632: 9/18/2009 9:18:27 PM - Software Distribution Service 3.0
RP1633: 9/19/2009 10:20:04 PM - System Checkpoint
RP1634: 9/20/2009 11:44:03 PM - System Checkpoint
RP1635: 9/21/2009 5:20:08 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP1636: 9/21/2009 5:21:56 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP1637: 9/21/2009 5:22:27 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP1638: 9/21/2009 5:22:56 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1639: 9/21/2009 5:23:28 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP1640: 9/21/2009 5:24:05 PM - Removed Java(TM) 6 Update 2
RP1641: 9/21/2009 5:24:35 PM - Removed Java(TM) 6 Update 3
RP1642: 9/21/2009 5:25:06 PM - Removed Java(TM) 6 Update 5
RP1643: 9/21/2009 5:25:36 PM - Removed Java(TM) 6 Update 7
RP1644: 9/22/2009 6:35:27 PM - System Checkpoint
RP1645: 9/23/2009 8:00:59 PM - System Checkpoint
RP1646: 9/24/2009 8:48:53 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Dell Driver Reset Tool
Dell System Restore
EPSON Printer Software
ESET Online Scanner v3
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 16
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.5.3)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
Napster
Napster Burn Engine
Pos Free Red Eye Wiz
PowerDVD 5.3
Primo
QuickTime
RealPlayer Basic
Red Eye Remover 1.9
Runtime
Safari
SBC Yahoo! Applications
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spy Sweeper Core
STOPzilla
tunebite version 1.2.0.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VGA USB Camera
Viewpoint Media Player
WebFldrs XP
Webroot AntiVirus with AntiSpyware
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
Wireless-G USB Adapter
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/23/2009 8:51:03 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00:23:6C:F0:D3:B4. Network operations on this system may be disrupted as a result.
9/22/2009 7:21:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/21/2009 5:55:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/21/2009 5:48:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/21/2009 5:44:39 PM, error: ssidrv [26] - Failed to set monitor event rule.
9/21/2009 5:38:47 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/21/2009 5:38:47 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
9/21/2009 5:38:47 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/21/2009 5:38:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Filter hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/21/2009 5:38:43 PM, error: Service Control Manager [7000] - The webserver service failed to start due to the following error: The system cannot find the file specified.
9/21/2009 5:36:03 PM, error: Service Control Manager [7034] - The WUSB54GSVC service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:03 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:02 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2009 5:36:01 PM, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:00 PM, error: Service Control Manager [7034] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:00 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:00 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:00 PM, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:36:00 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:35:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2009 5:35:55 PM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:35:55 PM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:35:55 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 5:24:18 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

DDS (Ver_09-09-24.01) - NTFSx86
Run by TMW at 19:32:20.20 on Fri 09/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.170 [GMT -6:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TMW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mDefault_Page_URL = hxxp://yahoo.sbc.com/dsl
mStart Page = hxxp://yahoo.sbc.com/dsl
mDefault_Search_URL = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
mSearch Page = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [IAAnotif] "c:\program files\intel\intel application accelerator\iaanotif.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [NapsterShell] "c:\program files\napster\napster.exe" /systray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\tmw\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/house ... hcImpl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v ... 0943702750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1607529152
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... wflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.mybizportal.net/dana-cached ... tupSP1.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax2702.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tmw\applic~1\mozilla\firefox\profiles\dwjhl18j.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-8-9 54776]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-9-10 1205760]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\wireless-g usb network adapter\WLService.exe [2005-8-16 41025]

=============== Created Last 30 ================

2009-09-25 19:14 744 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-22 20:26 <DIR> --d----- c:\program files\ESET
2009-09-21 17:46 <DIR> a-dshr-- C:\cmdcons
2009-09-21 17:45 229,888 a------- c:\windows\PEV.exe
2009-09-21 17:45 161,792 a------- c:\windows\SWREG.exe
2009-09-21 17:45 98,816 a------- c:\windows\sed.exe
2009-09-21 17:21 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-17 19:32 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-13 11:33 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-13 11:27 <DIR> --d----- c:\program files\iPod
2009-09-13 11:27 <DIR> --d----- c:\program files\iTunes
2009-09-13 11:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 11:18 <DIR> --d----- c:\program files\Bonjour
2009-09-10 19:23 <DIR> --d----- c:\program files\AVG
2009-09-10 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-10 18:48 <DIR> --d----- c:\program files\MSSOAP
2009-09-10 18:47 1,563,008 a------- c:\windows\WRSetup.dll
2009-09-10 18:47 <DIR> --d----- c:\program files\Webroot
2009-09-10 18:47 <DIR> --d----- c:\docume~1\tmw\applic~1\Webroot
2009-09-10 18:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-09-10 17:13 <DIR> --d----- c:\docume~1\tmw\applic~1\Malwarebytes
2009-09-10 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-09 19:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-09 19:41 <DIR> --d----- c:\program files\STOPzilla!
2009-09-09 19:41 <DIR> --d----- c:\program files\common files\iS3
2009-09-09 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-09 19:19 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-08 17:52 <DIR> --dsh--- c:\documents and settings\tmw\IECompatCache
2009-09-08 07:30 1 a------- c:\windows\fdgg34353edfgdfdf
2009-09-08 07:29 2 a------- c:\windows\0535251103110107106.yux
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-03 19:34 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-03 19:34 81,920 a------- c:\windows\system32\dllcache\ieencode.dll

==================== Find3M ====================

2009-09-21 17:31 73,688 ac------ c:\docume~1\tmw\applic~1\GDIPFONTCACHEV1.DAT
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-13 09:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-18 10:05 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 10:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 07:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-09 15:52 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-07-09 15:52 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-07-09 15:51 385,024 a----r-- c:\windows\system32\IS3UI5.dll
2009-07-09 15:51 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-07-09 15:51 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-07-09 15:50 225,280 a----r-- c:\windows\system32\IS3Win325.dll
2009-07-09 15:50 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-07-09 15:50 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-07-09 15:47 724,992 a----r-- c:\windows\system32\IS3Base5.dll
2009-07-03 11:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 11:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 11:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 11:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 11:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-01 01:08 101,376 a------- c:\windows\system32\dllcache\iecompat.dll
2006-07-04 11:32 3,331,878 ac------ c:\documents and settings\tmw\neoteris_read_3109534.reg
2006-06-09 14:29 3,330,338 ac------ c:\documents and settings\tmw\neoteris_read_672904.reg
2006-06-09 07:23 134 ac------ c:\documents and settings\tmw\neoteris_write_17131806.reg
2006-03-31 07:07 3,319,982 ac------ c:\documents and settings\tmw\neoteris_read_26611461.reg
2006-03-11 19:36 3,317,256 ac------ c:\documents and settings\tmw\neoteris_read_18916478.reg
2006-02-08 18:20 3,317,256 ac------ c:\documents and settings\tmw\neoteris_read_26143190.reg
2006-01-24 19:44 3,315,252 ac------ c:\documents and settings\tmw\neoteris_read_8889804.reg
2005-12-25 17:18 3,315,252 ac------ c:\documents and settings\tmw\neoteris_read_12926414.reg
2005-12-23 09:46 3,315,252 ac------ c:\documents and settings\tmw\neoteris_read_12888787.reg
2005-12-18 18:25 3,315,252 ac------ c:\documents and settings\tmw\neoteris_read_15054627.reg
2005-12-08 16:28 3,312,282 ac------ c:\documents and settings\tmw\neoteris_read_8970080.reg
2005-12-04 19:18 3,312,282 ac------ c:\documents and settings\tmw\neoteris_read_9194103.reg
2005-10-28 12:26 3,312,188 ac------ c:\documents and settings\tmw\neoteris_read_6227944.reg
2005-10-26 14:10 3,312,188 ac------ c:\documents and settings\tmw\neoteris_read_23885293.reg
2005-10-25 13:19 3,312,188 ac------ c:\documents and settings\tmw\neoteris_read_26664116.reg
2005-10-25 06:59 3,301,166 ac------ c:\documents and settings\tmw\neoteris_read_5298332.reg
2005-10-23 19:18 3,300,200 ac------ c:\documents and settings\tmw\neoteris_read_28470003.reg
2005-10-18 08:15 3,300,200 ac------ c:\documents and settings\tmw\neoteris_read_6175092.reg
2005-06-21 17:11 3,275,582 ac------ c:\documents and settings\tmw\neoteris_read_3753023.reg
2006-06-05 20:46 88 ---shr-- c:\windows\system32\84D9348185.sys
2006-06-05 20:46 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:33:27.84 ===============
You do not have the required permissions to view the files attached to this post.
theresamisu
Active Member
 
Posts: 10
Joined: September 11th, 2009, 12:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware