Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with trojans/browser hijacked (logs attached)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 11th, 2010, 9:47 am

I've been having persistent problems with trojans ever since my old lady was fooled into installing some bogus P2P software onto my computer a few months ago. Through another forum's help I was able to clean this infection and had my first clean scans in months. Turns out I had a combination of Base64.cod.class, AppleT.class, mouclass.sys.vir, and A0162804.sys trojans.

More recently both IE and Firefox have been hijacked. Anytime I do a google search and click on a link, it takes me to a completely different websites and random popus come up. My latest scan with Malwarebytes in XP safe mode demonstrated a Bloodhound.SONAR1 trojan which cleaned the infection but I'm still having issues with both IE and Firefox. Also I have no control over the sound of my computer. It stays at one volume (very loud) regardless of how I adjust the speaker volume unless I turn it off completely. I have not downloaded or installed any new software or visited any high-risk websites. Any guidance on removing this problem and keeping it from happening would be appreciated.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:26 AM, on 9/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Bsigojunehohic] rundll32.exe "C:\WINDOWS\iyixahowilo.dll",Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.15/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941266890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941259953
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9203 bytes







Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
a-squared Free 4.0
Avi2Dvd 0.5
AviSynth 2.5
BitComet 1.17
Bonjour
CDBurnerXP
Citrix Presentation Server Client
Comcast Access
Comcast Access
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell Resource CD
DivX Plus Web Player
Easy Video Joiner 5.21
ffdshow [rev 2844] [2009-03-30]
Google Update Helper
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 6.1.A
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Java(TM) 6 Update 21
jZip
K-Lite Mega Codec Pack 4.1.6
LiveUpdate 3.3 (Symantec Corporation)
Logitech QuickCam
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.8)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Opera 10.61
Picasa 3
Pro Evolution Soccer 2010
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
ResearchSoft Direct Export Helper
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Skype web features
Skype™ 4.1
SopCast 3.2.4
Symantec Endpoint Protection
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.2
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am
Advertisement
Register to Remove

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 11th, 2010, 11:42 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 1.17

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 12th, 2010, 1:32 am

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ryan at 2010-09-12 01:29:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 202 GB (68%) free of 295 GB
Total RAM: 3326 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:27 AM, on 9/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ryan\Desktop\RSIT.exe
C:\Program Files\trend micro\Ryan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Bsigojunehohic] rundll32.exe "C:\WINDOWS\iyixahowilo.dll",Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.15/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941266890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941259953
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9168 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-22 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-26 16132608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-09-24 98304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-07-08 115560]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"Bsigojunehohic"=C:\WINDOWS\iyixahowilo.dll [2008-04-13 200192]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2010-01-18 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-12 01:29:19 ----D---- C:\rsit
2010-09-07 07:09:41 ----D---- C:\Program Files\iPod
2010-09-07 07:09:40 ----D---- C:\Program Files\iTunes
2010-09-07 07:07:26 ----D---- C:\Program Files\QuickTime
2010-08-25 06:23:20 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-08-25 06:20:53 ----A---- C:\WINDOWS\system32\drivers\hidserv.dll

======List of files/folders modified in the last 1 months======

2010-09-12 01:29:27 ----D---- C:\Program Files\Trend Micro
2010-09-12 01:27:39 ----D---- C:\Program Files\BitComet
2010-09-12 00:05:52 ----D---- C:\Documents and Settings\Ryan\Application Data\vlc
2010-09-11 23:25:58 ----D---- C:\WINDOWS\temp
2010-09-11 22:33:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-11 20:29:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-11 11:37:22 ----D---- C:\WINDOWS\Prefetch
2010-09-11 09:29:31 ----SHD---- C:\WINDOWS\Installer
2010-09-11 09:29:31 ----SD---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2010-09-11 09:29:31 ----D---- C:\Config.Msi
2010-09-08 05:56:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-07 22:38:08 ----HD---- C:\WINDOWS\inf
2010-09-07 13:42:58 ----D---- C:\WINDOWS
2010-09-07 07:09:41 ----RD---- C:\Program Files
2010-09-07 07:09:41 ----D---- C:\Program Files\Common Files\Apple
2010-09-07 07:07:27 ----D---- C:\WINDOWS\system32
2010-09-07 07:06:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-06 06:46:59 ----D---- C:\Program Files\a-squared Free
2010-09-05 23:45:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-09-05 23:45:24 ----D---- C:\WINDOWS\system32\drivers
2010-09-05 20:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-09-03 17:15:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-29 00:39:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-14 08:51:12 ----D---- C:\Program Files\Opera
2010-08-13 01:09:56 ----D---- C:\Documents and Settings\Ryan\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-08-25 281648]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-08-25 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-09-03 188080]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-06-20 987904]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2007-06-20 268032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-02 4403712]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100911.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100911.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-09-03 26416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-06-20 731136]
S3 catchme;catchme; \??\C:\DOCUME~1\Ryan\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH; \??\C:\DOCUME~1\Ryan\LOCALS~1\Temp\_987F.tmp\FoxAwdWINFLASH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2008-06-09 18504]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\system32\DRIVERS\LVCD.sys [2001-09-24 38912]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-08-25 320560]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-11 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-16 1872320]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-08 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-08 108392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-22 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-09-17 1864888]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-09-17 2477304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2010-01-18 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-07-13 3093880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-09-17 341320]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-09-12 01:29:29

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}
Acrobat.com-->MsiExec.exe /I{2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Avi2Dvd 0.5-->C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Citrix Presentation Server Client-->MsiExec.exe /I{E89956F9-5B89-470E-818D-BD46102D0A01}
Comcast Access-->msiexec /qb /x {68D923E0-1244-0F60-6108-2B154B0462D0}
Comcast Access-->MsiExec.exe /I{68D923E0-1244-0F60-6108-2B154B0462D0}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -I*.INF
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"
ffdshow [rev 2844] [2009-03-30]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{27555031-A116-4EC6-9991-7B400142A936}\setup\hpzscr01.exe" -datfile hposcr08.dat
Intel(R) PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes-->MsiExec.exe /I{350FB27C-CF62-4EF3-AF9D-70FF313FE221}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
K-Lite Mega Codec Pack 4.1.6-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam-->MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Ogg Codecs 0.81.15562-->C:\Program Files\Xiph.Org\Ogg Codecs\uninst.exe
Opera 10.61-->MsiExec.exe /X{F07737AC-C218-4272-A678-26CA5F6CD8DF}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
ResearchSoft Direct Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.2.4-->C:\Program Files\SopCast\uninst.exe
Symantec Endpoint Protection-->MsiExec.exe /I{2EFCC193-D915-4CCB-9201-31773A27BC06}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Symantec Endpoint Protection

======System event log======

Computer Name: RYAN-152B8893EB
Event Code: 10010
Message: The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register with DCOM within the required timeout.

Record Number: 30712
Source Name: DCOM
Time Written: 20100801230951.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RYAN-152B8893EB
Event Code: 10010
Message: The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register with DCOM within the required timeout.

Record Number: 30711
Source Name: DCOM
Time Written: 20100801230921.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RYAN-152B8893EB
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 30708
Source Name: Tcpip
Time Written: 20100801222018.000000-240
Event Type: warning
User:

Computer Name: RYAN-152B8893EB
Event Code: 10010
Message: The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register with DCOM within the required timeout.

Record Number: 30700
Source Name: DCOM
Time Written: 20100801214501.000000-240
Event Type: error
User: RYAN-152B8893EB\Ryan

Computer Name: RYAN-152B8893EB
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0022758E2682. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 30663
Source Name: Dhcp
Time Written: 20100801104055.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: RYAN-152B8893EB
Event Code: 6
Message:


Could not scan 1 files inside f:\appz\GyPa.part1.rar due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servle ... mantec_ent


Record Number: 16883
Source Name: Symantec AntiVirus
Time Written: 20100719203558.000000-240
Event Type: warning
User:

Computer Name: RYAN-152B8893EB
Event Code: 6
Message:


Could not scan 1 files inside f:\appz\In_Living_Colour_-_S2_-_Episode_5.part2.rar due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servle ... mantec_ent


Record Number: 16882
Source Name: Symantec AntiVirus
Time Written: 20100719203544.000000-240
Event Type: warning
User:

Computer Name: RYAN-152B8893EB
Event Code: 6
Message:


Could not scan 1 files inside f:\appz\In_Living_Colour_-_S2_-_Episode_5.part1.rar due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servle ... mantec_ent


Record Number: 16881
Source Name: Symantec AntiVirus
Time Written: 20100719203544.000000-240
Event Type: warning
User:

Computer Name: RYAN-152B8893EB
Event Code: 6
Message:


Could not scan 1 files inside f:\appz\In_Living_Colour_-_S2_-_Episode_4.part3.rar due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servle ... mantec_ent


Record Number: 16880
Source Name: Symantec AntiVirus
Time Written: 20100719203544.000000-240
Event Type: warning
User:

Computer Name: RYAN-152B8893EB
Event Code: 6
Message:


Could not scan 1 files inside f:\appz\Children Of The Corn - Superbly Crunk.rar due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servle ... mantec_ent


Record Number: 16879
Source Name: Symantec AntiVirus
Time Written: 20100719203544.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\jZip;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 12th, 2010, 3:00 am

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [Bsigojunehohic] rundll32.exe "C:\WINDOWS\iyixahowilo.dll",Startup
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Once selected close all windows except HJT an click on Fix Checked

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 12th, 2010, 9:49 am

ComboFix 10-09-11.03 - Ryan 09/12/2010 9:22.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2521 [GMT -4:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ryan\Local Settings\Application Data\{F026C250-98D1-41EA-A090-8B742AAF609C}
c:\documents and settings\Ryan\Local Settings\Application Data\{F026C250-98D1-41EA-A090-8B742AAF609C}\chrome.manifest
c:\documents and settings\Ryan\Local Settings\Application Data\{F026C250-98D1-41EA-A090-8B742AAF609C}\chrome\content\_cfg.js
c:\documents and settings\Ryan\Local Settings\Application Data\{F026C250-98D1-41EA-A090-8B742AAF609C}\chrome\content\overlay.xul
c:\documents and settings\Ryan\Local Settings\Application Data\{F026C250-98D1-41EA-A090-8B742AAF609C}\install.rdf
c:\windows\iyixahowilo.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-12 05:29 . 2010-09-12 05:29 -------- d-----w- C:\rsit
2010-09-11 13:29 . 2010-09-11 13:29 388096 ----a-r- c:\documents and settings\Ryan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-07 11:09 . 2010-09-07 11:09 -------- d-----w- c:\program files\iPod
2010-09-07 11:09 . 2010-09-07 11:10 -------- d-----w- c:\program files\iTunes
2010-09-07 11:07 . 2010-09-07 11:07 -------- d-----w- c:\program files\QuickTime
2010-09-07 11:03 . 2010-09-07 11:03 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 15:09 . 2010-09-12 13:13 120 ----a-w- c:\windows\Omidisovuniwul.dat
2010-08-30 15:09 . 2010-09-12 04:36 0 ----a-w- c:\windows\Sloqij.bin
2010-08-25 10:20 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 05:29 . 2009-05-07 01:48 -------- d-----w- c:\program files\Trend Micro
2010-09-12 05:27 . 2009-02-28 15:04 -------- d-----w- c:\program files\BitComet
2010-09-12 04:05 . 2009-10-11 15:01 -------- d-----w- c:\documents and settings\Ryan\Application Data\vlc
2010-09-07 11:09 . 2009-02-28 04:29 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 10:46 . 2009-02-28 15:46 -------- d-----w- c:\program files\a-squared Free
2010-08-25 10:23 . 2010-08-25 10:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-08-25 10:23 . 2010-08-25 10:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-14 12:51 . 2009-02-28 11:20 -------- d-----w- c:\program files\Opera
2010-08-13 05:09 . 2009-10-11 14:16 -------- d-----w- c:\documents and settings\Ryan\Application Data\Skype
2010-08-09 14:00 . 2010-04-16 19:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-03 03:20 . 2010-08-03 03:20 503808 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\msvcp71.dll
2010-08-03 03:20 . 2010-08-03 03:20 499712 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\jmc.dll
2010-08-03 03:20 . 2010-08-03 03:20 348160 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\msvcr71.dll
2010-08-03 03:20 . 2010-08-03 03:20 61440 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-583d1d01-n\decora-sse.dll
2010-08-03 03:20 . 2010-08-03 03:20 12800 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-583d1d01-n\decora-d3d.dll
2010-08-02 01:32 . 2010-08-01 15:02 -------- d-----w- c:\program files\AimOne MP4 Cutter & Joiner
2010-07-31 15:35 . 2010-01-19 03:38 -------- d-----w- c:\program files\EndNote X3
2010-07-31 15:34 . 2010-01-19 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-07-31 15:34 . 2010-06-01 19:53 -------- d-----w- c:\documents and settings\Ryan\Application Data\Amazon
2010-07-31 15:26 . 2009-02-28 17:23 -------- d-----w- c:\program files\eMule
2010-07-26 05:14 . 2010-07-26 04:58 -------- d-----w- c:\program files\i2p
2010-07-26 04:59 . 2010-07-26 04:59 -------- d-----w- c:\documents and settings\Ryan\Application Data\I2P
2010-07-24 15:03 . 2010-07-24 15:03 -------- d-----w- c:\documents and settings\Ryan\Application Data\FFSJ
2010-07-14 21:58 . 2010-07-14 21:58 -------- d-----w- c:\program files\Common Files\Java
2010-07-14 21:58 . 2010-07-14 21:58 503808 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\msvcp71.dll
2010-07-14 21:58 . 2010-07-14 21:58 499712 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\jmc.dll
2010-07-14 21:58 . 2010-07-14 21:58 348160 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\msvcr71.dll
2010-07-14 21:58 . 2010-07-14 21:58 61440 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55e72882-n\decora-sse.dll
2010-07-14 21:58 . 2010-07-14 21:58 12800 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55e72882-n\decora-d3d.dll
2010-07-14 21:58 . 2009-04-05 11:40 -------- d-----w- c:\program files\Java
2010-07-07 12:12 . 2009-02-28 03:54 54576 ----a-w- c:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-22 08:36 . 2010-07-14 21:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-22 00:23 . 2010-06-22 00:24 53632 ----a-w- c:\documents and settings\Ryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-22 00:23 . 2009-11-10 04:26 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-18 14:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24096:TCP"= 24096:TCP:BitComet 24096 TCP
"24096:UDP"= 24096:UDP:BitComet 24096 UDP

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2/28/2009 11:46 AM 1872320]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:12 AM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2010 2:49 PM 135664]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\Ryan\LOCALS~1\Temp\_987F.tmp\FoxAwdWINFLASH.sys --> c:\docume~1\Ryan\LOCALS~1\Temp\_987F.tmp\FoxAwdWINFLASH.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/11/2009 11:48 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:49]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:49]

2010-07-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.15/uploader2.cab
FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\abtpprf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - plugin: c:\documents and settings\Ryan\Application Data\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Bsigojunehohic - c:\windows\iyixahowilo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 09:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-09-12 09:31:11
ComboFix-quarantined-files.txt 2010-09-12 13:30
ComboFix2.txt 2010-07-13 23:14

Pre-Run: 211,246,858,240 bytes free
Post-Run: 211,606,114,304 bytes free

- - End Of File - - AAFCEC3DC06481199B45EDAD887F2A6B









Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:14 AM, on 9/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.15/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941266890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941259953
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 8737 bytes
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 12th, 2010, 6:18 pm

Thanks for all of your help so far. My system still seems infected by the way
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 13th, 2010, 3:37 am

My system still seems infected by the way


Please give me an update on what problems remain after doing the following.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\Omidisovuniwul.dat
    c:\windows\Sloqij.bin
    
    Folder::
    c:\program files\BitComet
    c:\program files\eMule
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24096:TCP"=- 
    "24096:UDP"=-
     
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 13th, 2010, 10:04 pm

Latest log attached below:

ComboFix 10-09-13.01 - Ryan 09/13/2010 21:39:34.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2610 [GMT -4:00]
Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ryan\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\Omidisovuniwul.dat"
"c:\windows\Sloqij.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitComet
c:\program files\BitComet\archive\004e7010cfec6973fc87191e5bff6671586ca513.torrent
c:\program files\BitComet\archive\005c9f9d07dd65f45bfbd281e52696ccfd806fa6.torrent
c:\program files\BitComet\archive\00c2f5931b88762bc9d741d82b1c546a402cdf77.torrent
c:\program files\BitComet\archive\0145739823d825cc3116e701390b8bf07df60c99.torrent
c:\program files\BitComet\archive\01ac4d33c9653e02bb0b3c162a3cc081b3bfd3e9.torrent
c:\program files\BitComet\archive\01ed0f3ed5a449f25f423359adfb5e4bd724d54e.torrent
c:\program files\BitComet\archive\0227201c6a423ff29ced7fe810ae975759085cac.torrent
c:\program files\BitComet\archive\032795d58b5734d742f7743080a937269e1b3023.torrent
c:\program files\BitComet\archive\0514d60ad841018d3d7b8165be01ab8241be65eb.torrent
c:\program files\BitComet\archive\05e83b4c50ebca608bcf4ec486d1ec61319710f6.torrent
c:\program files\BitComet\archive\08ee36083852669e2f65a36b6e5454dc7bd4e2a3.torrent
c:\program files\BitComet\archive\09bb40d0c2b724c7d78f5e759a77144ed03ae0ba.torrent
c:\program files\BitComet\archive\0a6b9d2d5ccdacfe9d7e3b06e7eef53e2fcf5910.torrent
c:\program files\BitComet\archive\0b0645368453b317dc4d653190ef17ccd7db0e79.torrent
c:\program files\BitComet\archive\0bd07722e2dc2838f9aaba471d8c8d62dbe790c4.torrent
c:\program files\BitComet\archive\0dbffc5a2868b38adb07fdee95940eb173b44492.torrent
c:\program files\BitComet\archive\0e67d73116b4a034542a8faa8f56be95ce945709.torrent
c:\program files\BitComet\archive\0f42215288702444e402f754d851b63d0ba27d80.torrent
c:\program files\BitComet\archive\0f7781a6244d8f62a1b19503c30546d7c1920f93.torrent
c:\program files\BitComet\archive\1150bd0aa70809e99a3ea30e4445f20d256e8c3a.torrent
c:\program files\BitComet\archive\117f0b73092b55beca260d2ac4448faa7ed95ecf.torrent
c:\program files\BitComet\archive\119742ff27e4caba8ab5d9961509b99c15fba047.torrent
c:\program files\BitComet\archive\12083261de78015f663ec61cd03b9090d6bef643.torrent
c:\program files\BitComet\archive\12c5074f1980aae0779d4d9f19ef36aec8bc6f0b.torrent
c:\program files\BitComet\archive\133d6b7c98421a5cfbc8e0923f5478bb166f5e5e.torrent
c:\program files\BitComet\archive\133fe64c1678e617f02519632396d1fda332e286.torrent
c:\program files\BitComet\archive\147db77a58827eb61b4309fb69efec30163486ab.torrent
c:\program files\BitComet\archive\14996223a29842613f15856f16143867812a4a2d.torrent
c:\program files\BitComet\archive\14cf5e2f98fc0e84730685014a64d4371fba811d.torrent
c:\program files\BitComet\archive\14f32ca27390224504e87702101b7d63597d4a49.torrent
c:\program files\BitComet\archive\151180e0331903f6efee2aa650e8251d39fbd099.torrent
c:\program files\BitComet\archive\1524317baa06140c2714701a9e4e1fbffe5a96ee.torrent
c:\program files\BitComet\archive\15f6f6c0f2dff9b07a46923538e0632729f657ca.torrent
c:\program files\BitComet\archive\17dabf8e7663c439e63388621358d39e7586d0f2.torrent
c:\program files\BitComet\archive\1800e1543b38deca47abaf6bf080a52ca7cb8c50.torrent
c:\program files\BitComet\archive\18dbecd52b2fe02cd98d8d97c659482a68e72f28.torrent
c:\program files\BitComet\archive\18dca780daf0bf3822f407bf26d1c322d1387e4f.torrent
c:\program files\BitComet\archive\19f619977ca8e5f7f0c04e76b939ecfb89861050.torrent
c:\program files\BitComet\archive\1a20b0b55834d86ef475f0e1647469837aec5918.torrent
c:\program files\BitComet\archive\1a732238fd0eb33836372074c4042f5c6acf07d6.torrent
c:\program files\BitComet\archive\1ad698695829d2add416d70fff7a41cd0cbb6a5e.torrent
c:\program files\BitComet\archive\1af59ec22998b92908b9ac3ce635651313235fdb.torrent
c:\program files\BitComet\archive\1b3f75449a901a0fee88e57f593c7be575fd534a.torrent
c:\program files\BitComet\archive\1d6bf6979c325b5bb19760d48016ebe3528c45cf.torrent
c:\program files\BitComet\archive\1e629ee9294493c627e338d9a5765c81ad75e62d.torrent
c:\program files\BitComet\archive\1eae7b41afb2ceef1785a23399e5079316f3c732.torrent
c:\program files\BitComet\archive\1ec0f6cb24103db0285f28a58183b3af0cef76a7.torrent
c:\program files\BitComet\archive\223a19c317f9274ed20deb991d490859558aa4c5.torrent
c:\program files\BitComet\archive\23a52c1f7ac47050fb5d7c953819d519f3ae055a.torrent
c:\program files\BitComet\archive\273a52d5b6ab593f0bea5220da9548627fc4ad1e.torrent
c:\program files\BitComet\archive\28157449d3c644b5903d2806b46c3015977458da.torrent
c:\program files\BitComet\archive\287732771d9bd29f331915f10156d9db67e0a8ae.torrent
c:\program files\BitComet\archive\288eb1eb58e4effefaae8b507f1e2fc6373f10e2.torrent
c:\program files\BitComet\archive\29ab507b4219007822b7c44333f69e0685fb5b34.torrent
c:\program files\BitComet\archive\2b286d8204a0b747e6691d17819ca7112a20122e.torrent
c:\program files\BitComet\archive\2b5f2420d36976c3d9814008c7332556cd176fa3.torrent
c:\program files\BitComet\archive\2c3d4c8113eb6d0a1f8519de465f018ae5664020.torrent
c:\program files\BitComet\archive\2e890d3210a00f32e03340648a04ae1a8425d07e.torrent
c:\program files\BitComet\archive\2e90c718d81b65403c7cbb2452db87fd3d8d8be3.torrent
c:\program files\BitComet\archive\2ee365fc2c14ceb37604889a78293181f52c01d4.torrent
c:\program files\BitComet\archive\2f49b11a82bb78254f7e165c9413fbbe5e3b7aaa.torrent
c:\program files\BitComet\archive\2ffb577048f3397f346397ae4cb98760b3f76bc3.torrent
c:\program files\BitComet\archive\3138852b69c3d5e8fe583407cf1f40be4917f0c8.torrent
c:\program files\BitComet\archive\31ab0e68083c9f1d154b0d00b7d6edd85c3470af.torrent
c:\program files\BitComet\archive\3275a117807ba2217de4c47787fcc61f9fd40ace.torrent
c:\program files\BitComet\archive\363e17c4cf72c3a37bff20269c7d345c64685035.torrent
c:\program files\BitComet\archive\3645c4c0bd81240341cbad1a47622c6d660b72c2.torrent
c:\program files\BitComet\archive\36eea7137adaacf18ffeec37208502fa59c16c05.torrent
c:\program files\BitComet\archive\37cddf681a5fbe396e7e8e86f4e90b9a56598cf1.torrent
c:\program files\BitComet\archive\38127fc30fd147f0e78d6ffcf8cea6233e7dd3f5.torrent
c:\program files\BitComet\archive\38643a1195094e74c75648bdaf4b8d3d407fb26e.torrent
c:\program files\BitComet\archive\389a6e818c4586c9a69101e83cf7d8aa78726a19.torrent
c:\program files\BitComet\archive\38d1a7580380ef7f9103b116d337576ee6713830.torrent
c:\program files\BitComet\archive\390756020ad67b989e3d48e99f8b5ffd4d2f9b2c.torrent
c:\program files\BitComet\archive\3b6cf4f74366114a04e854bae146905077b623b2.torrent
c:\program files\BitComet\archive\3c74c30d5f1b3326d9285de2ed7a8949696537c1.torrent
c:\program files\BitComet\archive\3d6d9712a1c9aa046ad33eae2b28167e71798654.torrent
c:\program files\BitComet\archive\3d9d8665a5f58032e98e06509837695de4355aa4.torrent
c:\program files\BitComet\archive\3e612571e957c8ad84562b673d84d5fc22eb6c42.torrent
c:\program files\BitComet\archive\40561342a5ea806824624f6d238cdcf47360f0ba.torrent
c:\program files\BitComet\archive\40a062b82a238c7ed83788aec102b03000f55687.torrent
c:\program files\BitComet\archive\41fc6f17ca5f5cb5d17488da2982dc0f95608d80.torrent
c:\program files\BitComet\archive\425ca91636689e16fa9971bd87dde08ac7b75d5e.torrent
c:\program files\BitComet\archive\4292a7bb5a7a65d1715109d1951321fba466deec.torrent
c:\program files\BitComet\archive\442aee07ec5d38b6dfed59c2b353c9a0b380df5b.torrent
c:\program files\BitComet\archive\444fa6a29f937305cde6c3d0e3bd842db2488901.torrent
c:\program files\BitComet\archive\44746d47274913edb02adccdbce06ff5c34baee1.torrent
c:\program files\BitComet\archive\447a968685449e63b7fe5a27a791e7505ed2d2b9.torrent
c:\program files\BitComet\archive\44cffa6b46d0ed484f30d551f083a3b8092915c2.torrent
c:\program files\BitComet\archive\45659237bee1263867f4c8cbdfbf1e72318e47c2.torrent
c:\program files\BitComet\archive\45b549ff1b601d92026794f31b4d5b3765c94865.torrent
c:\program files\BitComet\archive\4761ebf8eb72c2fd16e769c0db790e19642901e2.torrent
c:\program files\BitComet\archive\47d7b1a72c872441c53d8d50a08de577af315a80.torrent
c:\program files\BitComet\archive\47fd529e16feb130cf389c6b8b5830108ad71097.torrent
c:\program files\BitComet\archive\49531edcb74db05645981f47019d28242704f1a8.torrent
c:\program files\BitComet\archive\4ae9e4f6d693241705379e23b5fbaf5a742b1fff.torrent
c:\program files\BitComet\archive\4b9144ea4d5a0c4da03065aeb9104bcef844e542.torrent
c:\program files\BitComet\archive\4be8693b5a2639bd2f280675dbe6009ff42bf094.torrent
c:\program files\BitComet\archive\4c52d186674af10ea8970b9d5f7b2003b02fec49.torrent
c:\program files\BitComet\archive\4c7ad62cd338273d63c5e35a7923ef3792b9fbd9.torrent
c:\program files\BitComet\archive\4cec2446d1a2203532352958c93e2b7d6b8a7cd3.torrent
c:\program files\BitComet\archive\4d10b00d7701be40f2004d4eb2b17a2d341237e9.torrent
c:\program files\BitComet\archive\4e2a052ee8751d05dbe630f12f5632ac21f1a9f9.torrent
c:\program files\BitComet\archive\4e336b621016d012b549a1930619d5ac9ac7e302.torrent
c:\program files\BitComet\archive\4f021dcd1653c3af8d087fa615b4bfaffef0b586.torrent
c:\program files\BitComet\archive\4f14a508465d6ac668c65134e981c532192ba75e.torrent
c:\program files\BitComet\archive\4f40f67fa604e15c423fa39baae3ce65164df4ad.torrent
c:\program files\BitComet\archive\4f450c49c7ad74785788477be5721190d752f543.torrent
c:\program files\BitComet\archive\4fde21a3aa904ce7461e76d8d9ab4bca412d1d4d.torrent
c:\program files\BitComet\archive\506b4de17dd46b587beafe7ee81b2d73cfd0d1f2.torrent
c:\program files\BitComet\archive\508a72bd6b724f477c16262335d97a4c8df36f31.torrent
c:\program files\BitComet\archive\5172a533ab618a477cb6415bf0fa7ff86873dca6.torrent
c:\program files\BitComet\archive\521759dcbc8accb5c13267eea38dd6d094a53dfe.torrent
c:\program files\BitComet\archive\52d825a0c55f6087c59ff5f30f93de790495cbf3.torrent
c:\program files\BitComet\archive\548410a997f803e117c984c38f30ff83ba9df1fd.torrent
c:\program files\BitComet\archive\5546eded396fc8dfadb5025b5e083a5b0d5f59bb.torrent
c:\program files\BitComet\archive\55e70be9467975b1bd356b7c2474039e6d0e5aed.torrent
c:\program files\BitComet\archive\59542c889dc5bd7610666cc18c57f572e30b9d5a.torrent
c:\program files\BitComet\archive\59b6bd5fe9b69d13bb3ca8be09d9f6bbfcf149c4.torrent
c:\program files\BitComet\archive\5a464b39f63e1a4dec4b473e101d8d5301b4a70b.torrent
c:\program files\BitComet\archive\5a5a0c2f3ad26e7d506c89d6cf5f571a52c83c89.torrent
c:\program files\BitComet\archive\5a7125f36920a4dfbf824d83fa2a9f951c4da9b3.torrent
c:\program files\BitComet\archive\5b0471a50055e4eba5d22c5d2b356715310645d4.torrent
c:\program files\BitComet\archive\5b8278d6c803392e61d7ee88fb68bd9d7eeedfc6.torrent
c:\program files\BitComet\archive\5cdd6a2fdd3d9ed7c0c6dd463df211ccb79eec65.torrent
c:\program files\BitComet\archive\5e5f1b0c9a44c81df34449fb99dc2578d7e80790.torrent
c:\program files\BitComet\archive\6048921f58af7b5643d5c5047c19f051bf5f2c40.torrent
c:\program files\BitComet\archive\604eb93615cbe42124c8cfeeaf7527f43ee5da08.torrent
c:\program files\BitComet\archive\605d1d7003fc674a54abff16923463f2d07da6c9.torrent
c:\program files\BitComet\archive\60f651700e5b7862481d8e4af1ee3c087f98da0e.torrent
c:\program files\BitComet\archive\641d827c3875054ada794cb230682d6a1a5b818e.torrent
c:\program files\BitComet\archive\649b7110b963b86773e800f71b559d698a31a9c6.torrent
c:\program files\BitComet\archive\64ef254f6ae624b3437834aa14e35d59b9fc9725.torrent
c:\program files\BitComet\archive\6502031dce74ad35cd1d990289b688a1d5af31de.torrent
c:\program files\BitComet\archive\66100bda2359c14635086a92516516ab159930be.torrent
c:\program files\BitComet\archive\66ad3306a8988e8bb4a4fbd5123bed252af37100.torrent
c:\program files\BitComet\archive\67444df9f614ea5a9bacf629a4d47dd1b8020368.torrent
c:\program files\BitComet\archive\67c6f883abafd4b28d8a34a16154a55fc0a67ab8.torrent
c:\program files\BitComet\archive\682488acc49253a2eff16ab1754145aba0844d6c.torrent
c:\program files\BitComet\archive\685b4e34612cbb82532de80b8e982929d7c44fb7.torrent
c:\program files\BitComet\archive\693dbe75845c8fa89d23a282b4241abe3dd2e08d.torrent
c:\program files\BitComet\archive\69e2ae289963974a79fc5d3f90c088e286cf78cd.torrent
c:\program files\BitComet\archive\69f9ffd2ab3a8f92f545bf63da70f4d848daea1b.torrent
c:\program files\BitComet\archive\6b5ef6af361bf6f2e17929778742d696d51ec185.torrent
c:\program files\BitComet\archive\6bc3c7aa3a3fecdfb414b586f01ebaaa353b554c.torrent
c:\program files\BitComet\archive\6c49e48e8a941369992a624a034fcab6466b7980.torrent
c:\program files\BitComet\archive\6cc38832fbb1d2f69ed2f05054b532ae9bab1e72.torrent
c:\program files\BitComet\archive\6db21374e6a52b96df6f9a3ae6505bb6766cbee3.torrent
c:\program files\BitComet\archive\6fd3f8a08e9e8fca93e849760e27985172a97a32.torrent
c:\program files\BitComet\archive\712722d0cebcb902adea460f4fdac29d1ef00cf9.torrent
c:\program files\BitComet\archive\7335d4ecc5e7d9ac0ecd90c80663d59aa57ce63d.torrent
c:\program files\BitComet\archive\7381b933843a57fbe5b34bb8def3b6cfd080c3a7.torrent
c:\program files\BitComet\archive\74fb1c8dc4fcf103cb6f69edbfd6de028da9939c.torrent
c:\program files\BitComet\archive\75532f04c1b97159358318d6e6440d9851b36bb6.torrent
c:\program files\BitComet\archive\7589430f3af451212f6999626945affe6812e743.torrent
c:\program files\BitComet\archive\792d47402b54db16faa9ab1d9f0f8884cbcb6e1d.torrent
c:\program files\BitComet\archive\796b0fd8f9111857d66331df2d239247de1f5e3e.torrent
c:\program files\BitComet\archive\79fb10d31067184fb04b1f3f1437b95d50ba04ed.torrent
c:\program files\BitComet\archive\7a7a9958784301d4540b0e712f52355c8c5eb585.torrent
c:\program files\BitComet\archive\7b4acc2f122aa001c88c09a94055823d5b4885b9.torrent
c:\program files\BitComet\archive\7bb658421bfaff076793aee28bfe56a5bda54444.torrent
c:\program files\BitComet\archive\7c322fbadeccd2903c92be0902bc2a9fa6f9c848.torrent
c:\program files\BitComet\archive\7cb3acc414067b8200ca5662c3fc9dfb1605f856.torrent
c:\program files\BitComet\archive\7d5e85eefe44226a44e0307a1b3a1b4cc202301c.torrent
c:\program files\BitComet\archive\7e85ef2562b7b1857ef1f8575993fae971aee327.torrent
c:\program files\BitComet\archive\8117847e1fdc92200f02d9d5705a82c34db18ecc.torrent
c:\program files\BitComet\archive\81de0ebad076c4b2e465f5b6d4f040e10d581868.torrent
c:\program files\BitComet\archive\828fa48e378c034af326563d6de2c182b2a6e8e3.torrent
c:\program files\BitComet\archive\834addaaea080efda7f9aaed7b8d608dc25d4b5e.torrent
c:\program files\BitComet\archive\84a8f97f31aad5d043094641ffa9302db59c4a0a.torrent
c:\program files\BitComet\archive\84f18faab2785b197e0e781bfa7addbd7ce932c3.torrent
c:\program files\BitComet\archive\856fb18f8fd847892d691a08ac1aef5308c74662.torrent
c:\program files\BitComet\archive\85c339cb4090919e18b072dc76249acab80da848.torrent
c:\program files\BitComet\archive\86e20b58ad000d1e5b960130ecd7173af39a7c73.torrent
c:\program files\BitComet\archive\885bc46efb70a06191d9353fb75d5ba84df61b39.torrent
c:\program files\BitComet\archive\88aeb6025923f2aafc8f7b6831f4747463289a7d.torrent
c:\program files\BitComet\archive\88ed1538863616a3676de6135c86bdf0f9af22a2.torrent
c:\program files\BitComet\archive\89ce7e8f1718c55a9089a5759519f1baa64b1a4f.torrent
c:\program files\BitComet\archive\8a408a35a359ec7d6114848d036b34316f38db7f.torrent
c:\program files\BitComet\archive\8a794f81fa63a6e3c8f709b719074c49fdb550c9.torrent
c:\program files\BitComet\archive\8af5aa258d62c757ffbbfb4dca2d3a449d21134e.torrent
c:\program files\BitComet\archive\8bb8f534f8c965dedf54c628f20b45ec145a12b5.torrent
c:\program files\BitComet\archive\8c6775f1157a1045ed0dc9c7f04a64936f405a29.torrent
c:\program files\BitComet\archive\8cad357019a3ca36ee4004ad17cf0134edd7877a.torrent
c:\program files\BitComet\archive\8f04cca5bad40e023914b9831f199388959c4689.torrent
c:\program files\BitComet\archive\914be8ab0ba94f24ffdc2a66a1e682157adf862c.torrent
c:\program files\BitComet\archive\91741c2c0c61bed3a558e517656d8a666b9d5df1.torrent
c:\program files\BitComet\archive\922a82e6ce54e98fd805bbdb8f32964fa2f12afc.torrent
c:\program files\BitComet\archive\93f7c6edde17c604692e95a943586ea0dc2d0bfc.torrent
c:\program files\BitComet\archive\9488d6f7a9c5c521c5c800433ebf3e9f078af563.torrent
c:\program files\BitComet\archive\976de5cb621ee1008c76e6435f63121f29a8f402.torrent
c:\program files\BitComet\archive\9985328e785aea0b045defdc5f8249dcc62bb06b.torrent
c:\program files\BitComet\archive\9a4b9fa46ce5e7ce3c38792efcdf9d7d0d1a7177.torrent
c:\program files\BitComet\archive\9ebd5323159a5a2a7b53665d35bac7242fac4eed.torrent
c:\program files\BitComet\archive\a026519e9b9e60ceec31c2c4e75406b50424d1e4.torrent
c:\program files\BitComet\archive\a0a36d1653395d52c4befffba65b2a0b311d25eb.torrent
c:\program files\BitComet\archive\a0c41cf827cd17b99e5efa834f9b8aaea2d3e736.torrent
c:\program files\BitComet\archive\a0e29c76a4bf67dcdb61015ab4f27fee76167e99.torrent
c:\program files\BitComet\archive\a10c18cd8cfdd89ac3066754e62e5538f1ffcb77.torrent
c:\program files\BitComet\archive\a168707979871aebe1b680dab9a2b92161e72187.torrent
c:\program files\BitComet\archive\a21de911c7b4182edd02f1f2353deea86b796e0c.torrent
c:\program files\BitComet\archive\a272e49092dbcb077cbc27094ba4bae0cafb259e.torrent
c:\program files\BitComet\archive\a2f3d29da6db60e4c9f590966a9bc6e254b2205b.torrent
c:\program files\BitComet\archive\a3c9952ec3768b6130d2a42dd5c84dc3b0b2edba.torrent
c:\program files\BitComet\archive\a3e0cf27027052fc690f77bb145dfd505207a30b.torrent
c:\program files\BitComet\archive\a3e0e459d2f758913d178f92135ce42a9375e583.torrent
c:\program files\BitComet\archive\a4129ab22a2512ec9388ff0167d0327a05734343.torrent
c:\program files\BitComet\archive\a43e1d8547311981b9feb07fc83ea351eeb1b0fe.torrent
c:\program files\BitComet\archive\a4a3ddf6e4d434519ff4275e02e664675972f55e.torrent
c:\program files\BitComet\archive\a6412e2920278348ebc2c1eb29be0c5c3dfea028.torrent
c:\program files\BitComet\archive\a671fca245d211745a21826f92c042078b7d1c3f.torrent
c:\program files\BitComet\archive\a6890c350d9c55cea12b4cd620975f694462da1e.torrent
c:\program files\BitComet\archive\a7fbae8a30782db5c8d7347e1b6f79d0f646b40a.torrent
c:\program files\BitComet\archive\a87be54a860ecaeaebd520d39645e5e0b43a0271.torrent
c:\program files\BitComet\archive\a89c0da457e121fbeb1bbd40136a500527e75ffa.torrent
c:\program files\BitComet\archive\a911ddda10accaee3c402a7c689875a1344cea33.torrent
c:\program files\BitComet\archive\a9177419be8b07119d49bc04032fae377fe89f58.torrent
c:\program files\BitComet\archive\ac8ac10e003259aff8eb88efcc8fe96d9322fc23.torrent
c:\program files\BitComet\archive\ad743c28ca8cfc5a4c48db904f65d593b8f8602f.torrent
c:\program files\BitComet\archive\af8c0547e6de005b7dee6fdbec5160efc974bfa3.torrent
c:\program files\BitComet\archive\aff156286a86a458abb1452f3e5a43f2047ba656.torrent
c:\program files\BitComet\archive\b12ab73c678401e74f9a9ce6965210ab0f2ecdf4.torrent
c:\program files\BitComet\archive\b1eb3d2d37629b1e4236f87a84769eb93ae57554.torrent
c:\program files\BitComet\archive\b50df3c173df4a090468bf507d8057b6914992dc.torrent
c:\program files\BitComet\archive\b6015eee4c9ea072600546165409ae26d61fc33d.torrent
c:\program files\BitComet\archive\b60e4066bde9e3a8ff3f555e4b7daa901b5cfa88.torrent
c:\program files\BitComet\archive\b906a9cfc95de8e24269061cb8263a362c5daac2.torrent
c:\program files\BitComet\archive\b9719f1e2742ed109006ed4e0ab0ada49fbea45d.torrent
c:\program files\BitComet\archive\b986020e1c6a8b6e7fa3614115bfb3f3ed1674ab.torrent
c:\program files\BitComet\archive\ba59ee3a4dad6d6424b13bd953f073741754073d.torrent
c:\program files\BitComet\archive\ba81147755dd7daff67a50501cf0fde5389ca7d1.torrent
c:\program files\BitComet\archive\bafb1af73fb0834c372f8485dbdf9bada7959e3d.torrent
c:\program files\BitComet\archive\bb763fffeee5f0ec0f68c117197914dc5d82dc6a.torrent
c:\program files\BitComet\archive\bc5d7173de6cc292442903a48470851cf1232f31.torrent
c:\program files\BitComet\archive\bd216df84357dfb2623a6032ab3b41a4a3592271.torrent
c:\program files\BitComet\archive\bd31cba4d28049864e8b7ddb5b93ae2f57488e36.torrent
c:\program files\BitComet\archive\bf207b601446642d7341073ac279f363c2c76bc2.torrent
c:\program files\BitComet\archive\bf9a14232196817093ed3d1b9487ac3239ba3dfb.torrent
c:\program files\BitComet\archive\c0a7c51c5faefb71cd40a4515aaf39e7d941fcd2.torrent
c:\program files\BitComet\archive\c0bd74a46767ad0488334822a601bfbc7e994b90.torrent
c:\program files\BitComet\archive\c1e7b91e575571326f57444770098da33d270695.torrent
c:\program files\BitComet\archive\c2ebbf5711061593e985b453508f2b4159caa7bb.torrent
c:\program files\BitComet\archive\c36cb69d5a43fe524fbdd2cb8dbe35588e821c53.torrent
c:\program files\BitComet\archive\c577d982d4cca8972db437188d577b62105005cd.torrent
c:\program files\BitComet\archive\c5eec09adf64194323cae7e4ff727f86cf57516a.torrent
c:\program files\BitComet\archive\c68e17f6246488a0f0de79582344c901b6b475c6.torrent
c:\program files\BitComet\archive\c778203a54c49e184089679005566a5e08e816de.torrent
c:\program files\BitComet\archive\c952d537e48e51f87ed5407c2ab88c58738ac88d.torrent
c:\program files\BitComet\archive\ca382e6a3ff8bb1c4c2323550e6bcde8dac5d998.torrent
c:\program files\BitComet\archive\caa88e46be4d0038e26823adf37a90be4fbd6f35.torrent
c:\program files\BitComet\archive\cacb91834691a59e9e27f5e4d5ba9bf5cbf8cb6e.torrent
c:\program files\BitComet\archive\cacc6ddde155647c13d122ed3ef9a9b1ae23da09.torrent
c:\program files\BitComet\archive\cbafdfeff5ec1cf0d086c8197a3916f0a6a33230.torrent
c:\program files\BitComet\archive\cbce4d78e821e4d4a4f8fb22bf418992c6acddc3.torrent
c:\program files\BitComet\archive\ce94715522463898aea4ffc8061174dcebdc902a.torrent
c:\program files\BitComet\archive\cf1ea0bff9fc9f14f3c55ee2c9091321d8a5594d.torrent
c:\program files\BitComet\archive\cf7a04fd5de6ddeaba6598a010c3aef6de928776.torrent
c:\program files\BitComet\archive\d1a8bd44efd55bb3661cceee5b1df642393145e3.torrent
c:\program files\BitComet\archive\d1c55f1b608c782b692d958766d4f67a8702b9af.torrent
c:\program files\BitComet\archive\d2b5cd64a7ac05b87d09067148315e3179aa759f.torrent
c:\program files\BitComet\archive\d33a2ee0f571a25d7a1230f1d38317b144cf5652.torrent
c:\program files\BitComet\archive\d36196164f9368f9be08ff1e00fabd5b837b5a7b.torrent
c:\program files\BitComet\archive\d4b4188a5426f4c7aab71d1dae2464cd8f67504a.torrent
c:\program files\BitComet\archive\d6022bf0fc71490ba632e17fb1391f40ab52abed.torrent
c:\program files\BitComet\archive\d6080622159db6eb19661ae5a7c4e411ce0a2740.torrent
c:\program files\BitComet\archive\d6bee3414f83f733fe59763f41bc4e4afa807f2e.torrent
c:\program files\BitComet\archive\d7d737d2568897df8571192b9e787d238f5c8556.torrent
c:\program files\BitComet\archive\d817916e49a18c36b2760f93179f71650fc54f8b.torrent
c:\program files\BitComet\archive\d8e59268642aa6c34b3f9d3355255dfc28040365.torrent
c:\program files\BitComet\archive\d8fec208d6a0890232c3396d1ac5d8341c863581.torrent
c:\program files\BitComet\archive\d925c4a20390ece6b34e98092c79536ecfec02a5.torrent
c:\program files\BitComet\archive\d94cbed7a338e64f58c8fb518d2059371f2bc10c.torrent
c:\program files\BitComet\archive\d9b623c5fc378cd144be8619396923316e09a633.torrent
c:\program files\BitComet\archive\daca202b237ee50d5d806716da8ed5b084c2f8e5.torrent
c:\program files\BitComet\archive\db9b448debf66dbedbb30719916d92ae747b093f.torrent
c:\program files\BitComet\archive\dbc68e5e80bb1a69b48f7df67896f88c7e1ac8a2.torrent
c:\program files\BitComet\archive\dd46a55788f72989b5910d911d1c9b1124f3b5a5.torrent
c:\program files\BitComet\archive\ddf18730bf5d6e750a808f200b40ea0d86e7a9bc.torrent
c:\program files\BitComet\archive\de912fd56a32541c55d8107acb4e87eb2c23dd78.torrent
c:\program files\BitComet\archive\df61080b4661faae437555263395dbd8e824b5de.torrent
c:\program files\BitComet\archive\e2f1e30a1415310eb97fe7dbe928ac0b5655a546.torrent
c:\program files\BitComet\archive\e34f3da8c8c193fd722decc0c2cd7cbf410145c2.torrent
c:\program files\BitComet\archive\e537ec4f0f6bb1ff9d4f9e9e033d1f908c3887de.torrent
c:\program files\BitComet\archive\e66f7b7425b8ef5c9798d6582603755f4143c218.torrent
c:\program files\BitComet\archive\e6a03fa4707881067c07a89e81147d206a53de99.torrent
c:\program files\BitComet\archive\e879d7f750573d00e5eb24e8ad15d3a3fc541aef.torrent
c:\program files\BitComet\archive\e95cfd844f602e0a1ab5c00950f3ec0e1aad0329.torrent
c:\program files\BitComet\archive\eaf424ad7808d33ba767737b2408217498f5bf87.torrent
c:\program files\BitComet\archive\ed67b1a2ae58b1416c2b7ef15f91d188c23f783b.torrent
c:\program files\BitComet\archive\ed87718386460f47e08202cd0eb1b289807debf3.torrent
c:\program files\BitComet\archive\eed6c678ba3be65d14c7b0cb51a7f5f94acb43df.torrent
c:\program files\BitComet\archive\eef072dd7f1f7a6103ade86d3a690a14fb4f33c0.torrent
c:\program files\BitComet\archive\ef54b50ad4bf95267156d60d3bdd821f5de5c949.torrent
c:\program files\BitComet\archive\efa54f0d845982fb7344b523dfadfb428cf07fa5.torrent
c:\program files\BitComet\archive\efb3090959d6029ab1db369f23464af63710fd55.torrent
c:\program files\BitComet\archive\f0cb11861774ad721dc6594ccc01c836bd76919c.torrent
c:\program files\BitComet\archive\f1093a4a9dd5ef9a564247efc3b943d6dff7d65e.torrent
c:\program files\BitComet\archive\f15fb5b9bc39ea428159b9577cd551c4b45f7209.torrent
c:\program files\BitComet\archive\f19326e7976f46ab8a26cabe52ed44887528063b.torrent
c:\program files\BitComet\archive\f1ba19faaaf2750bcdcb3c89eccc204aee93d1c1.torrent
c:\program files\BitComet\archive\f200eb08158b467843a05a5788685a71f5e32500.torrent
c:\program files\BitComet\archive\f2bc6f5ff4c12f47e9fc99c20d13991b5188194c.torrent
c:\program files\BitComet\archive\f2f54c60e934d232a770c01fe24f1b5abba7ead0.torrent
c:\program files\BitComet\archive\f323dc551cfebd83ec67199e3a03f04f5729f248.torrent
c:\program files\BitComet\archive\f4d2a5158962a99ac21afce17d6f762892057c79.torrent
c:\program files\BitComet\archive\f5622664bd7971b3f28a1588365bd4f4d51d554b.torrent
c:\program files\BitComet\archive\f73beb6f9e9aa26b2343a762bf09945067c8d0d5.torrent
c:\program files\BitComet\archive\f8407451ec898ed846825a244bf264cce9e44705.torrent
c:\program files\BitComet\archive\f94082f0293983ec91492fbd52ee7816c0cfc715.torrent
c:\program files\BitComet\archive\f994e24681db2293b0a474345c0bcd6d2c8e192d.torrent
c:\program files\BitComet\archive\f99fd969cbdae92dbc0805914418af876a6aa5b8.torrent
c:\program files\BitComet\archive\f9a13cac57b9d1714f60fc472cf2a27d76b455e5.torrent
c:\program files\BitComet\archive\f9f4a70c5c696dfea2cb707af4d5a2ae8a638e99.torrent
c:\program files\BitComet\archive\fa428e663e7f28936567b282b3399799ce27b280.torrent
c:\program files\BitComet\archive\fa7e2de1f9447778275aa5f19e9a10842af617ff.torrent
c:\program files\BitComet\archive\fbf09493247a0f58ab46fc3c3dbd2c9799ff555c.torrent
c:\program files\BitComet\archive\fe2c5e6297f0cffa00ab47adc7baf51c17944531.torrent
c:\program files\BitComet\archive\ff0664ecbf5d9053981167257a4a360c546d0b84.torrent
c:\program files\BitComet\archive\ff58f3682ee736c90d0af409d13ae9e2675a08a7.torrent
c:\program files\BitComet\archive\ffb25f281b7b9639665d1a98b9ff2aa1070da562.torrent
c:\program files\BitComet\archive\my_history.xml
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\share\18dbecd52b2fe02cd98d8d97c659482a68e72f28.torrent
c:\program files\BitComet\share\1e629ee9294493c627e338d9a5765c81ad75e62d.torrent
c:\program files\BitComet\share\447a968685449e63b7fe5a27a791e7505ed2d2b9.torrent
c:\program files\BitComet\share\47fd529e16feb130cf389c6b8b5830108ad71097.torrent
c:\program files\BitComet\share\4f14a508465d6ac668c65134e981c532192ba75e.torrent
c:\program files\BitComet\share\7335d4ecc5e7d9ac0ecd90c80663d59aa57ce63d.torrent
c:\program files\BitComet\share\a4129ab22a2512ec9388ff0167d0327a05734343.torrent
c:\program files\BitComet\share\my_shares.xml
c:\program files\eMule
c:\program files\eMule\Incoming\Thumbs.db
c:\program files\eMule\Temp\002.part
c:\program files\eMule\Temp\002.part.met
c:\program files\eMule\Temp\002.part.met.bak
c:\program files\eMule\Temp\006.part
c:\program files\eMule\Temp\006.part.met
c:\program files\eMule\Temp\006.part.met.bak
c:\windows\Omidisovuniwul.dat
c:\windows\Sloqij.bin

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-12 05:29 . 2010-09-12 05:29 -------- d-----w- C:\rsit
2010-09-11 13:29 . 2010-09-11 13:29 388096 ----a-r- c:\documents and settings\Ryan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-07 11:09 . 2010-09-07 11:09 -------- d-----w- c:\program files\iPod
2010-09-07 11:09 . 2010-09-07 11:10 -------- d-----w- c:\program files\iTunes
2010-09-07 11:07 . 2010-09-07 11:07 -------- d-----w- c:\program files\QuickTime
2010-09-07 11:03 . 2010-09-07 11:03 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 10:20 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 22:38 . 2009-10-11 15:01 -------- d-----w- c:\documents and settings\Ryan\Application Data\vlc
2010-09-12 05:29 . 2009-05-07 01:48 -------- d-----w- c:\program files\Trend Micro
2010-09-07 11:09 . 2009-02-28 04:29 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 10:46 . 2009-02-28 15:46 -------- d-----w- c:\program files\a-squared Free
2010-08-25 10:23 . 2010-08-25 10:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-08-25 10:23 . 2010-08-25 10:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-14 12:51 . 2009-02-28 11:20 -------- d-----w- c:\program files\Opera
2010-08-13 05:09 . 2009-10-11 14:16 -------- d-----w- c:\documents and settings\Ryan\Application Data\Skype
2010-08-09 14:00 . 2010-04-16 19:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-03 03:20 . 2010-08-03 03:20 503808 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\msvcp71.dll
2010-08-03 03:20 . 2010-08-03 03:20 499712 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\jmc.dll
2010-08-03 03:20 . 2010-08-03 03:20 348160 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1133379a-n\msvcr71.dll
2010-08-03 03:20 . 2010-08-03 03:20 61440 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-583d1d01-n\decora-sse.dll
2010-08-03 03:20 . 2010-08-03 03:20 12800 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-583d1d01-n\decora-d3d.dll
2010-08-02 01:32 . 2010-08-01 15:02 -------- d-----w- c:\program files\AimOne MP4 Cutter & Joiner
2010-07-31 15:35 . 2010-01-19 03:38 -------- d-----w- c:\program files\EndNote X3
2010-07-31 15:34 . 2010-01-19 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2010-07-31 15:34 . 2010-06-01 19:53 -------- d-----w- c:\documents and settings\Ryan\Application Data\Amazon
2010-07-26 05:14 . 2010-07-26 04:58 -------- d-----w- c:\program files\i2p
2010-07-26 04:59 . 2010-07-26 04:59 -------- d-----w- c:\documents and settings\Ryan\Application Data\I2P
2010-07-24 15:03 . 2010-07-24 15:03 -------- d-----w- c:\documents and settings\Ryan\Application Data\FFSJ
2010-07-14 21:58 . 2010-07-14 21:58 503808 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\msvcp71.dll
2010-07-14 21:58 . 2010-07-14 21:58 499712 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\jmc.dll
2010-07-14 21:58 . 2010-07-14 21:58 348160 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18faafb5-n\msvcr71.dll
2010-07-14 21:58 . 2010-07-14 21:58 61440 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55e72882-n\decora-sse.dll
2010-07-14 21:58 . 2010-07-14 21:58 12800 ----a-w- c:\documents and settings\Ryan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55e72882-n\decora-d3d.dll
2010-07-07 12:12 . 2009-02-28 03:54 54576 ----a-w- c:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-22 08:36 . 2010-07-14 21:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-22 00:23 . 2010-06-22 00:24 53632 ----a-w- c:\documents and settings\Ryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-22 00:23 . 2009-11-10 04:26 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-12_13.28.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-14 00:00 . 2010-09-14 00:00 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
+ 2010-09-12 23:00 . 2010-09-12 23:00 16384 c:\windows\temp\Perflib_Perfdata_798.dat
+ 2009-02-28 02:12 . 2010-09-14 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-28 02:12 . 2010-09-07 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-14 00:01 . 2010-09-14 00:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-07-20 00:01 . 2010-09-07 00:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-18 14:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2/28/2009 11:46 AM 1872320]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:12 AM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2010 2:49 PM 135664]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\Ryan\LOCALS~1\Temp\_987F.tmp\FoxAwdWINFLASH.sys --> c:\docume~1\Ryan\LOCALS~1\Temp\_987F.tmp\FoxAwdWINFLASH.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/11/2009 11:48 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:49]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 18:49]

2010-07-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.15/uploader2.cab
FF - ProfilePath - c:\documents and settings\Ryan\Application Data\Mozilla\Firefox\Profiles\abtpprf4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - plugin: c:\documents and settings\Ryan\Application Data\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-13 21:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-09-13 21:47:54
ComboFix-quarantined-files.txt 2010-09-14 01:47
ComboFix2.txt 2010-09-12 13:31
ComboFix3.txt 2010-07-13 23:14

Pre-Run: 211,405,729,792 bytes free
Post-Run: 211,417,522,176 bytes free

- - End Of File - - D15B567F0DED28AA68A1C0F1FC35140B


What next? Again, thanks so much. I'll update my problem list once I test my computer out.
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 13th, 2010, 10:15 pm

I will wait for the update on issues, as this can determine which direction we take next :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 13th, 2010, 10:19 pm

I'm still getting google redirects to sites like:

hxxp://results5.google.com

hxxp://gathi.149.asklots.com/jump2/?aff ... erms=akiba

I just don't get it. Its strange. And again, I have no control over the sound with my PC anymore
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 14th, 2010, 3:59 am

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window similar to this should open on your desktop:

    Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

Please reply with:-
  • TDSSkiller Log
  • MBRcheck.txt
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 14th, 2010, 6:43 pm

TDSSKiller log

2010/09/14 18:42:23.0625 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/14 18:42:23.0625 ================================================================================
2010/09/14 18:42:23.0625 SystemInfo:
2010/09/14 18:42:23.0625
2010/09/14 18:42:23.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/14 18:42:23.0625 Product type: Workstation
2010/09/14 18:42:23.0625 ComputerName: RYAN-152B8893EB
2010/09/14 18:42:23.0625 UserName: Ryan
2010/09/14 18:42:23.0625 Windows directory: C:\WINDOWS
2010/09/14 18:42:23.0625 System windows directory: C:\WINDOWS
2010/09/14 18:42:23.0625 Processor architecture: Intel x86
2010/09/14 18:42:23.0625 Number of processors: 4
2010/09/14 18:42:23.0625 Page size: 0x1000
2010/09/14 18:42:23.0625 Boot type: Normal boot
2010/09/14 18:42:23.0625 ================================================================================
2010/09/14 18:42:23.0812 Initialize success
2010/09/14 18:42:33.0671 ================================================================================
2010/09/14 18:42:33.0671 Scan started
2010/09/14 18:42:33.0671 Mode: Manual;
2010/09/14 18:42:33.0671 ================================================================================
2010/09/14 18:42:34.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/14 18:42:34.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/14 18:42:34.0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/14 18:42:34.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/14 18:42:34.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/14 18:42:34.0843 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/14 18:42:34.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/14 18:42:34.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/14 18:42:34.0984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/14 18:42:35.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/14 18:42:35.0125 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/14 18:42:35.0187 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/14 18:42:35.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/14 18:42:35.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/14 18:42:35.0296 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/09/14 18:42:35.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/14 18:42:35.0390 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/14 18:42:35.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/14 18:42:35.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/14 18:42:35.0453 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/14 18:42:35.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/14 18:42:35.0546 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/09/14 18:42:35.0703 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/14 18:42:35.0734 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/14 18:42:35.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/14 18:42:35.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/14 18:42:35.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/14 18:42:35.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/14 18:42:35.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/14 18:42:35.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/14 18:42:35.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/14 18:42:35.0968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/14 18:42:35.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/14 18:42:36.0046 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/14 18:42:36.0078 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/14 18:42:36.0156 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/14 18:42:36.0156 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/14 18:42:36.0234 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/14 18:42:36.0281 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/09/14 18:42:36.0312 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/14 18:42:36.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/14 18:42:36.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/09/14 18:42:36.0453 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/14 18:42:36.0593 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/14 18:42:36.0671 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/14 18:42:36.0734 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/14 18:42:36.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/14 18:42:36.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/14 18:42:36.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/14 18:42:36.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/14 18:42:36.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/14 18:42:36.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/14 18:42:37.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/14 18:42:37.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/14 18:42:37.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/14 18:42:37.0078 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/14 18:42:37.0125 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/14 18:42:37.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/14 18:42:37.0187 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/14 18:42:37.0203 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/14 18:42:37.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/14 18:42:37.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/14 18:42:37.0265 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/14 18:42:37.0312 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/14 18:42:37.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/14 18:42:37.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/14 18:42:37.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/14 18:42:37.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/14 18:42:37.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/14 18:42:37.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/14 18:42:37.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/14 18:42:37.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/14 18:42:37.0656 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100914.016\NAVENG.SYS
2010/09/14 18:42:37.0718 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100914.016\NAVEX15.SYS
2010/09/14 18:42:37.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/14 18:42:37.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/14 18:42:37.0828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/14 18:42:37.0843 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/14 18:42:37.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/14 18:42:37.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/14 18:42:37.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/14 18:42:37.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/14 18:42:37.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/14 18:42:38.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/14 18:42:38.0046 NuidFltr (b42370e5d7ca473c8ba8429a4ef0d666) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/09/14 18:42:38.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/14 18:42:38.0265 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/14 18:42:38.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/14 18:42:38.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/14 18:42:38.0500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/14 18:42:38.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/14 18:42:38.0562 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/14 18:42:38.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/14 18:42:38.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/14 18:42:38.0625 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/14 18:42:38.0765 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/09/14 18:42:38.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/14 18:42:38.0781 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/14 18:42:38.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/14 18:42:38.0875 QCDonner (18b6755475f560dfffda079495cffd7c) C:\WINDOWS\system32\DRIVERS\LVCD.sys
2010/09/14 18:42:38.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/14 18:42:38.0937 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/14 18:42:38.0953 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/14 18:42:38.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/14 18:42:38.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/14 18:42:38.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/14 18:42:39.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/14 18:42:39.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/14 18:42:39.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/14 18:42:39.0140 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/14 18:42:39.0218 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/09/14 18:42:39.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/14 18:42:39.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/14 18:42:39.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/14 18:42:39.0421 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/14 18:42:39.0546 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/14 18:42:39.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/14 18:42:39.0640 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/14 18:42:39.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/14 18:42:39.0703 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/09/14 18:42:39.0734 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/09/14 18:42:39.0781 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/09/14 18:42:39.0828 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/14 18:42:39.0859 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/14 18:42:39.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/14 18:42:39.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/14 18:42:39.0953 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/14 18:42:39.0968 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/14 18:42:40.0015 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/14 18:42:40.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/14 18:42:40.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/14 18:42:40.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/14 18:42:40.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/14 18:42:40.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/14 18:42:40.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/14 18:42:40.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/14 18:42:40.0312 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/14 18:42:40.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/14 18:42:40.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/14 18:42:40.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/14 18:42:40.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/14 18:42:40.0500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/14 18:42:40.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/14 18:42:40.0578 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/14 18:42:40.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/14 18:42:40.0625 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/14 18:42:40.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/14 18:42:40.0687 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/14 18:42:40.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/14 18:42:40.0781 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/14 18:42:40.0843 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/14 18:42:40.0921 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/14 18:42:40.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/14 18:42:41.0015 ================================================================================
2010/09/14 18:42:41.0015 Scan finished
2010/09/14 18:42:41.0015 ================================================================================
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 14th, 2010, 6:47 pm

MBR results says it found non-standard or infected MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8B8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA723000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8C8000 VolSnap.sys
0xBA70B000 atapi.sys
0xBA8D8000 disk.sys
0xBA8E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6EB000 fltmgr.sys
0xBA6D9000 sr.sys
0xBA6C2000 KSecDD.sys
0xBA635000 Ntfs.sys
0xBA608000 NDIS.sys
0xBA5EE000 Mup.sys
0xBAA88000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9900000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB98EC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB98AB000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBAC10000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9887000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC18000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB985F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB981D000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB97FA000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9708000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB9655000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBAC28000 \SystemRoot\System32\Drivers\Modem.SYS
0xBAC38000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBAA98000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBAAA8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBAAB8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBAC50000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBAF0B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAAC8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBADA0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB963E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAAD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAAE8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC70000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB962D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAF8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC80000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC90000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB95FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAB08000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBACA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBACA8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBADDC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB959F000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5AE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA918000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA928000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7000000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6FB4000 \SystemRoot\system32\drivers\portcls.sys
0xBA948000 \SystemRoot\system32\drivers\drmk.sys
0xB6EA2000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xB6D31000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBABD8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB6C9E000 \SystemRoot\system32\DRIVERS\rt2870.sys
0xB957F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA968000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBABF0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA978000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xB6FE4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBAE28000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAFFF000 \SystemRoot\System32\Drivers\Null.SYS
0xBAE2C000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAC48000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBAC58000 \SystemRoot\System32\drivers\vga.sys
0xBAE30000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAC68000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAC88000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBAD6C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6C43000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6BEA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6BBD000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB6B97000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6B6F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6B4D000 \SystemRoot\System32\drivers\afd.sys
0xBA9C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6F00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB6AE3000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xBAB80000 \SystemRoot\system32\DRIVERS\point32.sys
0xB6AB8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6A48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB69EA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB69CD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB6981000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB6969000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBAE40000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6C9A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBABB8000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAECD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFAA000 \SystemRoot\System32\ATMFD.DLL
0xB6659000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB60C4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6F44000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6021000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB61BD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB5D9A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5E61000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBAB90000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB5806000 \SystemRoot\System32\Drivers\HTTP.sys
0xBADE2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBABB0000 \??\C:\DOCUME~1\Ryan\LOCALS~1\Temp\catchme.sys
0xB4CB2000 \??\C:\DOCUME~1\Ryan\LOCALS~1\Temp\mbr.sys
0xAF9CB000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100914.016\NAVEX15.SYS
0xAF9B7000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100914.016\NAVENG.SYS
0xB6561000 \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys
0xAFB97000 \SystemRoot\system32\drivers\klmd.sys
0xAF98C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
820 C:\WINDOWS\system32\smss.exe
868 csrss.exe
892 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\svchost.exe
1164 svchost.exe
1208 C:\WINDOWS\system32\svchost.exe
1424 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1632 svchost.exe
1676 svchost.exe
240 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
584 C:\WINDOWS\system32\spoolsv.exe
796 svchost.exe
860 C:\Program Files\a-squared Free\a2service.exe
128 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1248 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\Program Files\Java\jre6\bin\jqs.exe
1896 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1912 C:\WINDOWS\system32\nvsvc32.exe
1988 C:\WINDOWS\system32\svchost.exe
1996 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
3008 alg.exe
1508 C:\WINDOWS\system32\svchost.exe
2808 C:\Program Files\iPod\bin\iPodService.exe
2584 C:\WINDOWS\system32\wscntfy.exe
2916 C:\WINDOWS\RTHDCPL.exe
1596 C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
2908 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4028 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1060 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2844 C:\Program Files\iTunes\iTunesHelper.exe
3972 C:\WINDOWS\system32\ctfmon.exe
3932 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
1764 C:\WINDOWS\explorer.exe
4864 C:\Program Files\Internet Explorer\iexplore.exe
2368 C:\Program Files\Internet Explorer\iexplore.exe
5084 C:\Documents and Settings\Ryan\Desktop\TDSSKiller.exe
3556 C:\Documents and Settings\Ryan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD3200AAKS-75VYA0, Rev: 12.01B02
PhysicalDrive1 Model Number: FANTOMWD10EAVS-00D7B1, Rev: 2.10

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 7B673ACE7D764F99598D604CA48490D0A72DF547


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby veo1 » September 14th, 2010, 6:48 pm

new HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:48:19 PM, on 9/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.15/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941266890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3941259953
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 8574 bytes
veo1
Regular Member
 
Posts: 15
Joined: September 11th, 2010, 9:35 am

Re: Problems with trojans/browser hijacked (logs attached)

Unread postby muppy03 » September 15th, 2010, 4:02 am

GMER Rootkit Scanner
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please reply with:-

  • GMER Log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 357 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware