Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Need serious help with Malware problem!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Need serious help with Malware problem!

Unread postby Kid_Venom » February 24th, 2010, 12:15 am

Here are the logs you requested mate. Thank you again.

ComboFix 10-02-23.03 - Jarrett Lowrey 02/23/2010 21:54:51.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.581 [GMT -6:00]
Running from: c:\documents and settings\Jarrett Lowrey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jarrett Lowrey\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-23 15:02 . 2010-02-23 15:02 -------- d-----w- c:\program files\QuickTime
2010-02-23 14:58 . 2010-02-23 14:58 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Leadertech
2010-02-23 04:41 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2010-02-23 04:40 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-02-23 04:40 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-02-23 04:38 . 2010-02-23 04:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-02-23 04:38 . 2010-02-23 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-23 04:02 . 2010-02-23 04:02 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Trillian
2010-02-23 04:02 . 2010-02-24 03:13 -------- d-----w- c:\program files\Trillian
2010-02-17 19:08 . 2010-02-17 19:08 -------- d-----w- c:\program files\ESET
2010-02-13 00:14 . 2010-02-13 00:14 -------- d-----w- C:\_OTM
2010-02-13 00:08 . 2010-02-13 00:08 -------- d-----w- c:\program files\ERUNT
2010-02-07 12:08 . 2010-02-08 21:39 -------- d-----w- C:\rsit
2010-02-07 12:06 . 2010-02-07 12:06 -------- d-----w- c:\program files\Trend Micro
2010-01-25 11:00 . 2010-01-25 11:11 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-25 11:00 . 2010-01-25 11:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2010-01-25 11:00 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-01-25 10:59 . 2010-01-25 11:21 -------- d-----w- c:\program files\Charter Security Suite
2010-01-25 08:10 . 2010-02-11 23:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-25 08:10 . 2010-02-11 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 05:33 . 2010-01-25 05:33 -------- d-----w- c:\program files\TrendMicro
2010-01-25 04:24 . 2010-01-25 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-01-25 04:14 . 2010-01-25 04:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 03:58 . 2008-11-07 02:33 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\DNA
2010-02-24 03:48 . 2008-11-07 02:33 -------- d-----w- c:\program files\DNA
2010-02-24 01:56 . 2008-10-05 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-23 20:00 . 2009-04-01 06:26 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Skype
2010-02-23 15:36 . 2006-09-19 17:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVU
2010-02-23 15:35 . 2006-10-19 03:31 -------- d-----w- c:\program files\ImvuTools
2010-02-23 15:08 . 2008-10-07 17:02 -------- d-----w- c:\program files\iTunes
2010-02-23 15:07 . 2006-05-30 02:02 -------- d-----w- c:\program files\iPod
2010-02-23 15:07 . 2007-07-04 17:51 -------- d-----w- c:\program files\Common Files\Apple
2010-02-23 14:03 . 2009-04-01 06:27 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\skypePM
2010-02-23 04:40 . 2006-09-29 05:58 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-23 04:38 . 2006-09-29 05:57 -------- d-----w- c:\program files\Logitech
2010-02-17 19:15 . 2007-11-09 21:27 -------- d-----w- c:\program files\Winamp Remote
2010-02-13 08:52 . 2006-06-14 19:46 52704 ----a-w- c:\documents and settings\Jarrett Lowrey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-09 21:02 . 2006-05-04 08:45 -------- d-----w- c:\program files\Google
2010-02-07 12:02 . 2006-05-04 08:48 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\BitTorrent
2010-02-07 12:02 . 2006-11-30 01:17 -------- d-----w- c:\program files\BitTorrent
2010-01-25 11:00 . 2010-01-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-01-24 17:59 . 2010-01-09 00:27 120 ----a-w- c:\windows\Trekowuwuqecuzo.dat
2010-01-24 06:31 . 2010-01-09 00:27 0 ----a-w- c:\windows\Mkefa.bin
2010-01-21 07:38 . 2009-11-10 02:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 21:13 . 2009-11-28 22:28 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Azureus
2010-01-15 06:41 . 2010-01-15 06:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Vivox
2010-01-15 06:40 . 2008-08-28 05:00 76774 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\Uninstall.exe
2010-01-15 06:40 . 2008-08-28 05:00 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient
2010-01-15 06:38 . 2008-08-28 20:22 24512552 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\installer\SetupImvu_update.exe
2010-01-14 06:02 . 2010-01-14 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-14 06:02 . 2010-01-14 06:01 -------- d-----w- c:\program files\AIM7
2010-01-14 06:01 . 2010-01-14 06:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-13 19:23 . 2010-01-13 19:23 92192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUupdater.exe
2010-01-13 19:23 . 2010-01-13 19:23 52992 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUClient.exe
2010-01-13 19:23 . 2010-01-13 19:23 21760 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-01-13 19:20 . 2010-01-13 19:20 121856 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\WriteMiniDump.exe
2010-01-13 19:18 . 2010-01-13 19:18 1251328 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\SceneWindow.dll
2010-01-13 19:18 . 2010-01-13 19:18 45568 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 54784 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 16896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\MemoryHook.dll
2010-01-13 19:17 . 2010-01-13 19:17 320000 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\cal3d.dll
2010-01-13 19:16 . 2010-01-13 19:16 198656 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\boost_python.dll
2010-01-13 19:16 . 2010-01-13 19:16 29184 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\CallStack.dll
2010-01-13 19:16 . 2010-01-13 19:16 260096 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\audiere.dll
2010-01-07 23:48 . 2008-09-07 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:48 . 2008-09-08 15:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-09-07 21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-09-07 21:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 22:32 . 2010-01-06 22:32 7491728 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\1VivoxVoice.exe
2010-01-06 22:32 . 2010-01-06 22:32 353424 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\npvivoxvoiceplugin.dll
2010-01-04 16:56 . 2010-01-04 16:56 83456 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\smime3.dll
2010-01-04 16:56 . 2010-01-04 16:56 66560 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nssutil3.dll
2010-01-04 16:56 . 2010-01-04 16:56 154112 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nspr4.dll
2010-01-04 16:56 . 2010-01-04 16:56 12288 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\AccessibleMarshal.dll
2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2005-07-03 02:11 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 18:05 . 2009-12-17 18:05 4924048 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxsdk.dll
2009-12-17 18:05 . 2009-12-17 18:05 330896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libsndfile-1.dll
2009-12-17 18:05 . 2009-12-17 18:05 275088 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxoal.dll
2009-12-17 18:05 . 2009-12-17 18:05 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ortp.dll
2009-12-17 18:05 . 2009-12-17 18:05 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\dbghelp.dll
2009-12-16 18:43 . 2004-08-10 20:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-02 00:59 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-02 00:34 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-01-19 04:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 23:58 . 2009-12-01 23:58 7490192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
2009-12-01 23:58 . 2009-12-01 23:58 5005968 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxsdk.dll
2009-12-01 23:58 . 2009-12-01 23:58 345744 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxvoiceplugin.dll
2009-12-01 23:58 . 2009-12-01 23:58 329872 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libsndfile-1.dll
2009-12-01 23:58 . 2009-12-01 23:58 283280 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxoal.dll
2009-12-01 23:58 . 2009-12-01 23:58 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ortp.dll
2009-12-01 23:58 . 2009-12-01 23:58 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ssleay32.dll
2009-12-01 23:58 . 2009-12-01 23:58 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\DbgHelp.dll
2009-12-01 23:58 . 2009-12-01 23:58 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ssleay32.dll
2009-11-28 04:37 . 2010-02-04 12:10 177702 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-11-27 17:11 . 2005-06-29 01:55 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-10 20:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-10 20:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 20:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-10 20:00 11264 ----a-w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-09_22.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-02-23 04:41 . 2006-06-22 22:29 38960 c:\windows\system32\ReinstallBackups\0016\DriverFiles\LVUSBSta.sys
+ 2010-02-23 04:41 . 2006-06-22 22:29 12080 c:\windows\system32\ReinstallBackups\0016\DriverFiles\lv302af.sys
+ 2010-02-23 04:41 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2010-02-23 04:41 . 2008-04-13 19:45 60032 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\USBAUDIO.sys
+ 2010-02-23 04:41 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys
+ 2010-02-23 04:41 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\drmk.sys
+ 2010-02-23 04:40 . 2004-08-10 20:00 31616 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbccgp.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 38960 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUSBSta.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 12080 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lv302af.sys
+ 2010-02-23 04:41 . 2009-10-07 08:48 66456 c:\windows\system32\DRVSTORE\lvPRO5s_685A41B6169139C58E86748F017A52894085C5B9\lvselsus.sys
+ 2010-02-23 04:40 . 2009-10-07 08:49 23832 c:\windows\system32\DRVSTORE\lvPRO5c_7E82A049DF85824473F42E9D67CC3CABBABD50F6\lvuvcflt.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\LVUSBSta.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPRO3s_A41D20BE5232AC177D63A3FCE8A82EE24FFCD132\LVUSBSta.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 55984 c:\windows\system32\DRVSTORE\lvPRO3s_A41D20BE5232AC177D63A3FCE8A82EE24FFCD132\lvselsus.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 20272 c:\windows\system32\DRVSTORE\lvPRO3c_EBD8B36970624B36EC4B2E9FAD935C09C1905985\lvuvcflt.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 55984 c:\windows\system32\DRVSTORE\lvPRO3c_EBD8B36970624B36EC4B2E9FAD935C09C1905985\lvselsus.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\LVUSBSta.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPEPIs_BEDF1D0D384C3E45EEFD59175629D468A3C4EA26\LVUSBSta.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 12080 c:\windows\system32\DRVSTORE\lvPEPIs_BEDF1D0D384C3E45EEFD59175629D468A3C4EA26\lv302af.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\LVUSBSta.sys
+ 2010-02-23 04:40 . 2009-04-30 22:55 13976 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lv302af.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvPEPI2s_2F938607353CB8795D6BF908842E33C42DC6F8C1\LVUSBSta.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 12080 c:\windows\system32\DRVSTORE\lvPEPI2s_2F938607353CB8795D6BF908842E33C42DC6F8C1\lv302af.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 38960 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\LVUSBSta.sys
+ 2006-05-03 18:39 . 2004-08-10 20:00 31616 c:\windows\system32\drivers\usbccgp.sys
+ 2006-09-29 06:02 . 2008-04-13 19:45 60032 c:\windows\system32\drivers\USBAUDIO.sys
- 2006-09-29 06:02 . 2008-04-13 18:45 60032 c:\windows\system32\drivers\usbaudio.sys
+ 2009-10-07 07:46 . 2009-10-07 07:46 25752 c:\windows\system32\drivers\LVPr2Mon.sys
+ 2006-09-29 06:02 . 2009-04-30 22:55 13976 c:\windows\system32\drivers\lv302af.sys
+ 2009-10-07 07:23 . 2009-10-07 07:23 13584 c:\windows\system32\drivers\iKeyLFT2.dll
+ 2004-08-04 07:08 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
- 2004-08-04 07:08 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2006-05-03 18:39 . 2004-08-10 20:00 31616 c:\windows\system32\dllcache\usbccgp.sys
+ 2006-09-29 06:02 . 2008-04-13 19:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2004-08-04 07:08 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
- 2006-05-03 18:39 . 2010-02-09 21:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-05-03 18:39 . 2010-02-21 23:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-05-03 18:39 . 2010-02-21 23:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-05-03 18:39 . 2010-02-09 21:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-05-03 18:39 . 2010-02-21 23:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-05-03 18:39 . 2010-02-09 21:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-23 04:39 . 2010-02-23 04:39 57344 c:\windows\Installer\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe
+ 2010-02-23 04:39 . 2010-02-23 04:39 57344 c:\windows\Installer\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}\QuickCamDesktopSho_C0678C37AA5341A4BE4781BAF94DE0CC.exe
+ 2010-02-23 04:39 . 2010-02-23 04:39 57344 c:\windows\Installer\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}\ARPPRODUCTICON.exe
+ 2010-02-23 04:41 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ksuser.dll
+ 2006-09-29 06:02 . 2009-10-07 08:50 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2010-01-21 07:31 . 2010-02-22 21:57 220245 c:\windows\system32\winsys\wdc.dll
+ 2010-02-23 04:41 . 2006-06-22 22:29 116272 c:\windows\system32\ReinstallBackups\0016\DriverFiles\lvcoinst.dll
+ 2010-02-23 04:41 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\portcls.sys
+ 2010-02-23 04:41 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ks.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 116272 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcoinst.dll
+ 2006-09-29 06:02 . 2009-10-07 08:48 539160 c:\windows\system32\LVUI2RC.dll
+ 2006-09-29 06:02 . 2009-10-07 08:48 539160 c:\windows\system32\LVUI2.dll
+ 2006-09-29 06:02 . 2009-10-07 08:43 416280 c:\windows\system32\LVCodec2.dll
+ 2004-08-10 20:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2004-08-10 20:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2005-01-16 04:18 . 2010-02-13 00:28 208896 c:\windows\system32\FNTCACHE.DAT
- 2005-01-16 04:18 . 2009-11-11 09:20 208896 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-23 04:41 . 2009-10-07 08:39 460048 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\WUApp32.exe
+ 2010-02-23 04:41 . 2009-10-07 08:50 145944 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\lvWIAext.dll
+ 2010-02-23 04:41 . 2009-10-07 08:48 539160 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\LVUI2RC.dll
+ 2010-02-23 04:41 . 2009-10-07 08:48 539160 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\LVUI2.dll
+ 2010-02-23 04:41 . 2009-10-07 08:43 199192 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\lvcoinst.dll
+ 2010-02-23 04:41 . 2009-10-07 08:43 416280 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\lvcodec2.dll
+ 2010-02-23 04:41 . 2009-10-07 08:39 460048 c:\windows\system32\DRVSTORE\lvPRO5s_685A41B6169139C58E86748F017A52894085C5B9\WUApp32.exe
+ 2010-02-23 04:41 . 2009-10-07 08:47 266008 c:\windows\system32\DRVSTORE\lvPRO5s_685A41B6169139C58E86748F017A52894085C5B9\lvrs.sys
+ 2010-02-23 04:41 . 2009-10-07 08:46 114712 c:\windows\system32\DRVSTORE\lvPRO5s_685A41B6169139C58E86748F017A52894085C5B9\lvpopflt.sys
+ 2010-02-23 04:41 . 2009-10-07 08:43 199192 c:\windows\system32\DRVSTORE\lvPRO5s_685A41B6169139C58E86748F017A52894085C5B9\lvcoinst.dll
+ 2010-02-23 04:40 . 2003-02-21 12:42 348160 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\msvcr71.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 165424 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\lvWIAext.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 961072 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\lvuvc.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 513584 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\LVUI2RC.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 210480 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\LVUI2.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\lvcoinst.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 263728 c:\windows\system32\DRVSTORE\lvPRO3v_15FEC8ECAA6BEA68C0FC21612FEADDD44A4973BD\lvcodec2.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPRO3s_A41D20BE5232AC177D63A3FCE8A82EE24FFCD132\lvcoinst.dll
+ 2010-02-23 04:39 . 2003-02-21 12:42 348160 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\msvcr71.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 165424 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\lvWIAext.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 513584 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\LVUI2RC.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 210480 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\LVUI2.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\lvcoinst.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 263728 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\lvcodec2.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 720176 c:\windows\system32\DRVSTORE\lvPEPIv_053AB85E8EDC6770E7327C4FAE29D94C6EEBBBE4\LV302AV.sys
+ 2010-02-23 04:39 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPEPIs_BEDF1D0D384C3E45EEFD59175629D468A3C4EA26\lvcoinst.dll
+ 2010-02-23 04:41 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\WUApp32.exe
+ 2010-02-23 04:41 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvWIAext.dll
+ 2010-02-23 04:41 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2RC.dll
+ 2010-02-23 04:41 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2.dll
+ 2010-02-23 04:41 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcoinst.dll
+ 2010-02-23 04:41 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcodec2.dll
+ 2010-02-23 04:40 . 2003-02-21 12:42 348160 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\msvcr71.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 165424 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\lvWIAext.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 513584 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\LVUI2RC.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 210480 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\LVUI2.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\lvcoinst.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 263728 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\lvcodec2.dll
+ 2010-02-23 04:40 . 2006-06-22 22:29 720176 c:\windows\system32\DRVSTORE\lvPEPI2v_20BBFD1F81847956C50719939EE273AFB2E8F26B\LV302AV.sys
+ 2010-02-23 04:40 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\WUApp32.exe
+ 2010-02-23 04:40 . 2009-04-30 23:01 265496 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvrs.sys
+ 2010-02-23 04:40 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvcoinst.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvPEPI2s_2F938607353CB8795D6BF908842E33C42DC6F8C1\lvcoinst.dll
+ 2010-02-23 04:40 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\WUApp32.exe
+ 2010-02-23 04:40 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvWIAext.dll
+ 2010-02-23 04:40 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2RC.dll
+ 2010-02-23 04:40 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2.dll
+ 2010-02-23 04:40 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcoinst.dll
+ 2010-02-23 04:40 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcodec2.dll
+ 2010-02-23 04:40 . 2009-04-30 22:56 495768 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LV561AV.sys
+ 2010-02-23 04:39 . 2003-02-21 12:42 348160 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\msvcr71.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 165424 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\lvWIAext.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 513584 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\LVUI2RC.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 210480 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\LVUI2.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 116272 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\lvcoinst.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 263728 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\lvcodec2.dll
+ 2010-02-23 04:39 . 2006-06-22 22:29 293808 c:\windows\system32\DRVSTORE\lvELCHv_05CA596C158CFA2995C80B235E3F8A61DFCA8DCF\LV561AV.sys
- 2004-08-04 07:15 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-04 07:15 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-04 07:15 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-02-23 14:59 . 2010-02-23 14:59 796672 c:\windows\Installer\244da22.msi
+ 2010-02-23 15:08 . 2010-02-23 15:08 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2010-02-23 19:56 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-23 19:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-23 19:56 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-23 20:08 . 2010-02-23 20:08 221184 c:\windows\ERDNT\AutoBackup\2-23-2010\Users\00000002\UsrClass.dat
+ 2010-02-23 20:08 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-23-2010\ERDNT.EXE
+ 2010-02-22 22:02 . 2010-02-22 22:02 221184 c:\windows\ERDNT\AutoBackup\2-22-2010\Users\00000002\UsrClass.dat
+ 2010-02-22 22:02 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-22-2010\ERDNT.EXE
+ 2010-02-21 23:55 . 2010-02-21 23:55 221184 c:\windows\ERDNT\AutoBackup\2-21-2010\Users\00000002\UsrClass.dat
+ 2010-02-21 23:55 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-21-2010\ERDNT.EXE
+ 2010-02-20 18:26 . 2010-02-20 18:26 221184 c:\windows\ERDNT\AutoBackup\2-20-2010\Users\00000002\UsrClass.dat
+ 2010-02-20 18:26 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-20-2010\ERDNT.EXE
+ 2010-02-17 18:52 . 2010-02-17 18:52 221184 c:\windows\ERDNT\AutoBackup\2-17-2010\Users\00000002\UsrClass.dat
+ 2010-02-17 18:52 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-17-2010\ERDNT.EXE
+ 2010-02-15 13:12 . 2010-02-15 13:12 221184 c:\windows\ERDNT\AutoBackup\2-15-2010\Users\00000002\UsrClass.dat
+ 2010-02-15 13:12 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-15-2010\ERDNT.EXE
+ 2010-02-15 02:52 . 2010-02-15 02:52 221184 c:\windows\ERDNT\AutoBackup\2-14-2010\Users\00000002\UsrClass.dat
+ 2010-02-15 02:52 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-14-2010\ERDNT.EXE
+ 2010-02-13 00:16 . 2010-02-13 00:16 221184 c:\windows\ERDNT\AutoBackup\2-12-2010\Users\00000002\UsrClass.dat
+ 2010-02-13 00:16 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-12-2010\ERDNT.EXE
+ 2010-02-13 00:10 . 2010-02-13 00:10 221184 c:\windows\ERDNT\2-12-2010\Users\00000002\UsrClass.dat
+ 2010-02-13 00:10 . 2005-10-20 18:02 163328 c:\windows\ERDNT\2-12-2010\ERDNT.EXE
+ 2010-02-23 04:41 . 2009-10-07 08:49 6756632 c:\windows\system32\DRVSTORE\lvPRO5v_5467CD171F985A574DB705B8BED940A9D2008D31\lvuvc.sys
+ 2010-02-23 04:40 . 2006-06-22 22:29 1413424 c:\windows\system32\DRVSTORE\lvPRO3s_A41D20BE5232AC177D63A3FCE8A82EE24FFCD132\lvpopflt.sys
+ 2010-02-23 04:41 . 2009-04-30 22:55 2687512 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LV302V32.SYS
+ 2010-02-23 04:39 . 2010-02-23 04:39 5183488 c:\windows\Installer\aaa59.msi
+ 2010-02-23 15:08 . 2010-02-23 15:08 4449280 c:\windows\Installer\244e451.msi
+ 2010-02-23 15:02 . 2010-02-23 15:02 9473024 c:\windows\Installer\244dcb5.msi
+ 2010-02-23 20:08 . 2010-02-23 20:08 7380992 c:\windows\ERDNT\AutoBackup\2-23-2010\Users\00000001\NTUSER.DAT
+ 2010-02-22 22:02 . 2010-02-22 22:02 7380992 c:\windows\ERDNT\AutoBackup\2-22-2010\Users\00000001\NTUSER.DAT
+ 2010-02-21 23:55 . 2010-02-21 23:55 7380992 c:\windows\ERDNT\AutoBackup\2-21-2010\Users\00000001\NTUSER.DAT
+ 2010-02-20 18:26 . 2010-02-20 18:26 7380992 c:\windows\ERDNT\AutoBackup\2-20-2010\Users\00000001\NTUSER.DAT
+ 2010-02-17 18:52 . 2010-02-17 18:52 7380992 c:\windows\ERDNT\AutoBackup\2-17-2010\Users\00000001\NTUSER.DAT
+ 2010-02-15 13:12 . 2010-02-15 13:12 7380992 c:\windows\ERDNT\AutoBackup\2-15-2010\Users\00000001\NTUSER.DAT
+ 2010-02-15 02:52 . 2010-02-15 02:52 7380992 c:\windows\ERDNT\AutoBackup\2-14-2010\Users\00000001\NTUSER.DAT
+ 2010-02-13 00:16 . 2010-02-13 00:16 7380992 c:\windows\ERDNT\AutoBackup\2-12-2010\Users\00000001\NTUSER.DAT
+ 2010-02-13 00:10 . 2010-02-13 00:10 7380992 c:\windows\ERDNT\2-12-2010\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 17:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 67128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-03 1667584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2005-12-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-11-11 6373376]

c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-11 67128]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= opera.exe
"2"= firefox.exe
"3"= chrome.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1146683963\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-11-11 01:43 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-25 23:43 1217808 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ADVService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe"=
"c:\\Program Files\\BitPim\\bitpim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Documents and Settings\\Jarrett Lowrey\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58636:TCP"= 58636:TCP:Pando Media Booster
"58636:UDP"= 58636:UDP:Pando Media Booster

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/25/2010 5:00 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/25/2010 5:00 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [1/25/2010 4:59 AM 68064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:15 PM 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [1/25/2010 4:59 AM 107104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 4:06 AM 21632]
S2 gupdate1c9b292cbf256d2;Google Update Service (gupdate1c9b292cbf256d2);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 12:26 AM 133104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [1/25/2010 4:59 AM 56000]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [1/25/2010 4:59 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [1/25/2010 4:59 AM 25184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASNDIS5
*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 09:31]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 17:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Visit in 3D
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 22:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3752651221-2062959184-26027061-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Erogos\~0{0_0~0*0J0W0ƒ0v0Š0è}-*SOšHr-*]
"Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\charter security suite\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll

- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
.
Completion time: 2010-02-23 22:06:54
ComboFix-quarantined-files.txt 2010-02-24 04:06
ComboFix2.txt 2010-02-09 22:09
ComboFix3.txt 2010-02-09 21:06

Pre-Run: 35,077,976,064 bytes free
Post-Run: 35,032,723,456 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 55D72DF3A70783D79A2D44AF0912FD01

Malwarebytes' Anti-Malware 1.44
Database version: 3782
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/23/2010 10:12:46 PM
mbam-log-2010-02-23 (22-12-46).txt

Scan type: Quick Scan
Objects scanned: 130418
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Kid_Venom
Regular Member
 
Posts: 21
Joined: February 3rd, 2010, 11:39 am
Top
Advertisement
Register to Remove

Re: Need serious help with Malware problem!

Unread postby melboy » February 24th, 2010, 9:15 am

Looks better.

How is the computer running?

Did you set this yourself?

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= opera.exe
"2"= firefox.exe
"3"= chrome.exe
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Need serious help with Malware problem!

Unread postby Kid_Venom » February 24th, 2010, 2:17 pm

No I did not, hmmmm.... i wonder if my anti-virus did? I have clue.. All i know is whatever was there is gone now, and thank you so much for helping me... I thought my computer was going to be infrected forever :(
Kid_Venom
Regular Member
 
Posts: 21
Joined: February 3rd, 2010, 11:39 am
Top

Re: Need serious help with Malware problem!

Unread postby melboy » February 24th, 2010, 2:58 pm

Hi Kid_Venom

We're nearly done. Are things running ok?


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Registry:: 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


After combofix has finished and rebooted:


Update Adobe Acrobat Reader
Your Adobe Acrobat Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall Adobe Reader 9.1 via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.




Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Need serious help with Malware problem!

Unread postby Kid_Venom » February 24th, 2010, 3:44 pm

Here you go mate :D

ComboFix 10-02-24.01 - Jarrett Lowrey 02/24/2010 13:22:43.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.549 [GMT -6:00]
Running from: c:\documents and settings\Jarrett Lowrey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jarrett Lowrey\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-23 15:02 . 2010-02-23 15:02 -------- d-----w- c:\program files\QuickTime
2010-02-23 14:58 . 2010-02-23 14:58 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Leadertech
2010-02-23 04:41 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2010-02-23 04:40 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-02-23 04:40 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-02-23 04:38 . 2010-02-23 04:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-02-23 04:38 . 2010-02-23 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-23 04:02 . 2010-02-23 04:02 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Trillian
2010-02-23 04:02 . 2010-02-24 19:16 -------- d-----w- c:\program files\Trillian
2010-02-17 19:08 . 2010-02-17 19:08 -------- d-----w- c:\program files\ESET
2010-02-13 00:14 . 2010-02-13 00:14 -------- d-----w- C:\_OTM
2010-02-13 00:08 . 2010-02-13 00:08 -------- d-----w- c:\program files\ERUNT
2010-02-07 12:08 . 2010-02-08 21:39 -------- d-----w- C:\rsit
2010-02-07 12:06 . 2010-02-07 12:06 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 19:27 . 2008-11-07 02:33 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\DNA
2010-02-24 19:16 . 2009-04-01 06:26 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Skype
2010-02-24 18:27 . 2009-04-01 06:27 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\skypePM
2010-02-24 18:07 . 2008-11-07 02:33 -------- d-----w- c:\program files\DNA
2010-02-24 01:56 . 2008-10-05 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-23 15:36 . 2006-09-19 17:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVU
2010-02-23 15:35 . 2006-10-19 03:31 -------- d-----w- c:\program files\ImvuTools
2010-02-23 15:08 . 2008-10-07 17:02 -------- d-----w- c:\program files\iTunes
2010-02-23 15:07 . 2006-05-30 02:02 -------- d-----w- c:\program files\iPod
2010-02-23 15:07 . 2007-07-04 17:51 -------- d-----w- c:\program files\Common Files\Apple
2010-02-23 04:40 . 2006-09-29 05:58 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-23 04:38 . 2006-09-29 05:57 -------- d-----w- c:\program files\Logitech
2010-02-17 19:15 . 2007-11-09 21:27 -------- d-----w- c:\program files\Winamp Remote
2010-02-13 08:52 . 2006-06-14 19:46 52704 ----a-w- c:\documents and settings\Jarrett Lowrey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 23:21 . 2010-01-25 08:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 23:18 . 2010-01-25 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-09 21:02 . 2006-05-04 08:45 -------- d-----w- c:\program files\Google
2010-02-07 12:02 . 2006-05-04 08:48 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\BitTorrent
2010-02-07 12:02 . 2006-11-30 01:17 -------- d-----w- c:\program files\BitTorrent
2010-01-25 11:21 . 2010-01-25 10:59 -------- d-----w- c:\program files\Charter Security Suite
2010-01-25 11:11 . 2010-01-25 11:00 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-25 11:00 . 2010-01-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-01-25 10:58 . 2010-01-25 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-01-25 05:33 . 2010-01-25 05:33 -------- d-----w- c:\program files\TrendMicro
2010-01-24 17:59 . 2010-01-09 00:27 120 ----a-w- c:\windows\Trekowuwuqecuzo.dat
2010-01-24 06:31 . 2010-01-09 00:27 0 ----a-w- c:\windows\Mkefa.bin
2010-01-21 07:38 . 2009-11-10 02:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 21:13 . 2009-11-28 22:28 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Azureus
2010-01-15 06:41 . 2010-01-15 06:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Vivox
2010-01-15 06:40 . 2008-08-28 05:00 76774 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\Uninstall.exe
2010-01-15 06:40 . 2008-08-28 05:00 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient
2010-01-15 06:38 . 2008-08-28 20:22 24512552 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\installer\SetupImvu_update.exe
2010-01-14 06:02 . 2010-01-14 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-14 06:02 . 2010-01-14 06:01 -------- d-----w- c:\program files\AIM7
2010-01-14 06:01 . 2010-01-14 06:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-13 19:23 . 2010-01-13 19:23 92192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUupdater.exe
2010-01-13 19:23 . 2010-01-13 19:23 52992 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUClient.exe
2010-01-13 19:23 . 2010-01-13 19:23 21760 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-01-13 19:20 . 2010-01-13 19:20 121856 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\WriteMiniDump.exe
2010-01-13 19:18 . 2010-01-13 19:18 1251328 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\SceneWindow.dll
2010-01-13 19:18 . 2010-01-13 19:18 45568 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 54784 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 16896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\MemoryHook.dll
2010-01-13 19:17 . 2010-01-13 19:17 320000 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\cal3d.dll
2010-01-13 19:16 . 2010-01-13 19:16 198656 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\boost_python.dll
2010-01-13 19:16 . 2010-01-13 19:16 29184 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\CallStack.dll
2010-01-13 19:16 . 2010-01-13 19:16 260096 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\audiere.dll
2010-01-07 23:48 . 2008-09-07 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:48 . 2008-09-08 15:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-09-07 21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-09-07 21:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 22:32 . 2010-01-06 22:32 7491728 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\1VivoxVoice.exe
2010-01-06 22:32 . 2010-01-06 22:32 353424 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\npvivoxvoiceplugin.dll
2010-01-04 16:56 . 2010-01-04 16:56 83456 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\smime3.dll
2010-01-04 16:56 . 2010-01-04 16:56 66560 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nssutil3.dll
2010-01-04 16:56 . 2010-01-04 16:56 154112 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nspr4.dll
2010-01-04 16:56 . 2010-01-04 16:56 12288 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\AccessibleMarshal.dll
2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2005-07-03 02:11 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 18:05 . 2009-12-17 18:05 4924048 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxsdk.dll
2009-12-17 18:05 . 2009-12-17 18:05 330896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libsndfile-1.dll
2009-12-17 18:05 . 2009-12-17 18:05 275088 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxoal.dll
2009-12-17 18:05 . 2009-12-17 18:05 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ortp.dll
2009-12-17 18:05 . 2009-12-17 18:05 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\dbghelp.dll
2009-12-16 18:43 . 2004-08-10 20:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-02 00:59 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-02 00:34 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-01-19 04:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 23:58 . 2009-12-01 23:58 7490192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
2009-12-01 23:58 . 2009-12-01 23:58 5005968 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxsdk.dll
2009-12-01 23:58 . 2009-12-01 23:58 345744 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxvoiceplugin.dll
2009-12-01 23:58 . 2009-12-01 23:58 329872 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libsndfile-1.dll
2009-12-01 23:58 . 2009-12-01 23:58 283280 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxoal.dll
2009-12-01 23:58 . 2009-12-01 23:58 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ortp.dll
2009-12-01 23:58 . 2009-12-01 23:58 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ssleay32.dll
2009-12-01 23:58 . 2009-12-01 23:58 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\DbgHelp.dll
2009-12-01 23:58 . 2009-12-01 23:58 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ssleay32.dll
2009-11-28 04:37 . 2010-02-04 12:10 177702 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-11-27 17:11 . 2005-06-29 01:55 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-10 20:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-10 20:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 20:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-10 20:00 11264 ----a-w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-24_04.04.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 07:33 . 2010-02-24 07:33 184320 c:\windows\ERDNT\AutoBackup\2-24-2010\Users\00000002\UsrClass.dat
+ 2010-02-24 07:33 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-24-2010\ERDNT.EXE
+ 2010-02-24 07:33 . 2010-02-24 07:33 6918144 c:\windows\ERDNT\AutoBackup\2-24-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 17:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 67128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-03 1667584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2005-12-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-11-11 6373376]

c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-11 67128]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1146683963\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-11-11 01:43 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 04:31 1217872 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ADVService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe"=
"c:\\Program Files\\BitPim\\bitpim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Documents and Settings\\Jarrett Lowrey\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58636:TCP"= 58636:TCP:Pando Media Booster
"58636:UDP"= 58636:UDP:Pando Media Booster

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/25/2010 5:00 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/25/2010 5:00 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [1/25/2010 4:59 AM 68064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:15 PM 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [1/25/2010 4:59 AM 107104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 4:06 AM 21632]
S2 gupdate1c9b292cbf256d2;Google Update Service (gupdate1c9b292cbf256d2);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 12:26 AM 133104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [1/25/2010 4:59 AM 56000]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [1/25/2010 4:59 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [1/25/2010 4:59 AM 25184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 09:31]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 17:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Visit in 3D
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 13:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3752651221-2062959184-26027061-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Erogos\~0{0_0~0*0J0W0ƒ0v0Š0è}-*SOšHr-*]
"Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\charter security suite\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
.
Completion time: 2010-02-24 13:36:33
ComboFix-quarantined-files.txt 2010-02-24 19:36
ComboFix2.txt 2010-02-24 04:06
ComboFix3.txt 2010-02-09 22:09
ComboFix4.txt 2010-02-09 21:06

Pre-Run: 34,848,518,144 bytes free
Post-Run: 35,023,101,952 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EE79105716D86A424B2FFAAD148B1E6B
Kid_Venom
Regular Member
 
Posts: 21
Joined: February 3rd, 2010, 11:39 am
Top

Re: Need serious help with Malware problem!

Unread postby melboy » February 24th, 2010, 3:59 pm

Sorry, I meant to include these in the last script.

How are things running?


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
c:\windows\Trekowuwuqecuzo.dat
c:\windows\Mkefa.bin

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Need serious help with Malware problem!

Unread postby Kid_Venom » February 24th, 2010, 4:32 pm

Here you go again, do you think everything is in the clear now?

ComboFix 10-02-24.01 - Jarrett Lowrey 02/24/2010 14:17:17.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.544 [GMT -6:00]
Running from: c:\documents and settings\Jarrett Lowrey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jarrett Lowrey\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\windows\Mkefa.bin"
"c:\windows\Trekowuwuqecuzo.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Mkefa.bin
c:\windows\Trekowuwuqecuzo.dat

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 20:00 . 2010-02-24 20:00 -------- d-----w- c:\program files\Common Files\Java
2010-02-24 20:00 . 2010-02-24 20:00 348160 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-604c6c8d-n\msvcr71.dll
2010-02-24 20:00 . 2010-02-24 20:00 503808 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-604c6c8d-n\msvcp71.dll
2010-02-24 20:00 . 2010-02-24 20:00 499712 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-604c6c8d-n\jmc.dll
2010-02-24 20:00 . 2010-02-24 20:00 61440 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72b4a7a0-n\decora-sse.dll
2010-02-24 20:00 . 2010-02-24 20:00 12800 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72b4a7a0-n\decora-d3d.dll
2010-02-24 20:00 . 2010-02-24 19:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-23 15:02 . 2010-02-23 15:02 -------- d-----w- c:\program files\QuickTime
2010-02-23 14:58 . 2010-02-23 14:58 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Leadertech
2010-02-23 04:41 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2010-02-23 04:40 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-02-23 04:40 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-02-23 04:38 . 2010-02-23 04:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-02-23 04:38 . 2010-02-23 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-23 04:02 . 2010-02-23 04:02 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Trillian
2010-02-23 04:02 . 2010-02-24 20:12 -------- d-----w- c:\program files\Trillian
2010-02-17 19:08 . 2010-02-17 19:08 -------- d-----w- c:\program files\ESET
2010-02-13 00:14 . 2010-02-13 00:14 -------- d-----w- C:\_OTM
2010-02-13 00:08 . 2010-02-13 00:08 -------- d-----w- c:\program files\ERUNT
2010-02-07 12:08 . 2010-02-08 21:39 -------- d-----w- C:\rsit
2010-02-07 12:06 . 2010-02-07 12:06 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 20:23 . 2008-11-07 02:33 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\DNA
2010-02-24 20:12 . 2009-04-01 06:26 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Skype
2010-02-24 20:03 . 2008-11-07 02:33 -------- d-----w- c:\program files\DNA
2010-02-24 19:59 . 2006-05-03 18:48 -------- d-----w- c:\program files\Java
2010-02-24 19:58 . 2009-06-15 18:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 18:27 . 2009-04-01 06:27 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\skypePM
2010-02-24 01:56 . 2008-10-05 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-23 15:36 . 2006-09-19 17:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVU
2010-02-23 15:35 . 2006-10-19 03:31 -------- d-----w- c:\program files\ImvuTools
2010-02-23 15:08 . 2008-10-07 17:02 -------- d-----w- c:\program files\iTunes
2010-02-23 15:07 . 2006-05-30 02:02 -------- d-----w- c:\program files\iPod
2010-02-23 15:07 . 2007-07-04 17:51 -------- d-----w- c:\program files\Common Files\Apple
2010-02-23 04:40 . 2006-09-29 05:58 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-23 04:38 . 2006-09-29 05:57 -------- d-----w- c:\program files\Logitech
2010-02-17 19:15 . 2007-11-09 21:27 -------- d-----w- c:\program files\Winamp Remote
2010-02-13 08:52 . 2006-06-14 19:46 52704 ----a-w- c:\documents and settings\Jarrett Lowrey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 23:21 . 2010-01-25 08:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 23:18 . 2010-01-25 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-09 21:02 . 2006-05-04 08:45 -------- d-----w- c:\program files\Google
2010-02-07 12:02 . 2006-05-04 08:48 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\BitTorrent
2010-02-07 12:02 . 2006-11-30 01:17 -------- d-----w- c:\program files\BitTorrent
2010-01-25 11:21 . 2010-01-25 10:59 -------- d-----w- c:\program files\Charter Security Suite
2010-01-25 11:11 . 2010-01-25 11:00 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-25 11:00 . 2010-01-24 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-01-25 10:58 . 2010-01-25 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-01-25 05:33 . 2010-01-25 05:33 -------- d-----w- c:\program files\TrendMicro
2010-01-21 07:38 . 2009-11-10 02:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 21:13 . 2009-11-28 22:28 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Azureus
2010-01-15 06:41 . 2010-01-15 06:41 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\Vivox
2010-01-15 06:40 . 2008-08-28 05:00 76774 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\Uninstall.exe
2010-01-15 06:40 . 2008-08-28 05:00 -------- d-----w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient
2010-01-15 06:38 . 2008-08-28 20:22 24512552 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\installer\SetupImvu_update.exe
2010-01-14 06:02 . 2010-01-14 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-14 06:02 . 2010-01-14 06:01 -------- d-----w- c:\program files\AIM7
2010-01-14 06:01 . 2010-01-14 06:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-13 19:23 . 2010-01-13 19:23 92192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUupdater.exe
2010-01-13 19:23 . 2010-01-13 19:23 52992 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUClient.exe
2010-01-13 19:23 . 2010-01-13 19:23 21760 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\IMVUQualityAgent.exe
2010-01-13 19:20 . 2010-01-13 19:20 121856 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\WriteMiniDump.exe
2010-01-13 19:18 . 2010-01-13 19:18 1251328 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\SceneWindow.dll
2010-01-13 19:18 . 2010-01-13 19:18 45568 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 54784 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2010-01-13 19:18 . 2010-01-13 19:18 16896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\MemoryHook.dll
2010-01-13 19:17 . 2010-01-13 19:17 320000 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\cal3d.dll
2010-01-13 19:16 . 2010-01-13 19:16 198656 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\boost_python.dll
2010-01-13 19:16 . 2010-01-13 19:16 29184 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\CallStack.dll
2010-01-13 19:16 . 2010-01-13 19:16 260096 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\audiere.dll
2010-01-07 23:48 . 2008-09-07 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:48 . 2008-09-08 15:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-09-07 21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-09-07 21:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 22:32 . 2010-01-06 22:32 7491728 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\1VivoxVoice.exe
2010-01-06 22:32 . 2010-01-06 22:32 353424 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\npvivoxvoiceplugin.dll
2010-01-04 16:56 . 2010-01-04 16:56 83456 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\smime3.dll
2010-01-04 16:56 . 2010-01-04 16:56 66560 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nssutil3.dll
2010-01-04 16:56 . 2010-01-04 16:56 154112 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\nspr4.dll
2010-01-04 16:56 . 2010-01-04 16:56 12288 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\AccessibleMarshal.dll
2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2005-07-03 02:11 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 18:05 . 2009-12-17 18:05 4924048 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxsdk.dll
2009-12-17 18:05 . 2009-12-17 18:05 330896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libsndfile-1.dll
2009-12-17 18:05 . 2009-12-17 18:05 275088 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\vivoxoal.dll
2009-12-17 18:05 . 2009-12-17 18:05 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ortp.dll
2009-12-17 18:05 . 2009-12-17 18:05 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\dbghelp.dll
2009-12-16 18:43 . 2004-08-10 20:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2005-03-02 00:59 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2005-03-02 00:34 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-01-19 04:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 23:58 . 2009-12-01 23:58 7490192 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
2009-12-01 23:58 . 2009-12-01 23:58 5005968 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxsdk.dll
2009-12-01 23:58 . 2009-12-01 23:58 345744 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\npvivoxvoiceplugin.dll
2009-12-01 23:58 . 2009-12-01 23:58 329872 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libsndfile-1.dll
2009-12-01 23:58 . 2009-12-01 23:58 283280 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\vivoxoal.dll
2009-12-01 23:58 . 2009-12-01 23:58 246416 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ortp.dll
2009-12-01 23:58 . 2009-12-01 23:58 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\ssleay32.dll
2009-12-01 23:58 . 2009-12-01 23:58 1034896 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\DbgHelp.dll
2009-12-01 23:58 . 2009-12-01 23:58 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ui\plugins\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 1006080 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\libeay32.dll
2009-12-01 02:38 . 2009-12-01 02:38 184832 ----a-w- c:\documents and settings\Jarrett Lowrey\Application Data\IMVUClient\ssleay32.dll
2009-11-28 04:37 . 2010-02-04 12:10 177702 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-11-27 17:11 . 2005-06-29 01:55 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-10 20:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 20:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-10 20:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-10 20:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-10 20:00 11264 ----a-w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-24_04.04.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 20:02 . 2010-02-24 20:02 16384 c:\windows\temp\Perflib_Perfdata_29c.dat
+ 2010-02-24 20:00 . 2010-02-24 19:59 153376 c:\windows\system32\javaws.exe
+ 2010-02-24 20:00 . 2010-02-24 19:59 145184 c:\windows\system32\javaw.exe
+ 2010-02-24 20:00 . 2010-02-24 19:59 145184 c:\windows\system32\java.exe
+ 2010-02-24 20:00 . 2010-02-24 20:00 178176 c:\windows\Installer\75cca.msi
+ 2010-02-24 19:59 . 2010-02-24 19:59 577536 c:\windows\Installer\75cc4.msi
+ 2010-02-24 07:33 . 2010-02-24 07:33 184320 c:\windows\ERDNT\AutoBackup\2-24-2010\Users\00000002\UsrClass.dat
+ 2010-02-24 07:33 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\2-24-2010\ERDNT.EXE
+ 2010-02-24 19:58 . 2010-02-24 19:58 3940352 c:\windows\Installer\75cc0.msi
+ 2010-02-24 07:33 . 2010-02-24 07:33 6918144 c:\windows\ERDNT\AutoBackup\2-24-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 17:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 67128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-17 323392]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-03 1667584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2005-12-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-11-11 6373376]

c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-11 67128]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1146683963\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-11-11 01:43 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 04:31 1217872 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ADVService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146683963\\ee\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Fox\\Aliens versus Predator\\avp.exe"=
"c:\\Program Files\\BitPim\\bitpim.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\kid_venom@sbcglobal.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Roger Wilco\\roger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Documents and Settings\\Jarrett Lowrey\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58636:TCP"= 58636:TCP:Pando Media Booster
"58636:UDP"= 58636:UDP:Pando Media Booster

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/25/2010 5:00 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/25/2010 5:00 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [1/25/2010 4:59 AM 68064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:15 PM 24652]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [1/25/2010 4:59 AM 107104]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 4:06 AM 21632]
S2 gupdate1c9b292cbf256d2;Google Update Service (gupdate1c9b292cbf256d2);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 12:26 AM 133104]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [1/25/2010 4:59 AM 56000]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [1/25/2010 4:59 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [1/25/2010 4:59 AM 25184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 09:31]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 06:26]

2010-02-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 17:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Visit in 3D
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jarrett Lowrey\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3752651221-2062959184-26027061-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Erogos\~0{0_0~0*0J0W0ƒ0v0Š0è}-*SOšHr-*]
"Order"=hex:08,00,00,00,02,00,00,00,1c,01,00,00,01,00,00,00,02,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\charter security suite\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
Completion time: 2010-02-24 14:29:09
ComboFix-quarantined-files.txt 2010-02-24 20:29
ComboFix2.txt 2010-02-24 19:36
ComboFix3.txt 2010-02-24 04:06
ComboFix4.txt 2010-02-09 22:09
ComboFix5.txt 2010-02-24 20:16

Pre-Run: 34,934,837,248 bytes free
Post-Run: 34,912,100,352 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 517048004D7DDABD6ED1F6049071B695
Kid_Venom
Regular Member
 
Posts: 21
Joined: February 3rd, 2010, 11:39 am
Top

Re: Need serious help with Malware problem!

Unread postby melboy » February 24th, 2010, 6:09 pm

do you think everything is in the clear now?

From the logs you provided, and what you said about the scan I had you run finding nothing - you're as clean as I can tell.

If you're having further problems , let me know.

Bear in mind the infections you had, and what I told you in this post

For more reading on rootkits and IRC bots with backdoor functionality, see here:
http://www.pandasecurity.com/enterprise ... ootkit/#e2
http://www.microsoft.com/security/porta ... 2%2fIRCBot



Uninstall Combofix
We Need to Remove ComboFix
  1. Please go to Start -> Run
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.



OTM

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


======================================================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Need serious help with Malware problem!

Unread postby Kid_Venom » February 24th, 2010, 6:44 pm

Thank you very much for all of your help, its been almost a month that i had this problem and you really helped out a lot! I really thought i was going to have to do a system restore and lose everything. So really, thank you very much!

I will tell people I know about this site if they have any malware problems, you guys are such a big help :)

Thank you so much again!

- Jarrett
Kid_Venom
Regular Member
 
Posts: 21
Joined: February 3rd, 2010, 11:39 am
Top

Re: Need serious help with Malware problem!

Unread postby melboy » February 24th, 2010, 6:50 pm

You're welcome. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Need serious help with Malware problem!

Unread postby Dakeyras » February 24th, 2010, 7:17 pm

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index