Jump to content

Rootkit.TDSS, Infected Please Help !!

Bannor

By Bannor
in Resolved Malware Removal Logs

 Share

Recommended Posts

Bannor

Bannor

Posted
Posted

Hello,

Trojan.FakeAlert and Rootkit.TDSS detected and deleted but return after restart. Please examine my files below and recommend further cleaning. I appreciate any help that you can provide.

---------------------------------------------------MBAM:-----------------------------------------------------------

Malwarebytes' Anti-Malware 1.42

Database version: 3432

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/26/2009 11:05:38 AM

mbam-log-2009-12-26 (11-05-38).txt

Scan type: Quick Scan

Objects scanned: 123291

Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

\\?\globalroot\systemroot\system32\H8SRTasdqvqlqmw.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

\\?\globalroot\systemroot\system32\H8SRTasdqvqlqmw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

----------------------------------------------------DDS:------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 13:47:19.95 on Sat 12/26/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.171 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINNT\system32\svchost.exe -k netsvcs

C:\WINNT\system32\svchost.exe -k WudfServiceGroup

C:\WINNT\system32\Ati2evxx.exe

svchost.exe

C:\WINNT\Explorer.EXE

svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\PhatNoise Music Manager\PNAgent.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINNT\system32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\WINNT\system32\CTHELPER.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\SUPERAntiSpyware\14a1b323-ff88-40d8-a5ab-783edce39256.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\SimpleCenter\SimpleCenter.exe

C:\WINNT\System32\drivers\CDAC11BA.EXE

C:\WINNT\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\System32\NMSSvc.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINNT\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\WINNT\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.com

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Internet Explorer\Iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = localhost

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: {53967AF2-5E42-009D-1240-3A3D9B847C2C} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\14a1b323-ff88-40d8-a5ab-783edce39256.exe

mRun: [PNAgent] "c:\program files\phatnoise music manager\PNAgent.exe"

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PinnacleDriverCheck] c:\winnt\system32\PSDrvCheck.exe -CheckReg

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe

mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

mRun: [GWMDMMSG] GWMDMMSG.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\simple~1.lnk - c:\program files\simplecenter\SimpleCenter.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093151541265

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab

DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB

DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxps://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37878.6325231481

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\winnt\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\i0dbt51m.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\i0dbt51m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\winnt\system32\drivers\hotcore3.sys [2009-11-12 40368]

R0 IFP900;iriver Internet Audio Player IFP-900;c:\winnt\system32\drivers\Ifp900.sys [2005-11-5 14531]

R0 ssfs0bbc;ssfs0bbc;c:\winnt\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdguard.sys [2009-12-22 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [2009-12-22 25160]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-22 723632]

R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [2003-1-3 6736]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-8 1251720]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [2009-12-24 19160]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

S2 gupdate1ca37d71e145228;Google Update Service (gupdate1ca37d71e145228);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-24 276816]

S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\qctest\pcdoc\pcdrdrv.sys --> c:\atf\qctest\pcdoc\PCDRDRV.sys [?]

S3 RmAx;RMAXUSB;c:\winnt\system32\drivers\RmAx.sys [2005-10-14 40502]

=============== Created Last 30 ================

2010-01-01 14:41:28 0 d-sh--w- c:\documents and settings\owner\IECompatCache

2009-12-26 20:23:50 202 ----a-w- c:\winnt\system32\srcr.dat

2009-12-26 19:46:32 0 ----a-w- c:\documents and settings\owner\defogger_reenable

2009-12-26 19:08:12 3208131 ----a-w- c:\winnt\{00000002-00000000-00000001-00001102-00000004-00581102}.BAK

2009-12-25 05:05:28 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2009-12-25 05:05:24 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2009-12-25 05:05:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 11:58:50 130 ----a-w- c:\winnt\cfplogvw.INI

2009-12-23 03:13:17 272 ----a-w- c:\winnt\system32\drivers\sfi.dat

2009-12-23 03:07:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2009-12-23 03:07:38 25160 ----a-w- c:\winnt\system32\drivers\cmdhlp.sys

2009-12-23 03:07:38 171552 ----a-w- c:\winnt\system32\guard32.dll

2009-12-23 03:07:38 133064 ----a-w- c:\winnt\system32\drivers\cmdguard.sys

2009-12-23 03:07:33 0 d-----w- c:\program files\COMODO

2009-12-23 03:03:09 120 ----a-w- c:\winnt\CIS_Setup_3.13.121240.574_XP_Vista_x32[1].INI

2009-12-22 06:43:47 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2009-12-22 06:12:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-12-22 06:06:01 0 d-----w- c:\program files\SUPERAntiSpyware

2009-12-22 06:06:01 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com

2009-12-22 06:05:14 0 d-----w- c:\program files\common files\Wise Installation Wizard

2009-12-22 05:20:10 1563008 ----a-w- c:\winnt\WRSetup.dll

2009-12-22 05:20:10 0 d-----w- c:\docume~1\owner\applic~1\Webroot

2009-12-22 05:20:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot

2009-12-22 05:18:04 164 ----a-w- c:\winnt\install.dat

2009-12-22 03:26:06 0 d-----w- c:\winnt\E80F62FF5D3C4A1984099721F2928206.TMP

2009-12-21 03:23:23 0 d-----w- c:\docume~1\owner\applic~1\AVG8

2009-12-20 17:47:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-18 23:23:00 674 ----a-w- c:\winnt\system32\krl32mainweq.dll

==================== Find3M ====================

2009-12-22 03:15:20 2560 ----a-w- c:\winnt\_MSRSTRT.EXE

2009-11-21 15:51:04 471552 ----a-w- c:\winnt\system32\dllcache\aclayers.dll

2009-11-08 13:55:45 93360 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys

2009-11-06 19:00:36 23152 ----a-w- c:\winnt\system32\drivers\sshrmd.sys

2009-11-06 19:00:36 176752 ----a-w- c:\winnt\system32\drivers\ssidrv.sys

2009-11-06 19:00:34 29808 ----a-w- c:\winnt\system32\drivers\ssfs0bbc.sys

2009-10-28 14:40:47 173056 ----a-w- c:\winnt\system32\dllcache\ie4uinit.exe

2009-10-21 05:38:36 75776 ----a-w- c:\winnt\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\winnt\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\winnt\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\winnt\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\winnt\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\winnt\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\winnt\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\winnt\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\winnt\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\winnt\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\winnt\system32\dllcache\raschap.dll

2009-09-30 04:11:41 87048 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

1998-08-24 19:09:10 10000 ----a-w- c:\winnt\inf\unregpn.exe

2004-06-08 23:44:32 2814 --sha-w- c:\winnt\lgjoi.dat

2004-06-11 18:47:33 0 -csha-w- c:\winnt\nchfg.dll

2004-11-27 02:03:47 0 -csha-w- c:\winnt\system32\tjzdm.dll

2008-05-10 05:33:46 32768 --sha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat

============= FINISH: 13:48:13.64 ===============

Attach.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hello and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
Bannor

Bannor

Posted
  • Author
Posted

Thanks very much for the help. Here are the ComboFix and HijackThis log files.

I did not realize that there was some remnant of Norton that I had previously uninstalled. I have since run the Norton Cleanup Utility. Should I run ComboFix again?

--------------------------------------------------------------COMBOFIX---------------------------------------------------------------------

ComboFix 09-12-22.09 - Owner 12/26/2009 16:33:48.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.189 [GMT -7:00]

Running from: c:\documents and settings\Owner\Desktop\2ComboFix.exe

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\NPROTECT

c:\recycler\NPROTECT\00022068.

c:\winnt\desktop

c:\winnt\jestertb.dll

c:\winnt\system32\addah32.dll

c:\winnt\system32\addav.dll

c:\winnt\system32\addck32.dll

c:\winnt\system32\addei.dll

c:\winnt\system32\addel32.dll

c:\winnt\system32\addeq32.dll

c:\winnt\system32\addfv32.dll

c:\winnt\system32\addiq32.dll

c:\winnt\system32\addkn.dll

c:\winnt\system32\addlf32.dll

c:\winnt\system32\addll32.dll

c:\winnt\system32\addmk.dll

c:\winnt\system32\addng.dll

c:\winnt\system32\addrd32.dll

c:\winnt\system32\addsi.dll

c:\winnt\system32\addwc32.dll

c:\winnt\system32\addyf.dll

c:\winnt\system32\addyf32.dll

c:\winnt\system32\addyt32.dll

c:\winnt\system32\addyv.dll

c:\winnt\system32\apifl32.dll

c:\winnt\system32\apihb.dll

c:\winnt\system32\apiho32.dll

c:\winnt\system32\apije32.dll

c:\winnt\system32\apikk32.dll

c:\winnt\system32\apikw32.dll

c:\winnt\system32\apilg32.dll

c:\winnt\system32\apilu.dll

c:\winnt\system32\apinq32.dll

c:\winnt\system32\apiou32.dll

c:\winnt\system32\apipw32.dll

c:\winnt\system32\apipz.dll

c:\winnt\system32\apiqj32.dll

c:\winnt\system32\apiro32.dll

c:\winnt\system32\apisj32.dll

c:\winnt\system32\apiun32.dll

c:\winnt\system32\apiwe32.dll

c:\winnt\system32\apiwk32.dll

c:\winnt\system32\apixc32.dll

c:\winnt\system32\apixm32.dll

c:\winnt\system32\apixn.dll

c:\winnt\system32\apixy.dll

c:\winnt\system32\apiyk.dll

c:\winnt\system32\appaz.dll

c:\winnt\system32\appee.dll

c:\winnt\system32\appfd.dll

c:\winnt\system32\appgp32.dll

c:\winnt\system32\appiq.dll

c:\winnt\system32\apple.dll

c:\winnt\system32\applw.dll

c:\winnt\system32\appmi32.dll

c:\winnt\system32\appmo.dll

c:\winnt\system32\appne32.dll

c:\winnt\system32\appof32.dll

c:\winnt\system32\appqh32.dll

c:\winnt\system32\appql.dll

c:\winnt\system32\appto32.dll

c:\winnt\system32\appua.dll

c:\winnt\system32\appvc32.dll

c:\winnt\system32\appwh32.dll

c:\winnt\system32\appxx32.dll

c:\winnt\system32\appyg32.dll

c:\winnt\system32\appym32.dll

c:\winnt\system32\appyn.dll

c:\winnt\system32\atlen32.dll

c:\winnt\system32\atlhf32.dll

c:\winnt\system32\atlhg32.dll

c:\winnt\system32\atliu32.dll

c:\winnt\system32\atlju.dll

c:\winnt\system32\atllv.dll

c:\winnt\system32\atlmi32.dll

c:\winnt\system32\atlmv32.dll

c:\winnt\system32\atlmw.dll

c:\winnt\system32\atlns.dll

c:\winnt\system32\atlpr32.dll

c:\winnt\system32\atlrq32.dll

c:\winnt\system32\atlsf.dll

c:\winnt\system32\atlso.dll

c:\winnt\system32\atlvw32.dll

c:\winnt\system32\atlyp.dll

c:\winnt\system32\atlzt32.dll

c:\winnt\system32\clrviddc.dll

c:\winnt\system32\craa32.dll

c:\winnt\system32\craw32.dll

c:\winnt\system32\crch.dll

c:\winnt\system32\crfq32.dll

c:\winnt\system32\crgv.dll

c:\winnt\system32\crhb32.dll

c:\winnt\system32\crhz.dll

c:\winnt\system32\crlv.dll

c:\winnt\system32\crmm.dll

c:\winnt\system32\crno32.dll

c:\winnt\system32\crog32.dll

c:\winnt\system32\crpg32.dll

c:\winnt\system32\crph32.dll

c:\winnt\system32\crqr.dll

c:\winnt\system32\crrh32.dll

c:\winnt\system32\crrs.dll

c:\winnt\system32\crse.dll

c:\winnt\system32\crtl32.dll

c:\winnt\system32\crvb32.dll

c:\winnt\system32\crvr32.dll

c:\winnt\system32\crvu.dll

c:\winnt\system32\crxo.dll

c:\winnt\system32\crzf.dll

c:\winnt\system32\d3aw32.dll

c:\winnt\system32\d3ci32.dll

c:\winnt\system32\d3cz.dll

c:\winnt\system32\d3dm.dll

c:\winnt\system32\d3ea32.dll

c:\winnt\system32\d3eo32.dll

c:\winnt\system32\d3ic.dll

c:\winnt\system32\d3if32.dll

c:\winnt\system32\d3kw32.dll

c:\winnt\system32\d3ld.dll

c:\winnt\system32\d3ls32.dll

c:\winnt\system32\d3mk32.dll

c:\winnt\system32\d3no32.dll

c:\winnt\system32\d3nw.dll

c:\winnt\system32\d3oc.dll

c:\winnt\system32\d3oe.dll

c:\winnt\system32\d3of.dll

c:\winnt\system32\d3oq.dll

c:\winnt\system32\d3pc.dll

c:\winnt\system32\d3qh.dll

c:\winnt\system32\d3rm.dll

c:\winnt\system32\d3rp32.dll

c:\winnt\system32\d3ru.dll

c:\winnt\system32\Data

c:\winnt\system32\drivers\H8SRTvsaosoyxyl.sys

c:\winnt\system32\H8SRTasdqvqlqmw.dll

c:\winnt\system32\H8SRTkyondipwwk.dll

c:\winnt\system32\H8SRTqqvrookmej.dat

c:\winnt\system32\ieaf.dll

c:\winnt\system32\ieap.dll

c:\winnt\system32\iedn.dll

c:\winnt\system32\iegd.dll

c:\winnt\system32\iegr.dll

c:\winnt\system32\ieis.dll

c:\winnt\system32\iejb.dll

c:\winnt\system32\iejg32.dll

c:\winnt\system32\iekd32.dll

c:\winnt\system32\iekj32.dll

c:\winnt\system32\iekw32.dll

c:\winnt\system32\ielf32.dll

c:\winnt\system32\ieoc32.dll

c:\winnt\system32\iepa.dll

c:\winnt\system32\ieqn32.dll

c:\winnt\system32\iert.dll

c:\winnt\system32\iesb.dll

c:\winnt\system32\iesj32.dll

c:\winnt\system32\ipap.dll

c:\winnt\system32\ipat.dll

c:\winnt\system32\ipdq32.dll

c:\winnt\system32\ipdu.dll

c:\winnt\system32\ipeq32.dll

c:\winnt\system32\iplh32.dll

c:\winnt\system32\ipmp.dll

c:\winnt\system32\ippj.dll

c:\winnt\system32\ippm.dll

c:\winnt\system32\ipqx32.dll

c:\winnt\system32\iptc32.dll

c:\winnt\system32\ipuv32.dll

c:\winnt\system32\ipxz32.dll

c:\winnt\system32\ipyj32.dll

c:\winnt\system32\ipyn.dll

c:\winnt\system32\javaba.dll

c:\winnt\system32\javaco32.dll

c:\winnt\system32\javadb.dll

c:\winnt\system32\javadn32.dll

c:\winnt\system32\javaeo32.dll

c:\winnt\system32\javafe.dll

c:\winnt\system32\javaga32.dll

c:\winnt\system32\javajo32.dll

c:\winnt\system32\javakx32.dll

c:\winnt\system32\javanb32.dll

c:\winnt\system32\javaob.dll

c:\winnt\system32\javarl32.dll

c:\winnt\system32\javasw.dll

c:\winnt\system32\javava.dll

c:\winnt\system32\javaxc.dll

c:\winnt\system32\javayv32.dll

c:\winnt\system32\javazx32.dll

c:\winnt\system32\krl32mainweq.dll

c:\winnt\system32\mfcas.dll

c:\winnt\system32\mfcax32.dll

c:\winnt\system32\mfceq32.dll

c:\winnt\system32\mfchy.dll

c:\winnt\system32\mfcjb32.dll

c:\winnt\system32\mfcjw32.dll

c:\winnt\system32\mfclr32.dll

c:\winnt\system32\mfcpf32.dll

c:\winnt\system32\mfcpq.dll

c:\winnt\system32\mfcqh32.dll

c:\winnt\system32\mfcsf32.dll

c:\winnt\system32\mfctq.dll

c:\winnt\system32\mfcuq32.dll

c:\winnt\system32\mfcut.dll

c:\winnt\system32\mfcvo32.dll

c:\winnt\system32\mfcxl.dll

c:\winnt\system32\mfczo32.dll

c:\winnt\system32\msah32.dll

c:\winnt\system32\msaz.dll

c:\winnt\system32\msch.dll

c:\winnt\system32\msdu32.dll

c:\winnt\system32\mseb.dll

c:\winnt\system32\mseu32.dll

c:\winnt\system32\mshg32.dll

c:\winnt\system32\mshw32.dll

c:\winnt\system32\msre32.dll

c:\winnt\system32\mstq32.dll

c:\winnt\system32\mstu32.dll

c:\winnt\system32\msuw32.dll

c:\winnt\system32\msvw.dll

c:\winnt\system32\mszl32.dll

c:\winnt\system32\mszz.dll

c:\winnt\system32\netax.dll

c:\winnt\system32\netbx32.dll

c:\winnt\system32\netck.dll

c:\winnt\system32\netdb32.dll

c:\winnt\system32\netde32.dll

c:\winnt\system32\netdn32.dll

c:\winnt\system32\netel32.dll

c:\winnt\system32\nethc32.dll

c:\winnt\system32\nethg32.dll

c:\winnt\system32\netif32.dll

c:\winnt\system32\netjd32.dll

c:\winnt\system32\netlf.dll

c:\winnt\system32\netll.dll

c:\winnt\system32\netrw32.dll

c:\winnt\system32\netsp.dll

c:\winnt\system32\netww32.dll

c:\winnt\system32\netxt.dll

c:\winnt\system32\netyd32.dll

c:\winnt\system32\netyr32.dll

c:\winnt\system32\ntae.dll

c:\winnt\system32\ntal32.dll

c:\winnt\system32\ntbv.dll

c:\winnt\system32\ntcn32.dll

c:\winnt\system32\ntfp32.dll

c:\winnt\system32\ntme32.dll

c:\winnt\system32\ntms32.dll

c:\winnt\system32\ntnl.dll

c:\winnt\system32\ntqy32.dll

c:\winnt\system32\ntrj32.dll

c:\winnt\system32\ntrm32.dll

c:\winnt\system32\ntrn.dll

c:\winnt\system32\ntzq.dll

c:\winnt\system32\reboot.txt

c:\winnt\system32\sdkal32.dll

c:\winnt\system32\sdkbi.dll

c:\winnt\system32\sdkdr32.dll

c:\winnt\system32\sdkfe32.dll

c:\winnt\system32\sdkfo.dll

c:\winnt\system32\sdkhj.dll

c:\winnt\system32\sdkif.dll

c:\winnt\system32\sdkir32.dll

c:\winnt\system32\sdkit32.dll

c:\winnt\system32\sdkjj.dll

c:\winnt\system32\sdkkt32.dll

c:\winnt\system32\sdklt32.dll

c:\winnt\system32\sdknk32.dll

c:\winnt\system32\sdkpt32.dll

c:\winnt\system32\sdksa.dll

c:\winnt\system32\sdkti32.dll

c:\winnt\system32\sdktu.dll

c:\winnt\system32\sysaw.dll

c:\winnt\system32\syscq32.dll

c:\winnt\system32\sysct.dll

c:\winnt\system32\sysdd.dll

c:\winnt\system32\sysef32.dll

c:\winnt\system32\sysex.dll

c:\winnt\system32\sysfq.dll

c:\winnt\system32\sysft32.dll

c:\winnt\system32\sysgn32.dll

c:\winnt\system32\sysgr32.dll

c:\winnt\system32\syshg32.dll

c:\winnt\system32\syske.dll

c:\winnt\system32\sysli.dll

c:\winnt\system32\sysnc.dll

c:\winnt\system32\sysqh32.dll

c:\winnt\system32\syssf32.dll

c:\winnt\system32\sysxi32.dll

c:\winnt\system32\sysyi32.dll

c:\winnt\system32\tjzdm.dll

c:\winnt\system32\winab.dll

c:\winnt\system32\winak32.dll

c:\winnt\system32\winea32.dll

c:\winnt\system32\winej.dll

c:\winnt\system32\winew32.dll

c:\winnt\system32\winfi32.dll

c:\winnt\system32\winhk32.dll

c:\winnt\system32\winkx.dll

c:\winnt\system32\winln32.dll

c:\winnt\system32\winnj32.dll

c:\winnt\system32\winnk.dll

c:\winnt\system32\winop32.dll

c:\winnt\system32\winoq.dll

c:\winnt\system32\winps32.dll

c:\winnt\system32\winqf.dll

c:\winnt\system32\winwj32.dll

c:\winnt\system32\winxg.dll

c:\winnt\system32\winyx32.dll

c:\winnt\WinDV.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))

.

2010-01-01 14:41 . 2010-01-01 14:41 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2009-12-25 05:05 . 2009-12-03 23:14 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2009-12-25 05:05 . 2009-12-03 23:13 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2009-12-25 05:05 . 2009-12-25 05:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-24 19:03 . 2009-12-24 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-23 03:13 . 2009-12-23 03:13 272 ----a-w- c:\winnt\system32\drivers\sfi.dat

2009-12-23 03:07 . 2009-12-23 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2009-12-23 03:07 . 2009-12-23 03:07 87104 ----a-w- c:\winnt\system32\drivers\inspect.sys

2009-12-23 03:07 . 2009-12-23 03:07 25160 ----a-w- c:\winnt\system32\drivers\cmdhlp.sys

2009-12-23 03:07 . 2009-12-23 03:07 171552 ----a-w- c:\winnt\system32\guard32.dll

2009-12-23 03:07 . 2009-12-23 03:07 133064 ----a-w- c:\winnt\system32\drivers\cmdguard.sys

2009-12-23 03:07 . 2009-12-23 03:07 -------- d-----w- c:\program files\COMODO

2009-12-22 06:43 . 2009-12-25 05:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-12-22 06:12 . 2009-12-22 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-22 06:06 . 2009-12-24 19:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-22 06:06 . 2009-12-22 06:06 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2009-12-22 06:05 . 2009-12-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-22 05:20 . 2009-12-22 05:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot

2009-12-22 05:20 . 2009-12-22 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2009-12-22 05:20 . 2009-11-06 22:19 1563008 ----a-w- c:\winnt\WRSetup.dll

2009-12-22 05:18 . 2009-12-22 05:18 164 ----a-w- c:\winnt\install.dat

2009-12-22 03:26 . 2009-12-22 03:26 -------- d-----w- c:\winnt\E80F62FF5D3C4A1984099721F2928206.TMP

2009-12-21 03:23 . 2009-12-21 03:23 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8

2009-12-20 17:47 . 2009-12-25 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-19 22:10 . 2009-12-19 22:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2009-12-18 23:21 . 2009-12-18 23:21 -------- d-sh--w- c:\winnt\system32\config\systemprofile\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-26 23:47 . 2008-12-26 19:41 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll

2009-12-26 23:45 . 2003-01-04 01:14 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat

2009-12-26 23:45 . 2003-01-04 01:14 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat

2009-12-24 19:47 . 2009-12-22 06:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2009-12-24 19:47 . 2009-12-22 06:12 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-22 03:26 . 2003-01-04 01:13 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-22 03:26 . 2003-01-04 01:13 -------- d-----w- c:\program files\Symantec

2009-12-22 03:19 . 2009-11-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-22 03:15 . 2004-10-02 16:18 2560 ----a-w- c:\winnt\_MSRSTRT.EXE

2009-12-22 03:14 . 2003-01-04 01:08 -------- d-----w- c:\program files\Common Files\Real

2009-12-22 03:13 . 2003-01-04 01:08 -------- d-----w- c:\program files\Real

2009-12-22 03:10 . 2004-08-14 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-20 22:35 . 2009-01-24 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-13 00:13 . 2009-02-17 00:42 -------- d-----w- c:\program files\SimpleCenter

2009-12-07 20:36 . 2003-01-04 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-07 15:55 . 2009-10-01 03:36 664 ----a-w- c:\winnt\system32\d3d9caps.dat

2009-11-22 00:05 . 2009-11-22 00:03 -------- d-----w- c:\program files\Common Files\Adaptec Shared

2009-11-22 00:05 . 2009-11-22 00:05 -------- d-----w- c:\program files\Roxio

2009-11-21 15:51 . 1980-01-01 06:00 471552 ----a-w- c:\winnt\AppPatch\aclayers.dll

2009-11-14 07:11 . 2009-11-14 07:11 -------- d-----w- c:\program files\Windows Update Remover

2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software

2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\JAM Software

2009-11-14 04:59 . 2003-01-04 01:08 -------- d-----w- c:\program files\intel

2009-11-14 04:57 . 2003-01-04 01:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-14 04:53 . 2003-01-04 01:09 -------- d-----w- c:\program files\Gateway

2009-11-14 03:36 . 2009-09-27 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-11-13 04:12 . 2009-11-13 04:12 -------- d-----w- c:\program files\7tools

2009-11-08 14:12 . 2004-08-14 20:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Lavasoft

2009-11-08 13:55 . 2009-11-08 13:56 93360 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys

2009-11-08 13:24 . 2006-12-29 20:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Fisher-Price

2009-11-06 22:41 . 2009-11-06 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\redistpart

2009-11-06 22:40 . 2009-11-06 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\createonepart

2009-11-06 22:39 . 2009-11-06 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher

2009-11-06 22:39 . 2008-07-12 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Launcher

2009-11-06 22:21 . 2009-11-06 22:21 -------- d-----w- c:\program files\Paragon Software

2009-11-06 19:00 . 2009-11-06 19:00 23152 ----a-w- c:\winnt\system32\drivers\sshrmd.sys

2009-11-06 19:00 . 2009-11-06 19:00 176752 ----a-w- c:\winnt\system32\drivers\ssidrv.sys

2009-11-06 19:00 . 2009-11-06 19:00 29808 ----a-w- c:\winnt\system32\drivers\ssfs0bbc.sys

2009-10-29 07:45 . 2004-02-07 01:05 916480 ----a-w- c:\winnt\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\winnt\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\winnt\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\winnt\system32\drivers\http.sys

2009-10-13 10:30 . 1980-01-01 06:00 270336 ----a-w- c:\winnt\system32\oakley.dll

2009-10-12 13:38 . 1980-01-01 06:00 149504 ----a-w- c:\winnt\system32\rastls.dll

2009-10-12 13:38 . 1980-01-01 06:00 79872 ----a-w- c:\winnt\system32\raschap.dll

2004-06-08 23:44 . 2004-06-08 23:44 2814 --sha-w- c:\winnt\lgjoi.dat

2004-06-11 18:47 . 2004-06-11 18:47 0 -csha-w- c:\winnt\nchfg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\14a1b323-ff88-40d8-a5ab-783edce39256.exe" [2009-12-16 2002160]

"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PNAgent"="c:\program files\PhatNoise Music Manager\PNAgent.exe" [2003-09-24 40960]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-04 684032]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"PinnacleDriverCheck"="c:\winnt\system32\PSDrvCheck.exe" [2003-12-04 406016]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]

"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]

"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 66048]

"GWMDMMSG"="GWMDMMSG.exe" [2006-07-09 90112]

"CTHelper"="CTHELPER.EXE" [2002-07-02 24576]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-23 1800464]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-08-01 152952]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

SimpleCenter.lnk - c:\program files\SimpleCenter\SimpleCenter.exe [2009-2-16 319488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\winnt\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]

2007-03-13 01:30 517768 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\SimpleCenter\\SimpleCenter.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 hotcore3;hotcore3;c:\winnt\system32\drivers\hotcore3.sys [11/12/2009 9:13 PM 40368]

R0 IFP900;iriver Internet Audio Player IFP-900;c:\winnt\system32\drivers\Ifp900.sys [11/5/2005 9:36 AM 14531]

R0 ssfs0bbc;ssfs0bbc;c:\winnt\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdguard.sys [12/22/2009 8:07 PM 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [12/22/2009 8:07 PM 25160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/24/2009 10:05 PM 276816]

R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [1/3/2003 6:14 PM 6736]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [12/24/2009 10:05 PM 19160]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]

S2 gupdate1ca37d71e145228;Google Update Service (gupdate1ca37d71e145228);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]

S3 RmAx;RMAXUSB;c:\winnt\system32\drivers\RmAx.sys [10/14/2005 9:58 PM 40502]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSSVC

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB

DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0dbt51m.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i0dbt51m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Creative Driver - c:\winnt\System32\ctdrvins

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-26 16:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3211370943-1677599031-1952909355-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{02AF2B10-600C-1CEC-7B43-4915F42A38B4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iagjcdpebcplfchfpc"=hex:6b,61,6a,69,6e,6f,63,6e,6b,66,69,6c,67,62,6f,6e,6f,61,

6f,67,62,66,00,00

"haajmajnboflebgc"=hex:6a,61,67,69,69,6e,6e,6e,6e,6d,67,62,62,64,64,64,61,6a,

68,66,00,88

[HKEY_USERS\S-1-5-21-3211370943-1677599031-1952909355-1003\Software\SecuROM\License information*]

"datasecu"=hex:26,88,a0,0b,fd,a1,df,c7,c3,c5,9b,56,22,de,46,ee,3a,3c,66,42,90,

d6,aa,7e,33,20,af,eb,02,90,c7,34,b7,ff,1d,25,ba,34,44,36,85,30,57,bd,a9,3e,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\winnt\system32\WININET.dll

c:\winnt\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(224)

c:\winnt\system32\WININET.dll

c:\winnt\system32\ctagent.dll

c:\winnt\system32\ieframe.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\winnt\system32\Ati2evxx.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\winnt\system32\Ati2evxx.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\winnt\System32\drivers\CDAC11BA.EXE

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\winnt\System32\NMSSvc.exe

c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\winnt\system32\SK9910DM.EXE

c:\winnt\GWMDMMSG.exe

c:\winnt\system32\CTHELPER.EXE

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\winnt\System32\HPZipm12.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Completion time: 2009-12-26 17:03:22 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-27 00:03

Pre-Run: 22,477,705,216 bytes free

Post-Run: 22,514,610,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9

- - End Of File - - 0697957F0B8CCB708CA71897224256D6

-----------------------------------------------------------------HIJACKTHIS--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:30:14 PM, on 12/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\Program Files\PhatNoise Music Manager\PNAgent.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINNT\system32\SK9910DM.EXE

C:\WINNT\GWMDMMSG.exe

C:\WINNT\system32\CTHELPER.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\SUPERAntiSpyware\14a1b323-ff88-40d8-a5ab-783edce39256.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\SimpleCenter\SimpleCenter.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINNT\System32\drivers\CDAC11BA.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\System32\NMSSvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\WINNT\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\14a1b323-ff88-40d8-a5ab-783edce39256.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - S-1-5-18 Startup: SimpleCenter.lnk = C:\Program Files\SimpleCenter\SimpleCenter.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: SimpleCenter.lnk = C:\Program Files\SimpleCenter\SimpleCenter.exe (User 'Default user')

O4 - Startup: SimpleCenter.lnk = C:\Program Files\SimpleCenter\SimpleCenter.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab

O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093151541265

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322

O20 - AppInit_DLLs: C:\WINNT\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Update Service (gupdate1ca37d71e145228) (gupdate1ca37d71e145228) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: Remote Procedure Call (RPC) Helper (

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please be patient; every time you reply, you are pushed to the bottom of my 100 person queue, so it'll take subsequently longer for each time you reply.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=34606
Collect::
c:\winnt\lgjoi.dat
c:\winnt\nchfg.dll

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

-screen317

Link to post
Share on other sites
  • 4 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.