Jump to content

having problems with instructions


snowysdad

Recommended Posts

hi

first of all i am fairly computer illiterate so please bear with me i cant even get through the steps in the instructions '

malwarebytes wont run (wich is why i am here )

i ran the full scan with avira and it says 0 infections found

next i do not know which software to disable for the emulation software ? i checked the task manager and there is nothing titled emulation software to disable ?

here is my origional post (posted in the wrong area ) sorry

i had some type of malware and went to another forum for it help after many different program runs and logs we are at a dead end i can run super spyware .otl . hijack this but cannot run malwarebytes i tried the m bam fix posted here and even tried the cleaning tool but i still get the 440 error and vbalsgrid 6 ocx failed to load (373 )error

i dont know if it is a dns issue ? one of the trojan warnings was dr zlob but i am pretty sure it is gone ? the computer seems fine but just can not run malware bytes

can someone please help me despite my not being able to complete the steps ?

Link to post
Share on other sites

hello and thank you

i think i am just dealing with a permission issue as i have tried m bam fix and have downloaded the visual basic control (i think thats the name )

ok any way here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:09:49 PM, on 9/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1230249116\ee\AOLSoftware.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1230249116\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230133906203

O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O24 - Desktop Component 0: (no name) - http://www.mindspring.com/~sallyheber/2009...days-hobB-3.jpg

--

End of file - 8924 bytes

Link to post
Share on other sites

Lets try something different.

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before we can do anything we must first end the processes that belong to Red Cross Antivirus so that it does not interfere with the cleaning procedure. To do this, download the following file to your desktop.

Please download rkill

Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Red Cross Antivirus and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Red Cross Antivirus when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Red Cross Antivirus . So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Do not reboot your computer after running rkill as the malware programs will start again.

Now try a MBAM scan.

Link to post
Share on other sites

hi again

ok downloaded and the started r kill but it ran about 10 seconds and shut down ( did one of the renamed versions also)

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Compaq_Owner on 09/13/2010 at 13:43:45.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IFCXV567\rkill[1].com

Rkill completed on 09/13/2010 at 13:43:50.

Link to post
Share on other sites

Lets try a different scanner then.

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 10-09-13.01 - Compaq_Owner 09/13/2010 19:41:28.9.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.156 [GMT -4:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))

.

2010-09-12 01:54 . 2010-09-12 01:55 -------- d-----w- c:\windows\msdownld.tmp

2010-09-10 00:58 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-10 00:58 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-09 23:45 . 2010-09-09 23:45 -------- d-----w- c:\program files\CCleaner

2010-09-09 23:26 . 2010-09-09 23:26 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-07 03:59 . 2010-09-07 04:00 -------- d-----w- C:\confuse30091c

2010-09-07 01:15 . 2010-09-07 01:15 -------- d-----w- C:\confuse

2010-09-06 16:41 . 2010-09-06 16:41 63488 ----a-w- c:\documents and settings\Administrator.COURTNEYSROOM.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-06 16:41 . 2010-09-06 16:41 52224 ----a-w- c:\documents and settings\Administrator.COURTNEYSROOM.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-06 16:41 . 2010-09-06 16:41 117760 ----a-w- c:\documents and settings\Administrator.COURTNEYSROOM.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-06 16:40 . 2010-09-06 16:40 -------- d-----w- c:\documents and settings\Administrator.COURTNEYSROOM.000\Application Data\SUPERAntiSpyware.com

2010-09-06 02:05 . 2010-04-20 14:22 161104 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\paq1dsxb.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll

2010-09-05 21:04 . 2010-09-05 21:04 63488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-05 21:04 . 2010-09-05 21:04 52224 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-05 21:04 . 2010-09-05 21:04 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-05 21:03 . 2010-09-05 21:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com

2010-09-05 21:03 . 2010-09-05 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-05 21:03 . 2010-09-05 21:03 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-05 14:57 . 2010-09-11 01:04 -------- d-----w- c:\windows\system32\NtmsData

2010-09-05 14:48 . 2010-09-05 14:48 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira

2010-09-05 14:45 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-05 14:45 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-09-05 14:45 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-05 14:45 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-09-05 14:45 . 2010-09-05 14:45 -------- d-----w- c:\program files\Avira

2010-09-05 14:45 . 2010-09-05 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-05 01:23 . 2010-09-13 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-04 23:01 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-09-04 23:01 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-09-04 23:01 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-09-04 23:01 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-09-04 23:01 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-09-04 23:00 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2010-09-04 23:00 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-09-04 23:00 . 2004-08-04 02:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-09-04 23:00 . 2008-04-13 17:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-09-04 23:00 . 2004-08-04 02:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-09-04 23:00 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-09-04 22:59 . 2008-04-13 17:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-09-04 22:59 . 2004-08-04 02:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-09-04 22:59 . 2001-08-17 16:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-09-04 22:58 . 2001-08-17 17:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys

2010-09-04 22:58 . 2001-08-18 02:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-09-04 22:58 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2010-09-04 22:58 . 2001-08-17 17:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys

2010-09-04 22:58 . 2004-08-04 02:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2010-09-04 22:58 . 2008-04-13 17:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys

2010-09-04 22:58 . 2001-08-17 16:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys

2010-09-04 22:58 . 2004-08-04 02:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys

2010-09-04 22:58 . 2004-08-04 02:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys

2010-09-04 22:57 . 2004-08-04 02:29 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys

2010-09-04 22:57 . 2004-08-04 02:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys

2010-09-04 22:57 . 2004-08-04 02:29 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys

2010-09-04 22:57 . 2004-08-04 02:29 12415 ----a-w- c:\windows\system32\dllcache\wadv01nt.sys

2010-09-04 22:57 . 2001-08-17 16:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys

2010-09-04 22:57 . 2001-08-17 16:13 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys

2010-09-04 22:57 . 2001-08-17 16:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys

2010-09-04 22:57 . 2001-08-17 17:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2010-09-04 22:57 . 2001-08-17 17:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-09-04 22:56 . 2001-08-17 17:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys

2010-09-04 22:56 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2010-09-04 22:56 . 2001-08-17 17:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys

2010-09-04 22:56 . 2008-04-13 23:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-09-04 22:55 . 2001-08-17 17:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-09-04 22:54 . 2001-08-17 17:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys

2010-09-04 22:53 . 2001-08-17 17:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys

2010-09-04 22:53 . 2001-08-17 17:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys

2010-09-04 22:53 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-09-04 22:53 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-09-04 22:52 . 2001-08-17 17:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys

2010-09-04 22:52 . 2001-08-17 17:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys

2010-09-04 22:52 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2010-09-04 22:52 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-09-04 22:52 . 2004-08-04 02:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys

2010-09-04 22:52 . 2001-08-18 02:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-09-04 22:52 . 2001-08-18 02:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll

2010-09-04 22:52 . 2001-08-18 02:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll

2010-09-04 22:52 . 2001-08-18 02:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll

2010-09-04 22:52 . 2001-08-18 02:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll

2010-09-04 22:51 . 2001-08-17 17:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys

2010-09-04 22:51 . 2001-08-18 02:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-09-04 22:51 . 2001-08-18 02:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-09-04 22:51 . 2001-08-18 02:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll

2010-09-04 22:51 . 2001-08-18 02:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll

2010-09-04 22:51 . 2001-08-17 17:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys

2010-09-04 22:51 . 2001-08-17 17:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys

2010-09-04 22:51 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-09-04 22:51 . 2001-08-18 02:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll

2010-09-04 22:51 . 2001-08-17 16:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-09-04 22:49 . 2001-08-17 18:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-09-04 22:49 . 2008-04-13 17:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys

2010-09-04 22:49 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-09-04 22:49 . 2001-08-17 16:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-09-04 22:49 . 2001-08-17 17:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-09-04 22:49 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys

2010-09-04 22:49 . 2001-08-17 16:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-09-04 22:49 . 2001-08-17 18:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll

2010-09-04 22:48 . 2001-08-17 18:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys

2010-09-04 22:48 . 2001-08-17 18:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys

2010-09-04 22:48 . 2001-08-17 18:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys

2010-09-04 22:48 . 2001-08-17 18:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys

2010-09-04 22:48 . 2001-08-18 02:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll

2010-09-04 22:48 . 2001-08-17 17:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys

2010-09-04 22:48 . 2001-08-17 18:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-09-04 22:48 . 2001-08-18 02:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-09-04 22:48 . 2001-08-18 02:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-09-04 22:48 . 2001-08-18 02:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-09-04 22:48 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-09-04 22:47 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys

2010-09-04 22:47 . 2001-08-18 02:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-09-04 22:47 . 2001-08-18 02:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-09-04 22:47 . 2001-08-17 16:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys

2010-09-04 22:47 . 2001-08-17 17:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys

2010-09-04 22:47 . 2001-08-17 16:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-09-04 22:47 . 2001-08-18 02:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll

2010-09-04 22:47 . 2001-08-18 02:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-09-04 22:47 . 2001-08-17 17:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys

2010-09-04 22:47 . 2001-08-18 02:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll

2010-09-04 22:46 . 2001-08-17 18:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys

2010-09-04 22:46 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-09-04 22:46 . 2001-08-17 16:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys

2010-09-04 22:46 . 2001-08-18 02:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll

2010-09-04 22:46 . 2001-08-17 16:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys

2010-09-04 22:46 . 2001-08-17 17:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys

2010-09-04 22:46 . 2008-04-13 17:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 23:35 . 2008-12-22 18:09 78072 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-13 23:19 . 2010-09-13 23:19 6144 ----a-w- c:\windows\~DFB699.tmp

2010-09-13 22:58 . 2010-09-13 22:58 6144 ----a-w- c:\windows\~DF43AC.tmp

2010-09-10 22:59 . 2010-09-10 22:59 6144 ----a-w- c:\windows\~DF7C14.tmp

2010-09-10 00:58 . 2008-12-23 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-09 00:30 . 2008-12-23 19:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes

2010-09-08 22:47 . 2010-09-08 22:47 6144 ----a-w- c:\windows\~DFBBCB.tmp

2010-09-04 21:59 . 2008-12-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-04 02:44 . 2006-06-17 05:06 -------- d-----w- c:\program files\Common Files\Java

2010-09-04 02:20 . 2006-06-17 05:06 -------- d-----w- c:\program files\Java

2010-09-01 03:48 . 2010-03-14 19:30 -------- d-----w- c:\program files\Application Updater

2010-09-01 00:28 . 2010-04-17 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-30 23:16 . 2010-08-30 23:16 162 ----a-w- c:\documents and settings\Administrator.COURTNEYSROOM.000\Application Data\wklnhst.dat

2010-08-27 22:55 . 2009-01-01 23:55 10430 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat

2010-08-27 22:20 . 2010-08-27 22:20 -------- d-----w- c:\documents and settings\Administrator.COURTNEYSROOM\Application Data\Viewpoint

2010-08-27 22:19 . 2009-02-26 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2010-08-27 22:19 . 2006-06-17 05:27 -------- d-----w- c:\program files\HP Games

2010-08-27 22:18 . 2010-03-04 12:27 -------- d-----w- c:\program files\Garmin GPS Plugin

2010-08-27 22:10 . 2009-11-26 01:30 -------- d-----w- c:\program files\Common Files\Akamai

2010-08-27 22:08 . 2009-05-03 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-26 02:43 . 2009-11-03 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii

2010-08-25 16:00 . 2010-03-19 21:32 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Search Settings

2010-08-25 02:45 . 2006-06-17 05:45 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-08-18 16:50 . 2008-11-10 16:24 -------- d-----w- c:\program files\Blubster

2010-08-16 02:57 . 2008-11-09 13:29 -------- d-----w- c:\program files\Nancy Drew

2010-08-11 04:39 . 2010-08-11 04:39 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b258b72-n\msvcp71.dll

2010-08-11 04:39 . 2010-08-11 04:39 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b258b72-n\jmc.dll

2010-08-11 04:39 . 2010-08-11 04:39 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4105b228-n\decora-d3d.dll

2010-08-11 04:39 . 2010-08-11 04:39 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4105b228-n\decora-sse.dll

2010-08-11 04:39 . 2010-08-11 04:39 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7b258b72-n\msvcr71.dll

2010-08-10 22:09 . 2010-08-06 06:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\WildTangent(2)

2010-08-10 22:08 . 2010-08-07 01:35 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2010-08-07 07:32 . 2010-08-07 01:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SoftGrid Client

2010-08-05 06:02 . 2010-08-05 06:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Artifex Mundi

2010-08-01 04:56 . 2010-08-01 04:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Boolat Games

2010-07-30 05:53 . 2009-04-15 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-07-30 05:53 . 2009-03-05 15:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PlayFirst

2010-07-27 06:06 . 2009-05-12 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo

2010-07-24 06:46 . 2010-07-22 06:28 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Enlightenus_iWin

2010-07-17 09:00 . 2010-05-05 20:29 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-17 00:50 . 2008-11-06 22:36 -------- d-----w- c:\program files\Viewpoint

2010-07-17 00:50 . 2008-11-06 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-06-30 12:31 . 2008-12-22 18:33 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-12-22 18:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-12-22 18:33 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-12-22 18:33 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-12-22 18:34 80384 ----a-w- c:\windows\system32\iccvid.dll

2007-03-27 21:13 . 2007-03-27 21:13 15052856 -c--a-w- c:\program files\Word12_UpToSpeed_final_ZA10205099.wmv

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HostManager"="c:\program files\Common Files\AOL\1230249116\ee\AOLSoftware.exe" [2009-07-20 41264]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Administrator.COURTNEYSROOM\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-17 27136]

c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-17 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-17 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2008-11-08 21:18 342336 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 13:11 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2006-02-16 05:34 249856 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-01-25 02:15 7311360 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-01-25 02:15 1519616 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2005-07-23 05:14 237568 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2006-03-08 11:54 16010240 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"NVSvc"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"AOL TopSpeedMonitor"=2 (0x2)

"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\AOL 9.5\\waol.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/5/2010 10:45 AM 135336]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/22/2008 2:33 PM 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 9:38 PM 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{4C224901-74F3-4B9A-ACF7-21DFFA1188AB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{D9D5C556-3AD4-4C82-80C4-51CB5F825CF8}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: windowsupdate.com\download

DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\paq1dsxb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tbff50-chromesbox-en-us&tb_uuid=20100906020516255&tb_oid=25-12-2008&tb_mrud=06-09-2010

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?ncid=toolbar

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tbff50-ab-en-us&tb_uuid=20100906020516255&tb_oid=25-12-2008&tb_mrud=06-09-2010&query=

FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\paq1dsxb.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll

FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: protocol-handler.warn-external.dnUpdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 19:52

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2508)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-13 19:58:00

ComboFix-quarantined-files.txt 2010-09-13 23:57

Pre-Run: 114,724,077,568 bytes free

Post-Run: 114,689,978,368 bytes free

- - End Of File - - F2D505F1D812AAC76A393C6BAD894641

Link to post
Share on other sites

omg it worked you rock thank you so much

ok here is the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/13/2010 10:17:17 PM

mbam-log-2010-09-13 (22-17-17).txt

Scan type: Quick scan

Objects scanned: 173329

Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Compaq_Owner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.