Jump to content

Recommended Posts

hi guys, i'm jordan, please take the time to read the following paragraphs before reading my logs

on the 27th or 28th, i believe that i may have been hacked. what happened was i was browsing on firefox, and avast was intercepting malware at a very high pace. i got a little suspicious, so i pulled up the task manager and the cpu usage was close to 100 i think, the commit charge was very high too. but heres where the weird stuff happens, various icons started to disappear on my desktop. so i freaked a little bit. i pulled up the start menu and i started to see programs disappear too! after that i highlighted all programs... and none of em were there. regardless, i freaked out so i pulled the plug on my router, and restarted the computer.

now when i restarted the computer, i logged back onto my name. i was met with a black desktop with no programs. my heart sank, cause i thought all my stuff had been wiped out. then all of a sudden, some program pops up. it was some fake windows xp recovery av thingamajig, so i didnt do anything with it. now i know i'm infected with something. my next move was a safe mode system restore. i'm not sure if it was the proper move or not. regardless of that matter, the computer successfully performed the system restore, and i restarted.

i logged onto to windows in normal mode, and was met with my usual desktop picture. but nothing else came up! i tried to open the task manager but i couldn't. this is where i think i may have messed up. after this, i restarted the computer and logged on in safe mode. i saw my desktop and some of my desktop files too. basically, windows worked after i logged onto safe mode this time. so, what i did now was went to my computer, and i found out that my documents became 'hidden...' which is weird, because i didnt do that. i unchecked the hidden mark and then did a malwarebytes scan which seemed to found nothing. after the scan i restarted the computer again, logged onto normal mode and everything seemed to work...

except, my txt files are gone. but they're still on my hard drive. i can pull up notepad and open any of my txts if i type in the name of them (and if i'm in their respective directories) but for some reason i can't 'handle' them, per se. after all of this i used hitman pro 3.5 and it removed alot of tracking cookies, but nothing really serious.

anyway, here's my logs. please take a look at them and let me know what's up! thanks guys.

also, my computer is a dell dimension 3000 on windows xp sp2, 1.25gb ram, intel pentium 4 ht

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:16:49 PM, on 5/29/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VideoGet_IE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

StartupList report, 5/29/2011, 11:20:28 PM

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\taskmgr.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

Trend Micro RUBotted V2.0 Beta = C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

Aim6 = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

UnHackMe Monitor = C:\Program Files\UnHackMe\hackmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

=

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]

=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll - {201f27d4-3704-41d6-89c1-aa35e39143ed}

Browser Defender BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

(no name) - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

SkypeIEPluginBHO - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}

JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

DriverCure.job

GoogleUpdateTaskMachineCore.job

GoogleUpdateTaskMachineUA.job

ParetoLogic Registration.job

ParetoLogic Registration3.job

ParetoLogic Update Version2.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

Protocol #1: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol #2: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol #3: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol #4: C:\PROGRA~1\SpeedBit Video Accelerator\sblsp.dll

Protocol #5: C:\PROGRA~1\SpeedBit Video Accelerator\sblsp.dll

Protocol #11: C:\PROGRA~1\SpeedBit Video Accelerator\sblsp.dll

Protocol #46: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

End of report, 7,415 bytes

Report generated in 0.047 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

5/28/2011 7:16:10 AM

mbam-log-2011-05-28 (07-16-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 219716

Time elapsed: 1 hour(s), 40 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

bumpage

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

.

DDS (Ver_2011-06-02.03) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20

Run by Owner at 18:40:53 on 2011-06-02

.

============== Running Processes ===============

.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\UnHackMe\hackmon.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [sansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VideoGet_IE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: c:\progra~1\speedbit video accelerator\sblsp.dll

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{27305AC6-75EE-436B-867F-36A29057A32D} : DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{629FAF31-BF81-488E-9357-CB907AAD71B4} : DhcpNameServer = 68.87.77.134 68.87.72.134

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\v5mwcasx.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\v5mwcasx.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? HTCAND32;HTC Device Driver

R? MBAMSwissArmy;MBAMSwissArmy

R? NDISKIO;NDISKIO

R? rk_remover-boot;rk_remover-boot

R? sdAuxService;PC Tools Auxiliary Service

R? sdCoreService;PC Tools Security Service

R? XPADFL02;XPAD Filter Service 02

S? aswFsBlk;aswFsBlk

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? avast! Mail Scanner;avast! Mail Scanner

S? avast! Web Scanner;avast! Web Scanner

S? Browser Defender Update Service;Browser Defender Update Service

S? IPN2120;Wireless-B PCI Adapter Driver

S? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1

S? libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1

S? NPF;NetGroup Packet Filter Driver

S? Partizan;Partizan

S? PCTAppEvent;PCTAppEvent Driver

S? PCTCore;PCTools KDS

S? pctgntdi;pctgntdi

S? PCToolsFirewallPlus;PC Tools Firewall Plus

S? pctplfw;pctplfw

S? RUBotSrv;Trend Micro RUBotted Service

S? VideoAcceleratorService;VideoAcceleratorService

S? Viewpoint Manager Service;Viewpoint Manager Service

.

=============== Created Last 30 ================

.

2011-06-02 20:38:55 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-29 09:57:07 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2011-05-29 09:50:49 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-05-29 09:50:49 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-05-29 09:50:45 2 --shatr- c:\windows\winstart.bat

2011-05-29 09:50:31 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2011-05-29 09:50:25 -------- d-----w- c:\program files\UnHackMe

2011-05-29 09:31:06 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-29 09:31:05 -------- d-----w- c:\program files\Trend Micro

2011-05-28 09:12:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-28 09:12:27 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-14 07:35:56 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-14 07:35:56 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-14 07:35:56 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-14 07:35:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-14 07:35:55 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-14 07:35:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-14 07:35:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-14 07:35:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-14 00:17:16 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-05-14 00:17:16 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-05-07 14:00:48 -------- d-----w- c:\program files\iPod

2011-05-07 14:00:26 -------- d-----w- c:\program files\iTunes

2011-05-07 14:00:26 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-29 09:37:49 17480 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 18:42:40.73 ===============

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6755

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/2/2011 6:24:37 PM

mbam-log-2011-06-02 (18-24-37).txt

Scan type: Quick scan

Objects scanned: 159716

Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Owner\local settings\Temp\tmpb26.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\7Z91234W\Out_![1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.

Link to post
Share on other sites

ComboFix 11-06-06.07 - Owner 06/08/2011 0:50.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.806 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Application Data\Desktopicon

c:\documents and settings\Owner\Application Data\Desktopicon\eBay.ico

c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe

c:\program files\Adobe\Photoshop.exe

c:\windows\system32\player.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-06-02 20:38 . 2011-06-02 20:39 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-29 09:57 . 2011-05-29 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2011-05-29 09:50 . 2011-05-29 09:50 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-05-29 09:50 . 2011-05-29 09:50 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-05-29 09:50 . 2011-05-29 09:50 2 --shatr- c:\windows\winstart.bat

2011-05-29 09:50 . 2011-05-18 14:53 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2011-05-29 09:50 . 2011-06-03 06:32 -------- d-----w- c:\program files\UnHackMe

2011-05-29 09:31 . 2011-05-29 09:31 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-29 09:31 . 2011-05-29 09:46 -------- d-----w- c:\program files\Trend Micro

2011-05-28 09:12 . 2011-05-28 09:12 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-14 07:35 . 2011-05-14 07:35 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-14 07:35 . 2011-05-14 07:35 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-14 07:35 . 2011-05-14 07:35 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-14 07:35 . 2011-05-14 07:35 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-14 07:35 . 2011-05-14 07:35 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-14 07:35 . 2011-05-14 07:35 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-14 07:35 . 2011-05-14 07:35 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-14 07:35 . 2011-05-14 07:35 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-14 00:17 . 2004-08-04 04:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-05-14 00:17 . 2004-08-04 04:56 21504 ----a-w- c:\windows\system32\hidserv.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2009-07-24 01:36 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-07-24 01:36 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-29 09:37 . 2010-04-10 07:18 17480 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-05-14 07:35 . 2011-05-14 07:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 21:24 325000 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-12-12 79872]

"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2011-05-18 594200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]

"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-11-15 14:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B88IKpTi61kPho

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cerberus

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sSYuy7Ywgej6

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]

2009-02-23 14:49 2652056 -c--a-w- c:\program files\PC Tools Firewall Plus\FirewallGUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 09:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2009-07-12 07:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2009-07-09 20:07 49968 -c--a-w- c:\program files\AIM6\aim6.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-10-03 00:15 323392 -c--a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-12 13:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

2008-04-24 17:25 202560 -c--a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCure]

2010-06-28 20:57 3982616 ----a-w- c:\program files\ParetoLogic\DriverCure\DriverCure.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]

2011-05-29 09:37 6470464 -c--a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 06:41 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 13:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 13:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 13:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2007-09-21 07:10 55824 -c--a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]

2001-10-08 13:16 906752 -c--a-w- c:\windows\system32\LXSUPMON.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 01:06 4351216 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]

2009-05-27 19:46 598016 -c--a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 05:06 1667584 -c----w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 17:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 19:31 2144088 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2006-11-06 17:31 81920 -c--a-w- c:\windows\system32\PCLECoInst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"RUBotSrv"=2 (0x2)

"sdCoreService"=3 (0x3)

"PCToolsFirewallPlus"=2 (0x2)

"sdAuxService"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/19/2009 12:39 AM 217032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/8/2010 4:08 AM 162640]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/19/2009 12:39 AM 233136]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/8/2010 4:08 AM 19024]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/12/2010 4:05 PM 112592]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/19/2009 12:39 AM 88040]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/26/2009 4:54 AM 24652]

R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [6/19/2009 12:05 AM 96256]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/4/2009 3:19 AM 33792]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/19/2009 12:38 AM 95640]

R4 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [5/29/2011 5:46 AM 439632]

S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [5/29/2011 5:50 AM 35816]

S0 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [4/11/2010 8:17 PM 50176]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 7:15 AM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 7:15 AM 133104]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [8/26/2010 2:16 AM 25728]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/23/2009 9:36 PM 39984]

S3 NDISKIO;NDISKIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\00000119.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Owner\LOCALS~1\Temp\00000119.nmc\nse\bin\ndiskio.sys [?]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [7/4/2009 3:24 AM 27904]

S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/12/2010 4:01 PM 366840]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - UnHackMeDrv

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-06-07 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:15]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 11:15]

.

2011-06-06 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

.

2011-06-06 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

.

2011-06-05 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: c:\progra~1\SpeedBit Video Accelerator\sblsp.dll

TCP: DhcpNameServer = 68.87.77.134 68.87.72.134

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v5mwcasx.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-klmdb.sys

MSConfigStartUp-BoM2zLAfOV - c:\documents and settings\Owner\Application Data\svchost.exe

MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

MSConfigStartUp-MSWUpdate - c:\documents and settings\Owner\Application Data\lsass.exe

MSConfigStartUp-sRgQ8pJQdL6aWZ6s - c:\documents and settings\Owner\Application Data\svchost.exe

MSConfigStartUp-svchost - c:\documents and settings\Owner\Application Data\Microsoft\svchost.exe

AddRemove-eBay Icon - c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe

AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-08 00:58

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1116)

c:\windows\system32\GTGina.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

Completion time: 2011-06-08 01:00:33

ComboFix-quarantined-files.txt 2011-06-08 05:00

.

Pre-Run: 9,248,047,104 bytes free

Post-Run: 9,396,404,224 bytes free

.

- - End Of File - - 7477C599B1060ECE6788882F0A13F2C0

.

DDS (Ver_2011-06-02.03) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20

Run by Owner at 1:03:57 on 2011-06-08

.

============== Running Processes ===============

.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [sansaDispatch] c:\documents and settings\owner\application data\sandisk\sansa updater\SansaDispatch.exe

uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll

IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VideoGet_IE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: c:\progra~1\speedbit video accelerator\sblsp.dll

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{27305AC6-75EE-436B-867F-36A29057A32D} : DhcpNameServer = 68.87.77.134 68.87.72.134

TCP: Interfaces\{629FAF31-BF81-488E-9357-CB907AAD71B4} : DhcpNameServer = 68.87.77.134 68.87.72.134

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\v5mwcasx.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\v5mwcasx.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R? avast! Mail Scanner;avast! Mail Scanner

R? avast! Web Scanner;avast! Web Scanner

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? HTCAND32;HTC Device Driver

R? MBAMSwissArmy;MBAMSwissArmy

R? NDISKIO;NDISKIO

R? Partizan;Partizan

R? rk_remover-boot;rk_remover-boot

R? sdAuxService;PC Tools Auxiliary Service

R? sdCoreService;PC Tools Security Service

R? XPADFL02;XPAD Filter Service 02

S? aswFsBlk;aswFsBlk

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? Browser Defender Update Service;Browser Defender Update Service

S? IPN2120;Wireless-B PCI Adapter Driver

S? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1

S? libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1

S? NPF;NetGroup Packet Filter Driver

S? PCTAppEvent;PCTAppEvent Driver

S? PCTCore;PCTools KDS

S? pctgntdi;pctgntdi

S? PCToolsFirewallPlus;PC Tools Firewall Plus

S? pctplfw;pctplfw

S? RUBotSrv;Trend Micro RUBotted Service

S? VideoAcceleratorService;VideoAcceleratorService

S? Viewpoint Manager Service;Viewpoint Manager Service

.

=============== Created Last 30 ================

.

2011-06-02 20:38:55 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-29 09:57:07 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2011-05-29 09:50:49 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-05-29 09:50:49 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-05-29 09:50:45 2 --shatr- c:\windows\winstart.bat

2011-05-29 09:50:31 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2011-05-29 09:50:25 -------- d-----w- c:\program files\UnHackMe

2011-05-29 09:31:06 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-29 09:31:05 -------- d-----w- c:\program files\Trend Micro

2011-05-28 09:12:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-28 09:12:27 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-14 07:35:56 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-14 07:35:56 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-14 07:35:56 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-14 07:35:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-14 07:35:55 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-14 07:35:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-14 07:35:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-14 07:35:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-14 00:17:16 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-05-14 00:17:16 21504 ----a-w- c:\windows\system32\hidserv.dll

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-05-29 09:37:49 17480 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 1:04:23.34 ===============

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

well guys, when i was about to do those things, my computer decided to crap out on me. it wont even boot up. it gets past the windows xp loading screen then the bsod pops up, reading 'unmountable boot volume' or something like that. after some googling, i guess i need the windows xp reinstallation disk and i should be straight. problem is, i cant find one and i dont know where to get one. and if youre wondering, yes, this is being typed from another computer.

once all of that gets fixed i'll be back with the logs, sorry for all of this guys. - jordan

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.