Is VIRUSfighter a rogue?

tartarsause · #1 12th Jan 2009, 19:23

A week ago, I had removed VIRUSfighter Version 5.99 with Revo Uninstaller then rebooted. However, Windows Security Center continues to show that it's still installed & running as of this moment.

**evilfantasy** · #2 12th Jan 2009, 21:30

I'm not sure it's a rouge but it very well could be.

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

tartarsause · #3 13th Jan 2009, 00:31

Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 2

2009-01-13 02:31:02
mbam-log-2009-01-13 (02-31-02).txt

Scan type: Quick Scan
Objects scanned: 50908
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Z at 2009-01-13 02:31:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 113 GB (74%) free of 153 GB
Total RAM: 958 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31, on 2009-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab

--
End of file - 1726 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp _exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\syst em32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabl ed:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8a8df30e-22b9-11dc-82d6-ffc7c4764c8c}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-13 12:44:54 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-13 12:44:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-13 02:31:28 ----D---- C:\Program Files\trend micro
2009-01-13 02:06:21 ----SHD---- C:\Config.Msi
2009-01-13 01:58:39 ----D---- C:\Avenger
2009-01-13 01:58:39 ----A---- C:\avenger.txt
2009-01-12 23:36:39 ----D---- C:\ComboFix
2009-01-12 23:36:39 ----A---- C:\WINDOWS\system32\CF10723.exe
2009-01-12 22:19:22 ----D---- C:\rsit
2009-01-07 21:13:01 ----D---- C:\Documents and Settings\Z\Application Data\Malwarebytes
2009-01-07 21:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 21:12:56 ----D---- C:\Program Files\Malwarebytes
2008-12-23 16:53:34 ----D---- C:\Program Files\RogueRemover
2008-12-22 09:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
2008-12-22 05:26:19 ----D---- C:\Program Files\Microsoft LifeCam
2008-12-18 22:42:29 ----SHD---- C:\RECYCLER
2008-12-18 12:51:31 ----D---- C:\WINDOWS\temp
2008-12-18 12:49:58 ----RASHD---- C:\cmdcons
2008-12-18 12:48:07 ----A---- C:\WINDOWS\zip.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\sed.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\grep.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 12:43:38 ----D---- C:\WINDOWS\ERDNT
2008-12-17 16:33:56 ----D---- C:\Program Files\LCleaner

======List of files/folders modified in the last 1 months======

2009-01-13 12:52:54 ----D---- C:\Documents and Settings\Z\Application Data\Aim
2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32
2009-01-13 12:48:57 ----D---- C:\WINDOWS\Debug
2009-01-13 02:31:28 ----D---- C:\Program Files
2009-01-13 02:29:21 ----D---- C:\Program Files\Display Image Grabber
2009-01-13 02:13:58 ----D---- C:\Program Files\Z-DL
2009-01-13 02:06:31 ----SHD---- C:\WINDOWS\Installer
2009-01-13 02:06:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-13 02:06:23 ----HD---- C:\WINDOWS\inf
2009-01-13 02:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-13 01:59:42 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 01:59:12 ----D---- C:\WINDOWS
2009-01-13 01:58:39 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 01:28:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 06:11:03 ----SD---- C:\Documents and Settings\Z\Application Data\Microsoft
2009-01-08 04:17:50 ----D---- C:\Program Files\EasyCleaner
2009-01-08 04:15:25 ----D---- C:\Documents and Settings\Z\Application Data\Motive
2009-01-07 18:58:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-05 17:51:47 ----D---- C:\WINDOWS\Help
2008-12-31 07:29:17 ----D---- C:\WINDOWS\Prefetch
2008-12-23 18:19:52 ----D---- C:\Program Files\AudioConverter
2008-12-23 08:03:00 ----D---- C:\Program Files\CCleaner
2008-12-22 05:25:33 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 12:53:35 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:51:43 ----D---- C:\WINDOWS\system32\config
2008-12-18 12:51:10 ----D---- C:\Program Files\Common Files
2008-12-18 12:51:09 ----D---- C:\WINDOWS\AppPatch
2008-12-18 12:50:03 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

-----------------EOF-----------------

**evilfantasy** · #4 13th Jan 2009, 11:19

Didi you edit part of the log out? I can't help without the entire log.

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31, on 2009-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab

tartarsause · #5 14th Jan 2009, 12:47

oopz...

Logfile of random's system information tool 1.05 (written by random/random)
Run by Z at 2009-01-14 02:45:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 112 GB (73%) free of 153 GB
Total RAM: 958 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:46, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home...fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: QANDDIWUIE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Z\LOCALS~1\Temp\QANDDIWUIE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TUYJSP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TUYJSP.exe

--
End of file - 2777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp _exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\syst em32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabl ed:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8a8df30e-22b9-11dc-82d6-ffc7c4764c8c}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 3 months======

2009-01-14 02:18:17 ----D---- C:\WINDOWS\McAfee.com
2009-01-14 02:18:11 ----D---- C:\WINDOWS\LastGood
2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-13 12:44:54 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-13 12:44:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-13 06:04:52 ----D---- C:\Program Files\Spybot
2009-01-13 06:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-13 05:34:55 ----D---- C:\RkUnhooker
2009-01-13 05:20:26 ----A---- C:\avenger.txt
2009-01-13 05:00:13 ----D---- C:\ComboFix
2009-01-13 05:00:13 ----A---- C:\WINDOWS\system32\CF8581.exe
2009-01-13 04:38:02 ----D---- C:\Program Files\Panda Security
2009-01-13 04:23:04 ----D---- C:\Program Files\ThreatFire
2009-01-13 04:23:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-01-13 04:11:28 ----D---- C:\Qoobox
2009-01-13 04:11:27 ----A---- C:\WINDOWS\system32\CF31798.exe
2009-01-13 02:57:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-13 02:40:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 02:40:42 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-13 02:40:42 ----D---- C:\Documents and Settings\Z\Application Data\SUPERAntiSpyware.com
2009-01-13 02:31:28 ----D---- C:\Program Files\trend micro
2009-01-13 01:58:39 ----D---- C:\Avenger
2009-01-12 23:36:39 ----A---- C:\WINDOWS\system32\CF10723.exe
2009-01-12 22:19:22 ----D---- C:\rsit
2009-01-07 21:13:01 ----D---- C:\Documents and Settings\Z\Application Data\Malwarebytes
2009-01-07 21:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 21:12:56 ----D---- C:\Program Files\Malwarebytes
2008-12-23 16:53:34 ----D---- C:\Program Files\RogueRemover
2008-12-22 09:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
2008-12-22 05:26:19 ----D---- C:\Program Files\Microsoft LifeCam
2008-12-18 22:42:29 ----SHD---- C:\RECYCLER
2008-12-18 12:51:31 ----D---- C:\WINDOWS\temp
2008-12-18 12:49:58 ----RASHD---- C:\cmdcons
2008-12-18 12:48:07 ----A---- C:\WINDOWS\zip.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\sed.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\grep.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 12:43:38 ----D---- C:\WINDOWS\ERDNT
2008-12-17 16:33:56 ----D---- C:\Program Files\LCleaner
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 18:26:50 ----D---- C:\Program Files\Java
2008-12-12 18:06:30 ----D---- C:\Documents and Settings\Z\Application Data\Sony
2008-12-12 17:27:39 ----D---- C:\Program Files\ACIDMusicStudio7.0
2008-12-11 17:35:31 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-11 10:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\_comodo_
2008-12-08 14:48:16 ----AT---- C:\WINDOWS\system32\DRWEBSP.DLL
2008-11-23 17:55:47 ----D---- C:\WINDOWS\WBEM
2008-11-23 17:54:17 ----HDC---- C:\WINDOWS\ie7
2008-11-23 17:53:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$
2008-11-23 17:52:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2008-11-23 17:51:48 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-21 16:57:13 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-21 12:25:45 ----D---- C:\Program Files\Foxit Reader
2008-11-21 06:04:39 ----D---- C:\Documents and Settings\Z\Application Data\Motive
2008-11-21 05:58:32 ----D---- C:\Program Files\Verizon
2008-11-21 01:00:09 ----D---- C:\Program Files\CamStudio
2008-11-14 18:53:13 ----D---- C:\Program Files\EasyCleaner
2008-11-14 18:30:15 ----A---- C:\WINDOWS\is-EICII.exe
2008-11-12 15:02:04 ----D---- C:\Program Files\RootkitRevealer
2008-11-11 01:58:10 ----D---- C:\Program Files\Common Files\Softwin
2008-11-10 21:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-08 14:07:13 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-08 13:59:41 ----D---- C:\Program Files\IObitSmartDefrag
2008-11-08 10:25:11 ----D---- C:\Program Files\MSXML 6.0
2008-11-08 10:12:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-07 05:55:28 ----D---- C:\Program Files\Revo Uninstaller
2008-11-02 22:10:55 ----D---- C:\Program Files\7-Zip
2008-11-01 00:58:23 ----D---- C:\Program Files\WhatsRunning
2008-10-28 21:06:40 ----D---- C:\Documents and Settings\Z\Application Data\Sonic
2008-10-20 04:21:53 ----D---- C:\WINDOWS\pss
2008-10-19 22:59:25 ----D---- C:\WINDOWS\OvtCam
2008-10-15 13:22:24 ----D---- C:\Program Files\Reference Assemblies

======List of files/folders modified in the last 3 months======

2009-01-14 12:50:02 ----D---- C:\WINDOWS\system32
2009-01-14 12:43:09 ----D---- C:\Documents and Settings\Z\Application Data\Aim
2009-01-14 12:42:30 ----D---- C:\Program Files\AIM
2009-01-14 10:09:10 ----D---- C:\Program Files\Display Image Grabber
2009-01-14 09:19:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 09:15:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-14 02:43:28 ----D---- C:\Program Files\Z-DL
2009-01-14 02:37:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 02:24:47 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 02:18:17 ----HD---- C:\WINDOWS\inf
2009-01-14 02:18:17 ----D---- C:\WINDOWS
2009-01-14 02:12:30 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 12:48:57 ----D---- C:\WINDOWS\Debug
2009-01-13 06:04:52 ----D---- C:\Program Files
2009-01-13 04:36:53 ----A---- C:\WINDOWS\win.ini
2009-01-13 04:01:28 ----SHD---- C:\WINDOWS\Installer
2009-01-13 04:01:10 ----SD---- C:\Documents and Settings\Z\Application Data\Microsoft
2009-01-13 03:58:49 ----D---- C:\Documents and Settings
2009-01-13 02:40:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 02:06:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-13 02:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 01:28:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-07 18:58:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-05 17:51:47 ----D---- C:\WINDOWS\Help
2008-12-31 07:29:17 ----D---- C:\WINDOWS\Prefetch
2008-12-23 18:19:52 ----D---- C:\Program Files\AudioConverter
2008-12-23 08:03:00 ----D---- C:\Program Files\CCleaner
2008-12-22 05:25:33 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 12:53:35 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:51:43 ----D---- C:\WINDOWS\system32\config
2008-12-18 12:51:10 ----D---- C:\Program Files\Common Files
2008-12-18 12:51:09 ----D---- C:\WINDOWS\AppPatch
2008-12-18 12:50:03 ----RASH---- C:\boot.ini
2008-12-12 20:36:13 ----D---- C:\WINDOWS\system32\Macromed
2008-12-11 17:08:58 ----D---- C:\WINDOWS\WinSxS
2008-12-11 17:08:58 ----D---- C:\WINDOWS\system32\wbem
2008-12-11 16:08:23 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-09 01:09:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-06 08:13:41 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 18:16:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-23 17:59:36 ----D---- C:\Program Files\Internet Explorer
2008-11-23 17:55:47 ----D---- C:\WINDOWS\system32\en-us
2008-11-23 17:55:36 ----D---- C:\WINDOWS\Media
2008-11-21 06:01:33 ----D---- C:\Program Files\Common Files\Motive
2008-11-20 19:12:58 ----D---- C:\Program Files\Z-Cova
2008-11-15 07:23:41 ----D---- C:\Documents and Settings\Z\Application Data\Adobe
2008-11-10 23:26:59 ----D---- C:\WINDOWS\Registration
2008-11-10 16:08:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-09 03:07:02 ----A---- C:\WINDOWS\WININIT.INI
2008-11-08 16:44:08 ----D---- C:\Program Files\File Scavenger 2.1
2008-11-08 16:44:08 ----D---- C:\Program Files\1dellpcb4rexp
2008-11-08 16:04:44 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 14:06:40 ----RSD---- C:\WINDOWS\assembly
2008-11-08 13:47:01 ----SHD---- C:\System Volume Information
2008-10-26 18:42:46 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-20 01:41:29 ----D---- C:\Program Files\Yahoo!
2008-10-20 01:22:53 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-10-20 00:13:35 ----D---- C:\Program Files\Windows Live
2008-10-19 22:59:26 ----D---- C:\WINDOWS\twain_32
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 13:22:25 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-15 11:57:56 ----N---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
S3 0311B;0311B; \??\C:\WINDOWS\system32\0311B.sys []
S3 045A;045A; \??\C:\WINDOWS\system32\045A.sys []
S3 0bc3;0bc3; \??\C:\WINDOWS\system32\0bc3.sys []
S3 1d34;1d34; \??\C:\WINDOWS\system32\1d34.sys []
S3 1e617;1e617; \??\C:\WINDOWS\system32\1e617.sys []
S3 30214;30214; \??\C:\WINDOWS\system32\30214.sys []
S3 3bd27;3bd27; \??\C:\WINDOWS\system32\3bd27.sys []
S3 3e92;3e92; \??\C:\WINDOWS\system32\3e92.sys []
S3 406C;406C; \??\C:\WINDOWS\system32\406C.sys []
S3 4491E;4491E; \??\C:\WINDOWS\system32\4491E.sys []
S3 50e26;50e26; \??\C:\WINDOWS\system32\50e26.sys []
S3 539F;539F; \??\C:\WINDOWS\system32\539F.sys []
S3 5891C;5891C; \??\C:\WINDOWS\system32\5891C.sys []
S3 5aa8;5aa8; \??\C:\WINDOWS\system32\5aa8.sys []
S3 60822;60822; \??\C:\WINDOWS\system32\60822.sys []
S3 73e18;73e18; \??\C:\WINDOWS\system32\73e18.sys []
S3 76224;76224; \??\C:\WINDOWS\system32\76224.sys []
S3 7c81F;7c81F; \??\C:\WINDOWS\system32\7c81F.sys []
S3 85020;85020; \??\C:\WINDOWS\system32\85020.sys []
S3 91528;91528; \??\C:\WINDOWS\system32\91528.sys []
S3 938E;938E; \??\C:\WINDOWS\system32\938E.sys []
S3 a6dB;a6dB; \??\C:\WINDOWS\system32\a6dB.sys []
S3 b4213;b4213; \??\C:\WINDOWS\system32\b4213.sys []
S3 c107;c107; \??\C:\WINDOWS\system32\c107.sys []
S3 c8e16;c8e16; \??\C:\WINDOWS\system32\c8e16.sys []
S3 c9312;c9312; \??\C:\WINDOWS\system32\c9312.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cd66;cd66; \??\C:\WINDOWS\system32\cd66.sys []
S3 cfa10;cfa10; \??\C:\WINDOWS\system32\cfa10.sys []
S3 f1a1A;f1a1A; \??\C:\WINDOWS\system32\f1a1A.sys []
S3 fa123;fa123; \??\C:\WINDOWS\system32\fa123.sys []
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 sybex38;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\sybex38.sys []
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-11-17 70944]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S3 QANDDIWUIE;QANDDIWUIE; C:\DOCUME~1\Z\LOCALS~1\Temp\QANDDIWUIE.exe [2009-01-13 551808]
S3 TUYJSP;TUYJSP; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TUYJSP.exe [2009-01-13 404352]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

-----------------EOF-----------------

**evilfantasy** · #6 14th Jan 2009, 16:11

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

tartarsause · #7 14th Jan 2009, 16:21

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2009-01-14 06:21:20
mbam-log-2009-01-14 (06-21-20).txt

Scan type: Quick Scan
Objects scanned: 53376
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**evilfantasy** · #8 14th Jan 2009, 16:53

The HijackThis part of the log still looks edited. Have you removed any of it?

Please post the log found in C:\ComboFix.txt

tartarsause · #9 14th Jan 2009, 16:59

I did not remove any & unable to find the combofix log.. here's a winpatrols though
Log created by WinPatrol version 15.9.2008.5:15.9.2008.5
Scan saved at 6:57:01 AM, on 1/14/2009
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Safe with Network

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRAM FILES\Yahoo!\MESSENGER\YAHOOMESSENGER.EXE
C:\PROGRAM FILES\AIM\aim.exe
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAM FILES\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: vzTCPConfig (http://www2.verizon.net/help/fios_se...de/vzTCPConfig) - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home...fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (http://download.macromedia.com/pub/s.../flash/swflash) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Alerter - Microsoft Corporation - C:\WINDOWS\system32\alrsvc.dll
O23 - Service: Application Layer Gateway Service - Microsoft Corporation - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: ASP.NET State Service - - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe
O23 - Service: Windows Audio - Microsoft Corporation - C:\WINDOWS\system32\audiosrv.dll
O23 - Service: Background Intelligent Transfer Service - Microsoft Corporation - C:\WINDOWS\system32\qmgr.dll
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCore.exe
O23 - Service: Computer Browser - Microsoft Corporation - C:\WINDOWS\system32\browser.dll
O23 - Service: Indexing Service - Microsoft Corporation - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - Microsoft Corporation - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Cryptographic Services - Microsoft Corporation - C:\WINDOWS\system32\cryptsvc.dll
O23 - Service: DCOM Server Process Launcher - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: DHCP Client - Microsoft Corporation - C:\WINDOWS\system32\dhcpcsvc.dll
O23 - Service: Logical Disk Manager Administrative Service - - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager - Microsoft Corp. - C:\WINDOWS\system32\dmserver.dll
O23 - Service: DNS Client - Microsoft Corporation - C:\WINDOWS\system32\dnsrslvr.dll
O23 - Service: Error Reporting Service - Microsoft Corporation - C:\WINDOWS\system32\ersvc.dll
O23 - Service: Event Log - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - Microsoft Corporation - C:\WINDOWS\system32\es.dll
O23 - Service: Fast User Switching Compatibility - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - Microsoft Corporation - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
O23 - Service: Help and Support - Microsoft Corporation - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: HTTP SSL - Microsoft Corporation - C:\WINDOWS\system32\w3ssl.dll
O23 - Service: Windows CardSpace - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IMAPI CD-Burning COM Service - Microsoft Corporation - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Server - Microsoft Corporation - C:\WINDOWS\system32\srvsvc.dll
O23 - Service: Workstation - Microsoft Corporation - C:\WINDOWS\system32\wkssvc.dll
O23 - Service: LEWGWOYNUU - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Z\Local Settings\temp\LEWGWOYNUU.exe
O23 - Service: TCP/IP NetBIOS Helper - Microsoft Corporation - C:\WINDOWS\system32\lmhsvc.dll
O23 - Service: Messenger - Microsoft Corporation - C:\WINDOWS\system32\msgsvc.dll
O23 - Service: NetMeeting Remote Desktop Sharing - Microsoft Corporation - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCamSvc - Microsoft Corporation - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
O23 - Service: Distributed Transaction Coordinator - Microsoft Corporation - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - - C:\WINDOWS\system32\MSIEXEC.exe /V
O23 - Service: Network DDE - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - Microsoft Corporation - C:\WINDOWS\system32\netman.dll
O23 - Service: Net.Tcp Port Sharing Service - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness (NLA) - Microsoft Corporation - C:\WINDOWS\system32\mswsock.dll
O23 - Service: NT LM Security Support Provider - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - Microsoft Corporation - C:\WINDOWS\system32\ntmssvc.dll
O23 - Service: Plug and Play - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: QANDDIWUIE - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Z\Local Settings\temp\QANDDIWUIE.exe
O23 - Service: Remote Access Auto Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasauto.dll
O23 - Service: Remote Access Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasmans.dll
O23 - Service: Remote Desktop Help Session Manager - Microsoft Corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - Microsoft Corporation - C:\WINDOWS\system32\mprdim.dll
O23 - Service: Remote Procedure Call (RPC) Locator - Microsoft Corporation - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: QoS RSVP - Microsoft Corporation - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - Microsoft Corporation - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler - Microsoft Corporation - C:\WINDOWS\system32\schedsvc.dll
O23 - Service: Secondary Logon - Microsoft Corporation - C:\WINDOWS\system32\seclogon.dll
O23 - Service: System Event Notification - Microsoft Corporation - C:\WINDOWS\system32\sens.dll
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Microsoft Corporation - C:\WINDOWS\system32\ipnathlp.dll
O23 - Service: Shell Hardware Detection - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Print Spooler - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - Microsoft Corporation - C:\WINDOWS\system32\srsvc.dll
O23 - Service: SSDP Discovery Service - Microsoft Corporation - C:\WINDOWS\system32\ssdpsrv.dll
O23 - Service: Windows Image Acquisition (WIA) - Microsoft Corporation - C:\WINDOWS\system32\wiaservc.dll
O23 - Service: MS Software Shadow Copy Provider - - C:\WINDOWS\system32\dllhost.exe /Processid:{A5E6E587-C0ED-4D04-9061-D11C62839489}
O23 - Service: Performance Logs and Alerts - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - Microsoft Corporation - C:\WINDOWS\system32\tapisrv.dll
O23 - Service: Terminal Services - Microsoft Corporation - C:\WINDOWS\system32\termsrv.dll
O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: ThreatFire - - C:\Program Files\ThreatFire\TFService.exe service
O23 - Service: Distributed Link Tracking Client - Microsoft Corporation - C:\WINDOWS\system32\trkwks.dll
O23 - Service: TUYJSP - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Administrator\Local Settings\temp\TUYJSP.exe
O23 - Service: Universal Plug and Play Device Host - Microsoft Corporation - C:\WINDOWS\system32\upnphost.dll
O23 - Service: Uninterruptible Power Supply - Microsoft Corporation - C:\WINDOWS\system32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - Microsoft Corporation - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - Microsoft Corporation - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time - Microsoft Corporation - C:\WINDOWS\system32\w32time.dll
O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\system32\webclnt.dll
O23 - Service: Windows Management Instrumentation - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmisvc.dll
O23 - Service: Portable Media Serial Number Service - Microsoft Corporation - C:\WINDOWS\system32\mspmsnsv.dll
O23 - Service: WMI Performance Adapter - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - Microsoft Corporation - C:\WINDOWS\system32\wscsvc.dll
O23 - Service: Automatic Updates - Microsoft Corporation - C:\WINDOWS\system32\wuauserv.dll
O23 - Service: Wireless Zero Configuration - Microsoft Corporation - C:\WINDOWS\system32\wzcsvc.dll
O23 - Service: Network Provisioning Service - Microsoft Corporation - C:\WINDOWS\system32\xmlprov.dll

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 2.0.0.20
MSIE: Internet Explorer (7.00.5730.13)
Firefox 2.0.0.20 installed in C:\Program Files\Mozilla Firefox.
19 IE Cookies in Folder: C:\Documents and Settings\Z\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\Z\Application Data\Mozilla\FireFox\Profiles\hg9g0nkj.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 1:Turn off Automatic Updates.

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \Prefixes: www = http://

WP16 - ActiveX: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [Microsoft Data Collection Control] C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSDcode.dll 2.6.1.19
WP16 - ActiveX: {193C772A-87BE-4B19-A7BB-445B226FE9A1} [ewidoOnlineScan Control] C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll 1.0.0.4
WP16 - ActiveX: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [ActiveScan 2.0 Installer Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\AS2STUBIE.DLL 1, 1, 0, 0
WP16 - ActiveX: {41524153-46FB-488C-8E53-7624AB83C46F} [ActiveScan 2.0 AV Class] C:\PROGRAM FILES\PANDA SECURITY\ACTIVESCAN 2.0\as2guiie.dll 1, 2, 3, 0
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.2.6001.788
WP16 - ActiveX: {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} [Microsoft Shell UI Helper] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 9.00.00.3250
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.2.6001.788
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {B9F79165-A264-4C4A-A211-133A5E8D647F} [F-Secure Health Check 1.1] C:\WINDOWS\DOWNLOADED PROGRAM FILES\fscax.dll 1.1
WP16 - ActiveX: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [a-squared Scanner] C:\WINDOWS\Downloaded Program Files\asquared.ocx 4.0.0.0
WP16 - ActiveX: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [F-Secure Online Scanner 3.3] C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\fscax.dll 3.3.0
WP16 - ActiveX: {CFC399AF-D876-11D0-9C10-00C04FC99C8E} [Msxml] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [McFreeScan Class] C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll 2, 2, 0, 5494
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.5730.13
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [WordPad Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .EML: [Outlook Express Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [FLVPlayer.ex]C:\Program Files\FLV Player\FLVPlayer.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 28%
Physical Memory Free: 701,828 KB
Paging File Free: 2,205,860 KB
Virtual Memory Free: 2,064,296 KB

--
End of file

**evilfantasy** · #10 14th Jan 2009, 17:31

That looked a bit more normal. But there are still no 04 entries. Indicating that nothing is running at startup. Do you use MSCONFIG to control your Startups? If so please enable ALL of the entries in MSCONFIG. restart and then post a new RSIT log.

Also go to C:\RSIT\info.txt and post that log please.