Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page 

Is VIRUSfighter a rogue?

Register
CJ MOTM Competition

Register

   Default  

Is VIRUSfighter a rogue?



Adsense
Adsense

 
 
Old 12th Jan 2009, 18:23
New Member
Posts: 9
 
A week ago, I had removed VIRUSfighter Version 5.99 with Revo Uninstaller then rebooted. However, Windows Security Center continues to show that it's still installed & running as of this moment.


 
Old 12th Jan 2009, 20:30
Moderator
Posts: 7,848
 
I'm not sure it's a rouge but it very well could be.

Download Malwarebytes' Anti-Malware (MBAM)
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
  • Double click on RSIT.exe to run.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • log.txt <will be maximized and info.txt <will be minimized
  • Please post the contents of both logs in the next reply.
__________________
 
Old 12th Jan 2009, 23:31
New Member
Posts: 9
 
Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 2

2009-01-13 02:31:02
mbam-log-2009-01-13 (02-31-02).txt

Scan type: Quick Scan
Objects scanned: 50908
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Z at 2009-01-13 02:31:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 113 GB (74%) free of 153 GB
Total RAM: 958 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31, on 2009-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab

--
End of file - 1726 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8df30e-22b9-11dc-82d6-ffc7c4764c8c}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-13 12:44:54 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-13 12:44:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-13 02:31:28 ----D---- C:\Program Files\trend micro
2009-01-13 02:06:21 ----SHD---- C:\Config.Msi
2009-01-13 01:58:39 ----D---- C:\Avenger
2009-01-13 01:58:39 ----A---- C:\avenger.txt
2009-01-12 23:36:39 ----D---- C:\ComboFix
2009-01-12 23:36:39 ----A---- C:\WINDOWS\system32\CF10723.exe
2009-01-12 22:19:22 ----D---- C:\rsit
2009-01-07 21:13:01 ----D---- C:\Documents and Settings\Z\Application Data\Malwarebytes
2009-01-07 21:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 21:12:56 ----D---- C:\Program Files\Malwarebytes
2008-12-23 16:53:34 ----D---- C:\Program Files\RogueRemover
2008-12-22 09:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
2008-12-22 05:26:19 ----D---- C:\Program Files\Microsoft LifeCam
2008-12-18 22:42:29 ----SHD---- C:\RECYCLER
2008-12-18 12:51:31 ----D---- C:\WINDOWS\temp
2008-12-18 12:49:58 ----RASHD---- C:\cmdcons
2008-12-18 12:48:07 ----A---- C:\WINDOWS\zip.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\sed.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\grep.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 12:43:38 ----D---- C:\WINDOWS\ERDNT
2008-12-17 16:33:56 ----D---- C:\Program Files\LCleaner

======List of files/folders modified in the last 1 months======

2009-01-13 12:52:54 ----D---- C:\Documents and Settings\Z\Application Data\Aim
2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32
2009-01-13 12:48:57 ----D---- C:\WINDOWS\Debug
2009-01-13 02:31:28 ----D---- C:\Program Files
2009-01-13 02:29:21 ----D---- C:\Program Files\Display Image Grabber
2009-01-13 02:13:58 ----D---- C:\Program Files\Z-DL
2009-01-13 02:06:31 ----SHD---- C:\WINDOWS\Installer
2009-01-13 02:06:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-13 02:06:23 ----HD---- C:\WINDOWS\inf
2009-01-13 02:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-13 01:59:42 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 01:59:12 ----D---- C:\WINDOWS
2009-01-13 01:58:39 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 01:28:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 06:11:03 ----SD---- C:\Documents and Settings\Z\Application Data\Microsoft
2009-01-08 04:17:50 ----D---- C:\Program Files\EasyCleaner
2009-01-08 04:15:25 ----D---- C:\Documents and Settings\Z\Application Data\Motive
2009-01-07 18:58:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-05 17:51:47 ----D---- C:\WINDOWS\Help
2008-12-31 07:29:17 ----D---- C:\WINDOWS\Prefetch
2008-12-23 18:19:52 ----D---- C:\Program Files\AudioConverter
2008-12-23 08:03:00 ----D---- C:\Program Files\CCleaner
2008-12-22 05:25:33 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 12:53:35 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:51:43 ----D---- C:\WINDOWS\system32\config
2008-12-18 12:51:10 ----D---- C:\Program Files\Common Files
2008-12-18 12:51:09 ----D---- C:\WINDOWS\AppPatch
2008-12-18 12:50:03 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

-----------------EOF-----------------
 
Old 13th Jan 2009, 10:19
Moderator
Posts: 7,848
 
Didi you edit part of the log out? I can't help without the entire log.

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31, on 2009-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
__________________
 
Old 14th Jan 2009, 11:47
New Member
Posts: 9
 
oopz...

Logfile of random's system information tool 1.05 (written by random/random)
Run by Z at 2009-01-14 02:45:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 112 GB (73%) free of 153 GB
Total RAM: 958 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:46, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Z\Desktop\RSIT.exe
C:\Program Files\trend micro\Z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home...fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: QANDDIWUIE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Z\LOCALS~1\Temp\QANDDIWUIE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TUYJSP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TUYJSP.exe

--
End of file - 2777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8df30e-22b9-11dc-82d6-ffc7c4764c8c}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-01-14 02:18:17 ----D---- C:\WINDOWS\McAfee.com
2009-01-14 02:18:11 ----D---- C:\WINDOWS\LastGood
2009-01-13 12:48:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-13 12:44:54 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-13 12:44:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-13 06:04:52 ----D---- C:\Program Files\Spybot
2009-01-13 06:04:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-13 05:34:55 ----D---- C:\RkUnhooker
2009-01-13 05:20:26 ----A---- C:\avenger.txt
2009-01-13 05:00:13 ----D---- C:\ComboFix
2009-01-13 05:00:13 ----A---- C:\WINDOWS\system32\CF8581.exe
2009-01-13 04:38:02 ----D---- C:\Program Files\Panda Security
2009-01-13 04:23:04 ----D---- C:\Program Files\ThreatFire
2009-01-13 04:23:04 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-01-13 04:11:28 ----D---- C:\Qoobox
2009-01-13 04:11:27 ----A---- C:\WINDOWS\system32\CF31798.exe
2009-01-13 02:57:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-13 02:40:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 02:40:42 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-13 02:40:42 ----D---- C:\Documents and Settings\Z\Application Data\SUPERAntiSpyware.com
2009-01-13 02:31:28 ----D---- C:\Program Files\trend micro
2009-01-13 01:58:39 ----D---- C:\Avenger
2009-01-12 23:36:39 ----A---- C:\WINDOWS\system32\CF10723.exe
2009-01-12 22:19:22 ----D---- C:\rsit
2009-01-07 21:13:01 ----D---- C:\Documents and Settings\Z\Application Data\Malwarebytes
2009-01-07 21:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 21:12:56 ----D---- C:\Program Files\Malwarebytes
2008-12-23 16:53:34 ----D---- C:\Program Files\RogueRemover
2008-12-22 09:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\{1BFA58C9-6B9E-433B-875A-6AD34E8AE1C3}
2008-12-22 05:26:19 ----D---- C:\Program Files\Microsoft LifeCam
2008-12-18 22:42:29 ----SHD---- C:\RECYCLER
2008-12-18 12:51:31 ----D---- C:\WINDOWS\temp
2008-12-18 12:49:58 ----RASHD---- C:\cmdcons
2008-12-18 12:48:07 ----A---- C:\WINDOWS\zip.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\sed.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\grep.exe
2008-12-18 12:48:07 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 12:43:38 ----D---- C:\WINDOWS\ERDNT
2008-12-17 16:33:56 ----D---- C:\Program Files\LCleaner
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 18:27:11 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 18:26:50 ----D---- C:\Program Files\Java
2008-12-12 18:06:30 ----D---- C:\Documents and Settings\Z\Application Data\Sony
2008-12-12 17:27:39 ----D---- C:\Program Files\ACIDMusicStudio7.0
2008-12-11 17:35:31 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-11 10:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\_comodo_
2008-12-08 14:48:16 ----AT---- C:\WINDOWS\system32\DRWEBSP.DLL
2008-11-23 17:55:47 ----D---- C:\WINDOWS\WBEM
2008-11-23 17:54:17 ----HDC---- C:\WINDOWS\ie7
2008-11-23 17:53:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-23 17:52:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-23 17:51:48 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-21 16:57:13 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-21 12:25:45 ----D---- C:\Program Files\Foxit Reader
2008-11-21 06:04:39 ----D---- C:\Documents and Settings\Z\Application Data\Motive
2008-11-21 05:58:32 ----D---- C:\Program Files\Verizon
2008-11-21 01:00:09 ----D---- C:\Program Files\CamStudio
2008-11-14 18:53:13 ----D---- C:\Program Files\EasyCleaner
2008-11-14 18:30:15 ----A---- C:\WINDOWS\is-EICII.exe
2008-11-12 15:02:04 ----D---- C:\Program Files\RootkitRevealer
2008-11-11 01:58:10 ----D---- C:\Program Files\Common Files\Softwin
2008-11-10 21:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-08 14:07:13 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-08 13:59:41 ----D---- C:\Program Files\IObitSmartDefrag
2008-11-08 10:25:11 ----D---- C:\Program Files\MSXML 6.0
2008-11-08 10:12:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-07 05:55:28 ----D---- C:\Program Files\Revo Uninstaller
2008-11-02 22:10:55 ----D---- C:\Program Files\7-Zip
2008-11-01 00:58:23 ----D---- C:\Program Files\WhatsRunning
2008-10-28 21:06:40 ----D---- C:\Documents and Settings\Z\Application Data\Sonic
2008-10-20 04:21:53 ----D---- C:\WINDOWS\pss
2008-10-19 22:59:25 ----D---- C:\WINDOWS\OvtCam
2008-10-15 13:22:24 ----D---- C:\Program Files\Reference Assemblies

======List of files/folders modified in the last 3 months======

2009-01-14 12:50:02 ----D---- C:\WINDOWS\system32
2009-01-14 12:43:09 ----D---- C:\Documents and Settings\Z\Application Data\Aim
2009-01-14 12:42:30 ----D---- C:\Program Files\AIM
2009-01-14 10:09:10 ----D---- C:\Program Files\Display Image Grabber
2009-01-14 09:19:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 09:15:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-14 02:43:28 ----D---- C:\Program Files\Z-DL
2009-01-14 02:37:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 02:24:47 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 02:18:17 ----HD---- C:\WINDOWS\inf
2009-01-14 02:18:17 ----D---- C:\WINDOWS
2009-01-14 02:12:30 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 12:48:57 ----D---- C:\WINDOWS\Debug
2009-01-13 06:04:52 ----D---- C:\Program Files
2009-01-13 04:36:53 ----A---- C:\WINDOWS\win.ini
2009-01-13 04:01:28 ----SHD---- C:\WINDOWS\Installer
2009-01-13 04:01:10 ----SD---- C:\Documents and Settings\Z\Application Data\Microsoft
2009-01-13 03:58:49 ----D---- C:\Documents and Settings
2009-01-13 02:40:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 02:06:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-13 02:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-13 01:32:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 01:28:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-07 18:58:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-05 17:51:47 ----D---- C:\WINDOWS\Help
2008-12-31 07:29:17 ----D---- C:\WINDOWS\Prefetch
2008-12-23 18:19:52 ----D---- C:\Program Files\AudioConverter
2008-12-23 08:03:00 ----D---- C:\Program Files\CCleaner
2008-12-22 05:25:33 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 12:53:35 ----A---- C:\WINDOWS\system.ini
2008-12-18 12:51:43 ----D---- C:\WINDOWS\system32\config
2008-12-18 12:51:10 ----D---- C:\Program Files\Common Files
2008-12-18 12:51:09 ----D---- C:\WINDOWS\AppPatch
2008-12-18 12:50:03 ----RASH---- C:\boot.ini
2008-12-12 20:36:13 ----D---- C:\WINDOWS\system32\Macromed
2008-12-11 17:08:58 ----D---- C:\WINDOWS\WinSxS
2008-12-11 17:08:58 ----D---- C:\WINDOWS\system32\wbem
2008-12-11 16:08:23 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-09 01:09:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-06 08:13:41 ----D---- C:\WINDOWS\system32\Restore
2008-11-23 18:16:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-23 17:59:36 ----D---- C:\Program Files\Internet Explorer
2008-11-23 17:55:47 ----D---- C:\WINDOWS\system32\en-us
2008-11-23 17:55:36 ----D---- C:\WINDOWS\Media
2008-11-21 06:01:33 ----D---- C:\Program Files\Common Files\Motive
2008-11-20 19:12:58 ----D---- C:\Program Files\Z-Cova
2008-11-15 07:23:41 ----D---- C:\Documents and Settings\Z\Application Data\Adobe
2008-11-10 23:26:59 ----D---- C:\WINDOWS\Registration
2008-11-10 16:08:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-09 03:07:02 ----A---- C:\WINDOWS\WININIT.INI
2008-11-08 16:44:08 ----D---- C:\Program Files\File Scavenger 2.1
2008-11-08 16:44:08 ----D---- C:\Program Files\1dellpcb4rexp
2008-11-08 16:04:44 ----D---- C:\Program Files\Common Files\Adobe
2008-11-08 14:06:40 ----RSD---- C:\WINDOWS\assembly
2008-11-08 13:47:01 ----SHD---- C:\System Volume Information
2008-10-26 18:42:46 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-20 01:41:29 ----D---- C:\Program Files\Yahoo!
2008-10-20 01:22:53 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-10-20 00:13:35 ----D---- C:\Program Files\Windows Live
2008-10-19 22:59:26 ----D---- C:\WINDOWS\twain_32
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 13:22:25 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-15 11:57:56 ----N---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-05-17 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
S3 0311B;0311B; \??\C:\WINDOWS\system32\0311B.sys []
S3 045A;045A; \??\C:\WINDOWS\system32\045A.sys []
S3 0bc3;0bc3; \??\C:\WINDOWS\system32\0bc3.sys []
S3 1d34;1d34; \??\C:\WINDOWS\system32\1d34.sys []
S3 1e617;1e617; \??\C:\WINDOWS\system32\1e617.sys []
S3 30214;30214; \??\C:\WINDOWS\system32\30214.sys []
S3 3bd27;3bd27; \??\C:\WINDOWS\system32\3bd27.sys []
S3 3e92;3e92; \??\C:\WINDOWS\system32\3e92.sys []
S3 406C;406C; \??\C:\WINDOWS\system32\406C.sys []
S3 4491E;4491E; \??\C:\WINDOWS\system32\4491E.sys []
S3 50e26;50e26; \??\C:\WINDOWS\system32\50e26.sys []
S3 539F;539F; \??\C:\WINDOWS\system32\539F.sys []
S3 5891C;5891C; \??\C:\WINDOWS\system32\5891C.sys []
S3 5aa8;5aa8; \??\C:\WINDOWS\system32\5aa8.sys []
S3 60822;60822; \??\C:\WINDOWS\system32\60822.sys []
S3 73e18;73e18; \??\C:\WINDOWS\system32\73e18.sys []
S3 76224;76224; \??\C:\WINDOWS\system32\76224.sys []
S3 7c81F;7c81F; \??\C:\WINDOWS\system32\7c81F.sys []
S3 85020;85020; \??\C:\WINDOWS\system32\85020.sys []
S3 91528;91528; \??\C:\WINDOWS\system32\91528.sys []
S3 938E;938E; \??\C:\WINDOWS\system32\938E.sys []
S3 a6dB;a6dB; \??\C:\WINDOWS\system32\a6dB.sys []
S3 b4213;b4213; \??\C:\WINDOWS\system32\b4213.sys []
S3 c107;c107; \??\C:\WINDOWS\system32\c107.sys []
S3 c8e16;c8e16; \??\C:\WINDOWS\system32\c8e16.sys []
S3 c9312;c9312; \??\C:\WINDOWS\system32\c9312.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cd66;cd66; \??\C:\WINDOWS\system32\cd66.sys []
S3 cfa10;cfa10; \??\C:\WINDOWS\system32\cfa10.sys []
S3 f1a1A;f1a1A; \??\C:\WINDOWS\system32\f1a1A.sys []
S3 fa123;fa123; \??\C:\WINDOWS\system32\fa123.sys []
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 sybex38;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\sybex38.sys []
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-11-17 70944]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S3 QANDDIWUIE;QANDDIWUIE; C:\DOCUME~1\Z\LOCALS~1\Temp\QANDDIWUIE.exe [2009-01-13 551808]
S3 TUYJSP;TUYJSP; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TUYJSP.exe [2009-01-13 404352]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

-----------------EOF-----------------
 
Old 14th Jan 2009, 15:11
Moderator
Posts: 7,848
 
Download Malwarebytes' Anti-Malware (MBAM)
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
__________________
 
Old 14th Jan 2009, 15:21
New Member
Posts: 9
 
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2009-01-14 06:21:20
mbam-log-2009-01-14 (06-21-20).txt

Scan type: Quick Scan
Objects scanned: 53376
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Old 14th Jan 2009, 15:53
Moderator
Posts: 7,848
 
The HijackThis part of the log still looks edited. Have you removed any of it?

Please post the log found in C:\ComboFix.txt
__________________
 
Old 14th Jan 2009, 15:59
New Member
Posts: 9
 
I did not remove any & unable to find the combofix log.. here's a winpatrols though
Log created by WinPatrol version 15.9.2008.5:15.9.2008.5
Scan saved at 6:57:01 AM, on 1/14/2009
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Safe with Network

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRAM FILES\Yahoo!\MESSENGER\YAHOOMESSENGER.EXE
C:\PROGRAM FILES\AIM\aim.exe
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAM FILES\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bm...&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre6\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: vzTCPConfig (http://www2.verizon.net/help/fios_se...de/vzTCPConfig) - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home...fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (http://download.macromedia.com/pub/s.../flash/swflash) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Alerter - Microsoft Corporation - C:\WINDOWS\system32\alrsvc.dll
O23 - Service: Application Layer Gateway Service - Microsoft Corporation - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: ASP.NET State Service - - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Windows Audio - Microsoft Corporation - C:\WINDOWS\system32\audiosrv.dll
O23 - Service: Background Intelligent Transfer Service - Microsoft Corporation - C:\WINDOWS\system32\qmgr.dll
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCore.exe
O23 - Service: Computer Browser - Microsoft Corporation - C:\WINDOWS\system32\browser.dll
O23 - Service: Indexing Service - Microsoft Corporation - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - Microsoft Corporation - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Cryptographic Services - Microsoft Corporation - C:\WINDOWS\system32\cryptsvc.dll
O23 - Service: DCOM Server Process Launcher - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: DHCP Client - Microsoft Corporation - C:\WINDOWS\system32\dhcpcsvc.dll
O23 - Service: Logical Disk Manager Administrative Service - - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager - Microsoft Corp. - C:\WINDOWS\system32\dmserver.dll
O23 - Service: DNS Client - Microsoft Corporation - C:\WINDOWS\system32\dnsrslvr.dll
O23 - Service: Error Reporting Service - Microsoft Corporation - C:\WINDOWS\system32\ersvc.dll
O23 - Service: Event Log - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - Microsoft Corporation - C:\WINDOWS\system32\es.dll
O23 - Service: Fast User Switching Compatibility - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - Microsoft Corporation - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: Help and Support - Microsoft Corporation - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
O23 - Service: Human Interface Device Access - - C:\WINDOWS\System32\hidserv.dll
O23 - Service: HTTP SSL - Microsoft Corporation - C:\WINDOWS\system32\w3ssl.dll
O23 - Service: Windows CardSpace - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IMAPI CD-Burning COM Service - Microsoft Corporation - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter - - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Server - Microsoft Corporation - C:\WINDOWS\system32\srvsvc.dll
O23 - Service: Workstation - Microsoft Corporation - C:\WINDOWS\system32\wkssvc.dll
O23 - Service: LEWGWOYNUU - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Z\Local Settings\temp\LEWGWOYNUU.exe
O23 - Service: TCP/IP NetBIOS Helper - Microsoft Corporation - C:\WINDOWS\system32\lmhsvc.dll
O23 - Service: Messenger - Microsoft Corporation - C:\WINDOWS\system32\msgsvc.dll
O23 - Service: NetMeeting Remote Desktop Sharing - Microsoft Corporation - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCamSvc - Microsoft Corporation - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
O23 - Service: Distributed Transaction Coordinator - Microsoft Corporation - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - - C:\WINDOWS\system32\MSIEXEC.exe /V
O23 - Service: Network DDE - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - Microsoft Corporation - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - Microsoft Corporation - C:\WINDOWS\system32\netman.dll
O23 - Service: Net.Tcp Port Sharing Service - Microsoft Corporation - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness (NLA) - Microsoft Corporation - C:\WINDOWS\system32\mswsock.dll
O23 - Service: NT LM Security Support Provider - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - Microsoft Corporation - C:\WINDOWS\system32\ntmssvc.dll
O23 - Service: Plug and Play - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: QANDDIWUIE - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Z\Local Settings\temp\QANDDIWUIE.exe
O23 - Service: Remote Access Auto Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasauto.dll
O23 - Service: Remote Access Connection Manager - Microsoft Corporation - C:\WINDOWS\system32\rasmans.dll
O23 - Service: Remote Desktop Help Session Manager - Microsoft Corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - Microsoft Corporation - C:\WINDOWS\system32\mprdim.dll
O23 - Service: Remote Procedure Call (RPC) Locator - Microsoft Corporation - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - Microsoft Corporation - C:\WINDOWS\system32\rpcss.dll
O23 - Service: QoS RSVP - Microsoft Corporation - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - Microsoft Corporation - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler - Microsoft Corporation - C:\WINDOWS\system32\schedsvc.dll
O23 - Service: Secondary Logon - Microsoft Corporation - C:\WINDOWS\system32\seclogon.dll
O23 - Service: System Event Notification - Microsoft Corporation - C:\WINDOWS\system32\sens.dll
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - Microsoft Corporation - C:\WINDOWS\system32\ipnathlp.dll
O23 - Service: Shell Hardware Detection - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: Print Spooler - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - Microsoft Corporation - C:\WINDOWS\system32\srsvc.dll
O23 - Service: SSDP Discovery Service - Microsoft Corporation - C:\WINDOWS\system32\ssdpsrv.dll
O23 - Service: Windows Image Acquisition (WIA) - Microsoft Corporation - C:\WINDOWS\system32\wiaservc.dll
O23 - Service: MS Software Shadow Copy Provider - - C:\WINDOWS\system32\dllhost.exe /Processid:{A5E6E587-C0ED-4D04-9061-D11C62839489}
O23 - Service: Performance Logs and Alerts - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - Microsoft Corporation - C:\WINDOWS\system32\tapisrv.dll
O23 - Service: Terminal Services - Microsoft Corporation - C:\WINDOWS\system32\termsrv.dll
O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\system32\shsvcs.dll
O23 - Service: ThreatFire - - C:\Program Files\ThreatFire\TFService.exe service
O23 - Service: Distributed Link Tracking Client - Microsoft Corporation - C:\WINDOWS\system32\trkwks.dll
O23 - Service: TUYJSP - Sysinternals - www.sysinternals.com - C:\Documents and Settings\Administrator\Local Settings\temp\TUYJSP.exe
O23 - Service: Universal Plug and Play Device Host - Microsoft Corporation - C:\WINDOWS\system32\upnphost.dll
O23 - Service: Uninterruptible Power Supply - Microsoft Corporation - C:\WINDOWS\system32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - Microsoft Corporation - C:\Program Files\Windows Live\Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - Microsoft Corporation - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time - Microsoft Corporation - C:\WINDOWS\system32\w32time.dll
O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\system32\webclnt.dll
O23 - Service: Windows Management Instrumentation - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmisvc.dll
O23 - Service: Portable Media Serial Number Service - Microsoft Corporation - C:\WINDOWS\system32\mspmsnsv.dll
O23 - Service: WMI Performance Adapter - Microsoft Corporation - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - Microsoft Corporation - C:\WINDOWS\system32\wscsvc.dll
O23 - Service: Automatic Updates - Microsoft Corporation - C:\WINDOWS\system32\wuauserv.dll
O23 - Service: Wireless Zero Configuration - Microsoft Corporation - C:\WINDOWS\system32\wzcsvc.dll
O23 - Service: Network Provisioning Service - Microsoft Corporation - C:\WINDOWS\system32\xmlprov.dll

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 2.0.0.20
MSIE: Internet Explorer (7.00.5730.13)
Firefox 2.0.0.20 installed in C:\Program Files\Mozilla Firefox.
19 IE Cookies in Folder: C:\Documents and Settings\Z\Cookies\
0 Mozilla Cookies in Folder: C:\Documents and Settings\Z\Application Data\Mozilla\FireFox\Profiles\hg9g0nkj.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 1:Turn off Automatic Updates.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://


WP16 - ActiveX: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [Microsoft Data Collection Control] C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSDcode.dll 2.6.1.19
WP16 - ActiveX: {193C772A-87BE-4B19-A7BB-445B226FE9A1} [ewidoOnlineScan Control] C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll 1.0.0.4
WP16 - ActiveX: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} [ActiveScan 2.0 Installer Class] C:\WINDOWS\DOWNLOADED PROGRAM FILES\AS2STUBIE.DLL 1, 1, 0, 0
WP16 - ActiveX: {41524153-46FB-488C-8E53-7624AB83C46F} [ActiveScan 2.0 AV Class] C:\PROGRAM FILES\PANDA SECURITY\ACTIVESCAN 2.0\as2guiie.dll 1, 2, 3, 0
WP16 - ActiveX: {6414512B-B978-451D-A0D8-FCFDF33E833C} [WUWebControl Class] C:\WINDOWS\system32\wuweb.dll 7.2.6001.788
WP16 - ActiveX: {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} [Microsoft Shell UI Helper] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\WINDOWS\system32\wmp.dll 9.00.00.3250
WP16 - ActiveX: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [MUWebControl Class] C:\WINDOWS\system32\muweb.dll 7.2.6001.788
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {B9F79165-A264-4C4A-A211-133A5E8D647F} [F-Secure Health Check 1.1] C:\WINDOWS\DOWNLOADED PROGRAM FILES\fscax.dll 1.1
WP16 - ActiveX: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [a-squared Scanner] C:\WINDOWS\Downloaded Program Files\asquared.ocx 4.0.0.0
WP16 - ActiveX: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [F-Secure Online Scanner 3.3] C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\fscax.dll 3.3.0
WP16 - ActiveX: {CFC399AF-D876-11D0-9C10-00C04FC99C8E} [Msxml] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [McFreeScan Class] C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll 2, 2, 0, 5494
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\WINDOWS\system32\msxml3.dll 8.100.1048.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {1D2B4F40-1F10-11D1-9E88-00C04FDCAB92} [ThumbCtl Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\WINDOWS\system32\wmpdxm.dll 9.00.00.3250
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\PROGRAM FILES\ROGUEREMOVER\COMCTL32.OCX 6.00.8105
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\WINDOWS\system32\ieframe.dll 7.00.5730.13
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\WINDOWS\system32\mshtml.dll 7.00.5730.13
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [WebViewFolderIcon Class] C:\WINDOWS\system32\webvw.dll 6.00.2900.2180
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\WINDOWS\system32\capicom.dll 2, 1, 0, 2

WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [WordPad Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .EML: [Outlook Express Mail Message]C:\Program Files\Outlook Express\msimn.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [FLVPlayer.ex]C:\Program Files\FLV Player\FLVPlayer.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Document]C:\Program Files\Windows NT\Accessories\WORDPAD.EXE %1
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

Memory currently in use: 28%
Physical Memory Free: 701,828 KB
Paging File Free: 2,205,860 KB
Virtual Memory Free: 2,064,296 KB


--
End of file
 
Old 14th Jan 2009, 16:31
Moderator
Posts: 7,848
 
That looked a bit more normal. But there are still no 04 entries. Indicating that nothing is running at startup. Do you use MSCONFIG to control your Startups? If so please enable ALL of the entries in MSCONFIG. restart and then post a new RSIT log.

Also go to C:\RSIT\info.txt and post that log please.
__________________
 
Old 14th Jan 2009, 16:37
New Member
Posts: 9
 
I use WinPatrol to control Startups.

info.txt logfile of random's system information tool 1.05 2009-01-14 07:37:02

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AIM Ad Hack-->"C:\Program Files\AIM\unins000.exe"
Any Audio Converter 1.1.0-->"C:\Program Files\AudioConverter\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
BOClean-->C:\WINDOWS\UNBOC.EXE
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Display Image Grabber 1.0-->"C:\Program Files\Display Image Grabber\unins000.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Foxit Reader-->C:\Program Files\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ID-Blaster Plus v2.0-->"C:\Program Files\ID-Blaster\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LCleaner-->C:\Program Files\LCleaner\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover\unins000.exe"
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MRU-Blaster v1.5 (Database 3/28/2004)-->"C:\Program Files\MRU-Blaster\unins000.exe"
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Revo Uninstaller 1.75-->C:\Program Files\Revo Uninstaller\uninst.exe
Rootkit Unhooker Uninstall-->"C:\RkUnhooker\uninstall.exe"
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Defrag 1.02-->"C:\Program Files\IObitSmartDefrag\unins000.exe"
Sony ACID Music Studio 7.0-->MsiExec.exe /X{A74C1699-4BCE-433F-82D6-F11207A0581B}
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
ThreatFire 4.0-->"C:\Program Files\ThreatFire\unins000.exe"
trakAxPC-->MsiExec.exe /I{ABBA0799-F982-414C-9A8B-17EB03D39677}
Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
What's Running 2.2-->"C:\Program Files\WhatsRunning\unins000.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPatrol 2008-->C:\PROGRA~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: VIRUSfighter ver. 5.99

System event log

Computer Name: A
Event Code: 7035
Message: The Kaspersky Anti-Virus service was successfully sent a start control.

Record Number: 26131
Source Name: Service Control Manager
Time Written: 20081123145005.000000-300
Event Type: information
User: A\Z

Computer Name: A
Event Code: 9
Message: Broadcom 440x 10/100 Integrated Controller: Network controller configured for 100Mb full-duplex link.

Record Number: 26130
Source Name: bcm4sbxp
Time Written: 20081123144948.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 7036
Message: The Cryptographic Services service entered the running state.

Record Number: 26129
Source Name: Service Control Manager
Time Written: 20081123144940.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 7035
Message: The Cryptographic Services service was successfully sent a start control.

Record Number: 26128
Source Name: Service Control Manager
Time Written: 20081123144940.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: A
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 26127
Source Name: Service Control Manager
Time Written: 20081123144701.000000-300
Event Type: information
User:

Application event log

Computer Name: A
Event Code: 4660
Message:
Record Number: 10312
Source Name: Kaspersky Anti-Virus
Time Written: 20081105122848.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 4660
Message:
Record Number: 10311
Source Name: Kaspersky Anti-Virus
Time Written: 20081105122848.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 4660
Message:
Record Number: 10310
Source Name: Kaspersky Anti-Virus
Time Written: 20081105122848.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 4660
Message:
Record Number: 10309
Source Name: Kaspersky Anti-Virus
Time Written: 20081105122845.000000-300
Event Type: information
User:

Computer Name: A
Event Code: 4660
Message:
Record Number: 10308
Source Name: Kaspersky Anti-Virus
Time Written: 20081105120851.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;%NpmLib%
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
 
Old 14th Jan 2009, 18:52
Moderator
Posts: 7,848
 
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
 
Old 14th Jan 2009, 19:09
New Member
Posts: 9
 
Attempted ComboFix & screen captured what happen..
 
Old 14th Jan 2009, 21:06
Moderator
Posts: 7,848
 
* Go to "Start -> Run"
* Enter the following in the window that opens: wbemtest
* Click "OK"
* Click on "Connect"

* Change the text in the field "Namespace" to: root\securitycenter
* Click "Connect"
* Click "Enum Instances"
* Type the following in the window which opens: firewallproduct
* Click "OK"

* Click the line with "FirewallProduct" and click "Delete"
* Click "Close"

* Click "Enum Instances"
* Type the following in the window which opens: antivirusproduct
* Click "OK"

* Click the line with "AntivirusProduct" and click "Delete"
* Click "Close"

-----

Is it still in the Security Center? You might need to restart the computer for it to take effect.

,
__________________
 
Old 14th Jan 2009, 21:45
New Member
Posts: 9
 
evilfantasy's da man!!
 
Old 14th Jan 2009, 21:48
Moderator
Posts: 7,848
 
Glad it worked!

You can just delete ComboFix.

A few suggestions.

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox.

To prevent unknown applications from being installed on your computer install WinPatrol
* Using Winpatrol to protect your computer from malicious software

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
 
Old 14th Jan 2009, 21:56
New Member
Posts: 9
 
Thanks again.. I will do as you suggested..

Speaking of Windows Updates, I had tried upgrading to XP SP3 few times but keep getting >

[Error number: 0x800704DD]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
 
Old 14th Jan 2009, 22:57
Moderator
Posts: 7,848
 
Try the steps from this page. http://support.microsoft.com/kb/910341

It says Windows 2000 but XP is the same as Windows 2000 so it should all be the same.
__________________


Translations Powered by Powered by Google
CroatianCzechDanishDutchEnglishFinnishFrenchGermanGreekHebrewHungarianItalianJapaneseLatvianLithuanianNorwegianPolishPortugueseRomanianRussianSlovakSpanishSwedish

Copyright ©2006 - 2010 Computer Juice.
Contact - Directory - Privacy - Sitemap - Top

vBulletin Translation Engine by vBET
Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2010, Crawlability, Inc.