Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Resolved] Re-directed sites - Can't System Restore - Can't Install

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Resolved] Re-directed sites - Can't System Restore - Can't Install

Reply
Page 2 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #11 (permalink)  
Old 19-06-2009, 11:18 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Here are the new "LOGS"

ComboFix 09-06-18.02 - Daniel Bautista 06/19/2009 17:45.1 - NTFSx86
Running from: c:\documents and settings\Daniel Bautista\Desktop\6501\6501.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Daniel Bautista\Application Data\.#
c:\documents and settings\Daniel Bautista\Application Data\IUpd721
c:\temp\1cb
c:\windows\system32\drivers\UACvjgdlrvotyekhbd.sys
c:\windows\system32\T2
c:\windows\system32\UACfqerrwastrrmkmo.dll
c:\windows\system32\UACgwcytjdgynwapls.log
c:\windows\system32\UACiovyyhnnfaxnsay.dll
c:\windows\system32\UACjljgxlqlxujhcnj.dat
c:\windows\system32\UACmmfxgtyxluahnif.db
c:\windows\system32\UACnvwnwewiqmrvpnr.log
c:\windows\system32\UACodxoewvkipuavpi.dll
c:\windows\system32\UACqlpllynptilwpvq.log
c:\windows\system32\UACrcpjjlarfpywpfs.dll
c:\windows\system32\UACwpejbcjwkgrpdkr.dll
c:\windows\system32\UACxrodkqkctsnbuma.dll
C:\Documents
c:\documents and settings\Daniel Bautista\Application Data\.#\MBX@8E8@10B3288.###
c:\documents and settings\Daniel Bautista\Application Data\.#\MBX@8E8@10B3298.###
c:\documents and settings\Daniel Bautista\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Daniel Bautista\Temporary Internet Files\fbk.sts
c:\temp\1cb\syscheck.log
c:\windows\IE4 Error Log.txt
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\UACvjgdlrvotyekhbd.sys
c:\windows\system32\esvjnqpo.ini
c:\windows\system32\fsdqchyt.ini
c:\windows\system32\grb.exe
c:\windows\system32\iuprdvvh.ini
c:\windows\system32\msvcsv60.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\rYHilnmp.ini
c:\windows\system32\rYHilnmp.ini2
c:\windows\system32\UACfqerrwastrrmkmo.dll
c:\windows\system32\UACgwcytjdgynwapls.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiovyyhnnfaxnsay.dll
c:\windows\system32\UACjljgxlqlxujhcnj.dat
c:\windows\system32\UACmmfxgtyxluahnif.db
c:\windows\system32\UACnvwnwewiqmrvpnr.log
c:\windows\system32\UACodxoewvkipuavpi.dll
c:\windows\system32\UACqlpllynptilwpvq.log
c:\windows\system32\UACrcpjjlarfpywpfs.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACwpejbcjwkgrpdkr.dll
c:\windows\system32\UACxrodkqkctsnbuma.dll
D:\Autorun.inf
D:\Desktop.ini

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_EPSON_PM_RPCV4_01
-------\Service_EPSON_PM_RPCV4_01


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Malwarebytes
2009-06-17 23:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 23:37 . 2009-06-17 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 23:37 . 2009-06-17 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 23:37 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 19:02 . 2009-06-17 23:21 117760 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-17 19:02 . 2009-06-17 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-17 18:59 . 2009-06-17 19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com
2009-06-15 02:45 . 2009-06-15 02:45 -------- d-----w- C:\Templates
2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\Wave Arts
2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\program files\Wave Arts
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FabFilter
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\Common Files\VST3
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\FabFilter
2009-06-07 17:36 . 2009-06-09 23:28 16 ----a-w- c:\windows\msocreg32.dat
2009-06-02 22:45 . 2009-06-02 22:45 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker Pro Advanced
2009-06-02 22:44 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\FileMaker
2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\program files\FileMaker
2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker
2009-05-22 10:23 . 2009-05-22 10:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-19 21:58 . 2009-05-12 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-17 18:58 . 2007-02-21 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-15 02:23 . 2008-12-06 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-14 17:59 . 2009-02-20 14:23 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\uTorrent
2009-06-14 15:03 . 2007-05-24 01:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\UseNeXT
2009-06-10 01:08 . 2007-05-24 01:24 -------- d-----w- c:\program files\UseNeXT
2009-06-07 17:34 . 2006-08-17 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 17:34 . 2006-12-12 03:32 -------- d-----w- c:\program files\IK Multimedia
2009-05-27 01:28 . 2006-12-12 06:10 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Apple Computer
2009-05-12 03:13 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\BitDefender
2009-05-12 03:01 . 2009-05-12 03:00 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\program files\BitDefender
2009-05-12 01:20 . 2009-05-12 01:20 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Kasper-Key_Sharing_Networ
2009-05-11 20:16 . 2009-02-19 22:16 -------- d-----w- c:\program files\IrfanView
2009-05-01 15:36 . 2009-05-01 15:36 -------- d-----w- c:\program files\PlayPianoTODAY
2009-04-28 11:15 . 2009-04-28 11:15 3128 ----a-r- c:\documents and settings\Daniel Bautista\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2009-04-25 03:25 . 2008-06-29 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 03:25 . 2008-06-29 22:09 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-25 00:15 . 2009-04-10 13:47 -------- d-----w- c:\program files\FXhome PhotoKey 2 Pro
2009-04-20 23:18 . 2009-04-20 23:18 1878984 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-04-04 16:01 . 2008-06-29 22:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-04 11:30 . 2006-08-17 06:52 165592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 01:23 . 2009-04-01 01:23 161 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Kompoz Konnect.dat
2004-03-11 18:27 . 2007-03-10 18:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-03-05 22:08 . 2009-05-12 03:14 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[7] 2005-05-26 03:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-14 01:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 21:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-26 03:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 10:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
2007-03-09 15:09 . 2007-03-09 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

2007-05-11 07:06 . 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2008-01-12 03:16 . 2008-01-12 03:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

2007-09-07 23:01 . 2007-09-07 23:01 43008 c:\program files\BitTorrent\bak\bittorrent.exe

2007-05-10 23:33 . 2007-05-10 23:33 216064 c:\program files\BitTorrent_DNA\bak\dna.exe

2006-03-20 22:34 . 2006-03-20 22:34 86960 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2006-09-11 09:40 . 2006-09-11 09:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2006-03-20 22:34 . 2006-03-20 22:34 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

2006-12-17 05:10 . 2006-12-17 05:10 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2007-02-01 02:39 . 2006-07-13 19:02 40960 c:\program files\Hewlett-Packard\Default Settings\bak\cpqset.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2007-05-08 20:24 . 2007-05-08 20:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2006-08-17 07:19 . 2006-07-19 22:14 102400 c:\program files\HP\QuickPlay\bak\QPService.exe

2007-09-26 18:42 . 2007-09-26 18:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe
2008-09-10 21:40 . 2008-09-10 21:40 289576 c:\program files\iTunes\iTunesHelper.exe

2007-08-09 01:54 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\bak\MMReminderService.exe
2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\MmReminderService.exe

2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2008-09-06 19:09 . 2008-09-06 19:09 413696 c:\program files\QuickTime\QTTask.exe

2006-08-17 07:18 . 2006-06-17 05:22 794713 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2004-09-05 22:20 . 2004-09-05 22:20 380928 c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\bak\pdfSaver3.exe

2006-12-12 14:52 . 2005-03-08 15:02 910336 c:\program files\Webroot\Washer\bak\wwDisp.exe

2006-10-19 01:05 . 2006-10-19 01:05 204288 c:\program files\Windows Media Player\bak\WMPNSCFG.exe

2006-08-17 08:09 . 2006-02-09 16:52 643072 c:\windows\CREATOR\bak\Remind_XP.exe

2006-08-17 08:09 . 2005-10-11 17:23 1187840 c:\windows\SMINST\bak\RecGuard.exe

2004-08-04 21:00 . 2004-08-04 21:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 21:00 . 2004-08-04 13:00 15360 c:\windows\system32\ctfmon.exe

2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_F ATIABA.EXE
2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeBridge"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2006-03-20 213936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ReminderApp"="c:\program files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-09-27 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"pdfSaver3"="" [N/A]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2008-11-14 1126400]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbmn1x1.dll
"midi2"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Config V1\\EpsonNet Config.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent_DNA\\btdna.exe"=
"c:\\Documents and Settings\\Daniel Bautista\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 Winem43;Winem43;c:\windows\System32\Drivers\Winem4 3.sys [x]
R0 Winks21;Winks21;c:\windows\System32\Drivers\Winks2 1.sys [x]
R0 Winvd53;Winvd53;c:\windows\System32\Drivers\Winvd5 3.sys [x]
R1 c2scsi;c2scsi; [x]
R2 aspnet_statemnmsrvc;ASP.NET State Service aspnet_statemnmsrvc;ð%€|x srv [x]
R2 Eventlogusnjsvc;Event Log Eventlogusnjsvc;ð%€|x srv [x]
R2 gupdate1c95c0c7f53fe46;Google Update Service (gupdate1c95c0c7f53fe46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R2 lanmanserverwscsvc;Server lanmanserverwscsvc;ð%€|x srv [x]
R2 mnmsrvcFastUserSwitchingCompatibility;NetMeeting Remote Desktop Sharing mnmsrvcFastUserSwitchingCompatibility;ð%€|x srv [x]
R2 NVSvcWmi;NVIDIA Display Driver Service NVSvcWmi;ð%€|x srv [x]
R2 PolicyAgentTermService;IPSEC Services PolicyAgentTermService;ð%€|x srv [x]
R2 RemoteRegistrydmadmin;Remote Registry RemoteRegistrydmadmin;ð%€|x srv [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 SCardSvr Mobile Device;Smart Card SCardSvr Mobile Device;ð%€|x srv [x]
R2 SENSVSS;System Event Notification SENSVSS;ˆ srv [x]
R2 SessionLauncher;SessionLauncher; [x]
R2 TapiSrvTlntSvr;Telephony TapiSrvTlntSvr;ð%€|x srv [x]
R2 TapiSrvTlntSvrNetlogon;Telephony TapiSrvTlntSvr TapiSrvTlntSvrNetlogon;ð%€|x srv [x]
R2 wuauserv Driver HPZ12;Automatic Updates wuauserv Driver HPZ12;ð%€|x srv [x]
R2 WudfSvcRSVP;Windows Driver Foundation - User-mode Driver Framework WudfSvcRSVP;ð%€|x srv [x]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\Drivers\avcuwfl.sys [2003-12-23 18644]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\DRIVERS\avcuwilo.sys [2004-01-03 51166]
R3 L6SeaMonkDev;Line 6 Variax USB Service;c:\windows\system32\Drivers\L6SM.sys [2005-03-21 35712]
R3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 ps_1394;ps_1394;c:\windows\system32\Drivers\ps_139 4.sys [2004-10-14 97152]
R3 ps_avs;ps_avs;c:\windows\system32\Drivers\ps_avs.s ys [2004-10-14 24576]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 Stlnpitds;Stlnpitds; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2008-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-06-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 18:44]

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 04:01]
.
- - - - ORPHANS REMOVED - - - -

Notify-c008931 - c008931.mat
Notify-ssqNFVMf - ssqNFVMf.dll
SafeBoot-Winah75.sys
SafeBoot-Winbi20.sys
SafeBoot-Windk30.sys
SafeBoot-Winem43.sys
SafeBoot-Winks21.sys
SafeBoot-Winrx63.sys
SafeBoot-Winsa20.sys
SafeBoot-Wintb31.sys
SafeBoot-Winvd53.sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-19 18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\a spnet_statemnmsrvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\E ventlogusnjsvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\l anmanserverwscsvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\m nmsrvcFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N VSvcWmi]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\P olicyAgentTermService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\R emoteRegistrydmadmin]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S CardSvr Mobile Device]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S ENSVSS]
"ImagePath"="ˆ\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T apiSrvTlntSvr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T apiSrvTlntSvrNetlogon]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\w uauserv Driver HPZ12]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W udfSvcRSVP]
"ImagePath"="ð%€|x\01\09 srv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3508402763-3168612021-2433035992-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{27C6E1B6-8CB0-521C-4E4E-4EEE811F3222}*]
"hajbingbmkgglpfb"=hex:6a,61,64,6f,6a,70,6f,6e,61, 6e,69,6a,69,6b,6c,61,6b,6a,
64,6d,00,a3
"iahaogncbcpgbbhgih"=hex:6a,61,64,6f,66,70,6b,70,6 e,61,6b,70,6b,65,67,70,65,65,
68,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8b,da,88,f0,e0,d6,d0,30,c3,52,ab,19, 62,6c,88,98,d4,3a,b4,41,13,
7e,06,bc,dd,3c,0d,a9,d7,43,73,05,2a,19,7f,5d,fa,9d ,51,08,f3,03,f9,74,e6,39,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\10.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
************************************************** ************************
.
Completion time: 2009-06-19 18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 22:10

Pre-Run: 94,503,514,112 bytes free
Post-Run: 94,846,599,168 bytes free

417 --- E O F --- 2008-07-17 05:04
__________________________________________________ ____________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:12 PM, on 6/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ASP.NET State Service aspnet_statemnmsrvc (aspnet_statemnmsrvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Event Log Eventlogusnjsvc (Eventlogusnjsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server lanmanserverwscsvc (lanmanserverwscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcFastUserSwitchingCompatibility (mnmsrvcFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Display Driver Service NVSvcWmi (NVSvcWmi) - Unknown owner - C:\WINDOWS\
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services PolicyAgentTermService (PolicyAgentTermService) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Registry RemoteRegistrydmadmin (RemoteRegistrydmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Smart Card SCardSvr Mobile Device (SCardSvr Mobile Device) - Unknown owner - C:\WINDOWS\
O23 - Service: System Event Notification SENSVSS (SENSVSS) - Unknown owner - ˆ .exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - (no file)
O23 - Service: Telephony TapiSrvTlntSvr (TapiSrvTlntSvr) - Unknown owner - C:\WINDOWS\
O23 - Service: Telephony TapiSrvTlntSvr TapiSrvTlntSvrNetlogon (TapiSrvTlntSvrNetlogon) - Unknown owner - C:\WINDOWS\
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Automatic Updates wuauserv Driver HPZ12 (wuauserv Driver HPZ12) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcRSVP (WudfSvcRSVP) - Unknown owner - C:\WINDOWS\

--
End of file - 15135 bytes

Thank you so much!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 20-06-2009, 01:00 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,272
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Any reason, you skipped Recovery Console installation?
It's pretty important part.
When you run Combofix again, accept Recovery console installation.

================================================== ===========

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\msocreg32.dat
c:\windows\system32\bdod.bin
c:\windows\System32\Drivers\Winem43.sys
c:\windows\System32\Drivers\Winks21.sys
c:\windows\System32\Drivers\Winvd53.sys


Folder::

Driver::
Winem43
Winks21
Winvd53
aspnet_statemnmsrvc
Eventlogusnjsvc
lanmanserverwscsvc
mnmsrvcFastUserSwitchingCompatibility
NVSvcWmi
PolicyAgentTermService
RemoteRegistrydmadmin
"SCardSvr Mobile Device"
SENSVSS
TapiSrvTlntSvr
TapiSrvTlntSvrNetlogon
"wuauserv Driver HPZ12"
WudfSvcRSVP
Stlnpitds


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_statemnmsrvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlogusnjsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserverwscsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvcFastUserSwitchingCompatibility]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVSvcWmi]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgentTermService]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteRegistrydmadmin]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr Mobile Device]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENSVSS]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrvTlntSvr]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrvTlntSvrNetlogon]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv Driver HPZ12]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvcRSVP]

RegLockDel::

AWF::
c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\QTTask.exe
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 20-06-2009, 03:53 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
I'm so sorry for the newbie errors,

Here are the Logs:

ComboFix 09-06-19.01 - Daniel Bautista 06/20/2009 10:31.2 - NTFSx86
Running from: c:\documents and settings\Daniel Bautista\Desktop\6501.exe
Command switches used :: c:\documents and settings\Daniel Bautista\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\msocreg32.dat"
"c:\windows\system32\bdod.bin"
"c:\windows\System32\Drivers\Winem43.sys"
"c:\windows\System32\Drivers\Winks21.sys"
"c:\windows\System32\Drivers\Winvd53.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msocreg32.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\bdod.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPNET_STATEMNMSRVC
-------\Legacy_EVENTLOGUSNJSVC
-------\Legacy_LANMANSERVERWSCSVC
-------\Legacy_MNMSRVCFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_NVSVCWMI
-------\Legacy_POLICYAGENTTERMSERVICE
-------\Legacy_REMOTEREGISTRYDMADMIN
-------\Legacy_SCARDSVR_MOBILE_DEVICE
-------\Legacy_SENSVSS
-------\Legacy_TAPISRVTLNTSVR
-------\Legacy_TAPISRVTLNTSVRNETLOGON
-------\Legacy_WUAUSERV_DRIVER_HPZ12
-------\Legacy_WUDFSVCRSVP
-------\Service_Stlnpitds
-------\Service_Winem43
-------\Service_Winks21
-------\Service_Winvd53


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 23:40 . 2009-06-19 23:40 -------- d-----w- c:\program files\iPod
2009-06-19 23:40 . 2009-06-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-19 23:34 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-19 22:28 . 2009-06-19 23:06 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-19 22:27 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-19 22:26 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Malwarebytes
2009-06-17 23:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 23:37 . 2009-06-17 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 23:37 . 2009-06-17 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 23:37 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 19:02 . 2009-06-17 23:21 117760 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-17 19:02 . 2009-06-17 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-17 18:59 . 2009-06-17 19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com
2009-06-15 02:45 . 2009-06-15 02:45 -------- d-----w- C:\Templates
2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\Wave Arts
2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\program files\Wave Arts
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FabFilter
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\Common Files\VST3
2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\FabFilter
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 22:45 . 2009-06-02 22:45 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker Pro Advanced
2009-06-02 22:44 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\FileMaker
2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\program files\FileMaker
2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker
2009-05-22 10:23 . 2009-05-22 10:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-20 14:39 . 2007-05-24 23:50 -------- d-----w- c:\program files\QuickTime
2009-06-20 14:38 . 2008-12-06 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-20 14:31 . 2007-07-05 02:27 -------- d-----w- c:\program files\iTunes
2009-06-19 23:40 . 2007-07-05 02:26 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 23:36 . 2006-12-12 06:09 -------- d-----w- c:\program files\Apple Software Update
2009-06-19 23:34 . 2007-07-05 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 22:45 . 2008-09-04 21:53 -------- d-----w- c:\program files\Bonjour
2009-06-17 18:58 . 2007-02-21 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-14 17:59 . 2009-02-20 14:23 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\uTorrent
2009-06-14 15:03 . 2007-05-24 01:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\UseNeXT
2009-06-10 01:08 . 2007-05-24 01:24 -------- d-----w- c:\program files\UseNeXT
2009-06-07 17:34 . 2006-08-17 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 17:34 . 2006-12-12 03:32 -------- d-----w- c:\program files\IK Multimedia
2009-06-05 15:42 . 2008-07-31 22:26 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-27 01:28 . 2006-12-12 06:10 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Apple Computer
2009-05-12 03:13 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\BitDefender
2009-05-12 03:01 . 2009-05-12 03:00 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\program files\BitDefender
2009-05-12 01:20 . 2009-05-12 01:20 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Kasper-Key_Sharing_Networ
2009-05-11 20:16 . 2009-02-19 22:16 -------- d-----w- c:\program files\IrfanView
2009-05-01 15:36 . 2009-05-01 15:36 -------- d-----w- c:\program files\PlayPianoTODAY
2009-04-29 04:56 . 2004-08-04 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 11:15 . 2009-04-28 11:15 3128 ----a-r- c:\documents and settings\Daniel Bautista\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2009-04-25 03:25 . 2008-06-29 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 03:25 . 2008-06-29 22:09 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-25 00:15 . 2009-04-10 13:47 -------- d-----w- c:\program files\FXhome PhotoKey 2 Pro
2009-04-20 23:18 . 2009-04-20 23:18 1878984 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-04-17 09:58 . 2004-08-04 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-04-04 16:01 . 2008-06-29 22:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-04 11:30 . 2006-08-17 06:52 165592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 01:23 . 2009-04-01 01:23 161 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Kompoz Konnect.dat
2004-03-11 18:27 . 2007-03-10 18:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-03-05 22:08 . 2009-05-12 03:14 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[7] 2005-05-26 03:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-14 01:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 21:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-26 03:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 10:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-19_22.00.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2005-05-26 09:16 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2004-08-04 21:00 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2004-08-04 21:00 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2005-06-29 00:21 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe
+ 2009-06-19 22:23 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-19 22:23 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2009-06-19 23:34 . 2008-07-23 00:32 32000 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaapl.sys
+ 2005-07-03 10:11 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2005-07-03 10:11 . 2008-04-23 04:16 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 21:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2008-04-23 04:16 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 21:00 . 2004-08-04 21:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 08:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 21:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 21:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 21:00 . 2008-04-22 07:39 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 16:58 . 2008-04-23 04:16 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2009-06-19 23:34 . 2009-06-05 15:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-06-19 23:34 . 2009-06-05 15:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-06-19 23:40 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2006-09-19 20:44 . 2009-03-19 20:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
- 2008-08-29 13:53 . 2008-08-29 13:53 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 15:11 . 2008-12-12 15:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 15:18 . 2008-12-12 15:18 87336 c:\windows\system32\dns-sd.exe
- 2008-08-29 14:18 . 2008-08-29 14:18 87336 c:\windows\system32\dns-sd.exe
+ 2004-08-04 21:00 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2004-08-04 21:00 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
- 2006-10-23 15:17 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-10 01:32 . 2008-04-23 04:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 01:32 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-10-23 15:17 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-10 01:32 . 2008-04-22 07:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-10 01:32 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 08:26 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 08:26 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-10-17 17:06 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-10-17 17:06 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 08:26 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2008-04-22 07:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-04-23 04:16 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 21:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 21:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2009-06-20 14:13 . 2009-06-20 14:13 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-06-19 23:36 . 2009-06-19 23:36 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-06-19 22:45 . 2009-06-19 22:45 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-20 14:16 . 2007-08-13 22:39 13312 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-20 14:16 . 2007-08-13 22:45 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-20 14:16 . 2008-04-22 07:39 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2006-08-17 07:20 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-04 21:00 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2004-08-04 21:00 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2004-08-04 21:00 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-19 02:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll
- 2004-08-04 21:00 . 2004-08-04 21:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 21:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 105984 c:\windows\system32\url.dll
+ 2004-08-04 21:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 102912 c:\windows\system32\occache.dll
+ 2004-08-04 21:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2005-07-03 10:11 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
- 2005-07-03 10:11 . 2008-04-23 04:16 193024 c:\windows\system32\msrating.dll
+ 2005-07-03 10:11 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2008-04-23 04:16 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-04 21:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2004-08-04 21:00 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 21:00 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2006-10-17 16:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2008-04-23 04:16 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 21:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 21:00 . 2008-04-20 05:07 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 153088 c:\windows\system32\ieakeng.dll
- 2006-10-03 23:47 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
+ 2006-10-03 23:47 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
+ 2004-08-04 21:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2009-06-19 23:40 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2005-05-10 08:17 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2005-01-19 12:26 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 21:00 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-04 21:00 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-04 21:00 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 02:03 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2008-04-23 04:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 17:05 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:05 . 2008-04-23 04:16 105984 c:\windows\system32\dllcache\url.dll
+ 2006-08-21 14:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-14 10:34 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2007-10-10 01:32 . 2009-04-15 15:26 583168 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-10-17 17:04 . 2008-04-23 04:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-08-17 12:28 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-10 01:32 . 2008-04-23 04:16 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 01:32 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2006-11-08 05:06 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2006-11-08 05:06 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-10-17 17:04 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-10 01:32 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 08:27 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-10 01:32 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-05-10 01:32 . 2008-04-23 04:16 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 08:25 . 2008-04-20 05:07 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:25 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:27 . 2008-04-23 04:16 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:27 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 08:26 . 2008-04-23 04:16 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-03-08 15:36 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2006-10-23 15:17 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-10-23 15:17 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-23 15:17 . 2008-04-23 04:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-10-23 15:17 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 08:26 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-11-07 08:26 . 2008-04-23 04:16 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 21:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 124928 c:\windows\system32\advpack.dll
+ 2009-06-19 23:40 . 2009-06-19 23:40 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-20 14:16 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-20 14:16 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 478208 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-20 14:16 . 2008-04-22 07:40 625664 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-20 14:16 . 2008-04-23 04:16 267776 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 384512 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-20 14:16 . 2008-04-20 05:07 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2005-01-19 12:26 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2004-08-04 21:00 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
- 2004-08-04 21:00 . 2008-04-23 04:16 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-04 21:00 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2006-05-10 20:46 . 2009-06-20 14:12 6275374 c:\windows\system32\perfc009.dat
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
+ 2004-08-04 21:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-04 21:00 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
- 2006-11-08 02:03 . 2008-04-23 04:16 6066176 c:\windows\system32\ieframe.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
- 2006-09-06 04:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-09-06 04:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2006-05-10 20:42 . 2009-04-04 17:04 2563496 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-10 20:42 . 2009-06-20 14:37 2563496 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-19 23:34 . 2009-06-05 15:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-06-19 23:34 . 2009-06-05 15:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dl l
+ 2004-08-04 21:00 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
- 2006-10-23 15:17 . 2008-04-23 04:16 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-13 13:33 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2006-09-13 05:01 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2006-10-23 15:17 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-10 01:32 . 2008-04-23 04:16 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-10 01:32 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-10 01:32 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-05-10 01:32 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-06-20 14:16 . 2008-04-23 04:16 1159680 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-20 14:16 . 2008-04-24 02:16 3591680 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-20 14:16 . 2008-04-23 04:16 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-20 14:16 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2005-12-20 10:30 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2006-05-10 20:46 . 2009-06-20 14:12 10574150 c:\windows\system32\perfh009.dat
+ 2006-12-18 03:29 . 2009-06-01 13:51 23635392 c:\windows\system32\MRT.exe
+ 2005-12-20 10:30 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
2007-03-09 15:09 . 2007-03-09 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

2007-09-07 23:01 . 2007-09-07 23:01 43008 c:\program files\BitTorrent\bak\bittorrent.exe

2007-05-10 23:33 . 2007-05-10 23:33 216064 c:\program files\BitTorrent_DNA\bak\dna.exe

2006-03-20 22:34 . 2006-03-20 22:34 86960 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2006-09-11 09:40 . 2006-09-11 09:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2006-03-20 22:34 . 2006-03-20 22:34 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

2006-12-17 05:10 . 2006-12-17 05:10 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2007-02-01 02:39 . 2006-07-13 19:02 40960 c:\program files\Hewlett-Packard\Default Settings\bak\cpqset.exe

2006-08-17 07:19 . 2006-07-19 22:14 102400 c:\program files\HP\QuickPlay\bak\QPService.exe

2007-08-09 01:54 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\bak\MMReminderService.exe
2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\MmReminderService.exe

2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

2006-08-17 07:18 . 2006-06-17 05:22 794713 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2004-09-05 22:20 . 2004-09-05 22:20 380928 c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\bak\pdfSaver3.exe

2006-12-12 14:52 . 2005-03-08 15:02 910336 c:\program files\Webroot\Washer\bak\wwDisp.exe

2006-10-19 01:05 . 2006-10-19 01:05 204288 c:\program files\Windows Media Player\bak\WMPNSCFG.exe

2006-08-17 08:09 . 2006-02-09 16:52 643072 c:\windows\CREATOR\bak\Remind_XP.exe

2006-08-17 08:09 . 2005-10-11 17:23 1187840 c:\windows\SMINST\bak\RecGuard.exe

2004-08-04 21:00 . 2004-08-04 21:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 21:00 . 2004-08-04 13:00 15360 c:\windows\system32\ctfmon.exe

2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_F ATIABA.EXE
2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeBridge"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2006-03-20 213936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ReminderApp"="c:\program files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-09-27 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"pdfSaver3"="" [N/A]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2008-11-14 1126400]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=usbmn1x1.dll
"midi2"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Config V1\\EpsonNet Config.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent_DNA\\btdna.exe"=
"c:\\Documents and Settings\\Daniel Bautista\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 c2scsi;c2scsi; [x]
R2 gupdate1c95c0c7f53fe46;Google Update Service (gupdate1c95c0c7f53fe46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 SessionLauncher;SessionLauncher; [x]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
R3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\Drivers\avcuwfl.sys [2003-12-23 18644]
R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\DRIVERS\avcuwilo.sys [2004-01-03 51166]
R3 L6SeaMonkDev;Line 6 Variax USB Service;c:\windows\system32\Drivers\L6SM.sys [2005-03-21 35712]
R3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 ps_1394;ps_1394;c:\windows\system32\Drivers\ps_139 4.sys [2004-10-14 97152]
R3 ps_avs;ps_avs;c:\windows\system32\Drivers\ps_avs.s ys [2004-10-14 24576]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 18:44]

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 04:01]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-20 10:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3508402763-3168612021-2433035992-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{27C6E1B6-8CB0-521C-4E4E-4EEE811F3222}*]
"hajbingbmkgglpfb"=hex:6a,61,64,6f,6a,70,6f,6e,61, 6e,69,6a,69,6b,6c,61,6b,6a,
64,6d,00,a3
"iahaogncbcpgbbhgih"=hex:6a,61,64,6f,66,70,6b,70,6 e,61,6b,70,6b,65,67,70,65,65,
68,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8b,da,88,f0,e0,d6,d0,30,c3,52,ab,19, 62,6c,88,98,d4,3a,b4,41,13,
7e,06,bc,dd,3c,0d,a9,d7,43,73,05,2a,19,7f,5d,fa,9d ,51,08,f3,03,f9,74,e6,39,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\10.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
************************************************** ************************
.
Completion time: 2009-06-20 10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-20 14:48
ComboFix2.txt 2009-06-19 22:10

Pre-Run: 92,534,951,936 bytes free
Post-Run: 92,536,225,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

574 --- E O F --- 2009-06-20 14:21
__________________________________________________ _________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:11 AM, on 6/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 13660 bytes

Thank You......
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 20-06-2009, 04:50 PM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,272
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.


Please download DrWeb CureIt (Dr.Web CureIt! ? download free anti-virus! Cure viruses, Best free anti-virus scanner!) & save it to your desktop.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the Scan tab and uncheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button.
* Then click the Green Arrow Start Scanning button on the right and the scan will start.
o Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done...
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.


* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot. Leave the Dr. Web CureIt log on the desktop.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 22-06-2009, 03:42 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Here are the LOGS:

DR Web
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown ;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
UACiovyyhnnfaxnsay.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Invalid path to file ;
UACrcpjjlarfpywpfs.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Incurable.Moved .;
UACwpejbcjwkgrpdkr.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
UACxrodkqkctsnbuma.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
SP31524.exe/musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe/musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\SWSetup\AOLMN;Archive contains infected objects;;
SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
cakemania-setup.exe/data030\data002;C:\SWSetup\HPGame\games\cakemania-setup.exe/data030;Adware.SpywareStorm;;
data030;C:\SWSetup\HPGame\games;Archive contains infected objects;;
cakemania-setup.exe;C:\SWSetup\HPGame\games;Archive contains infected objects;Moved.;
A0019605.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP13;Win32.HLLW.Facebook.63;Deleted. ;
A0019606.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP13;Win32.HLLW.Facebook.63;Deleted. ;
A0029873.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;BackDoor.Tdss.49;Deleted.;
A0029874.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;BackDoor.Tdss.105;Deleted.;
A0029875.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;Trojan.Packed.365;Incurable.Mov ed.;
A0029876.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;Trojan.Packed.365;Incurable.Mov ed.;
A0032632.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032632.EXE;Adware.Gdown;;
A0032632.EXE;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
A0032634.exe/musicnow1.exe\data008;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032634.exe/musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;;
A0032634.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
A0032635.exe/data030\data002;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032635.exe/data030;Adware.SpywareStorm;;
data030;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;;
A0032635.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
__________________________________________________ ________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:59 PM, on 6/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 13890 bytes

Again, thank you for all your great help....I truly appreciate it.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #16 (permalink)  
Old 22-06-2009, 07:06 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,272
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
This entries from Dr.Web:
Quote:
UACiovyyhnnfaxnsay.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Invalid path to file ;
UACrcpjjlarfpywpfs.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Incurable.Moved .;
UACwpejbcjwkgrpdkr.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
UACxrodkqkctsnbuma.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
tell me, that you either didn't uninstall Combofix, or you didn't restart computer before running Dr.Web.

In any case, make sure, that Combofix, Qoobox folders,and Combofix.txt file are gone from C:, and Combofix is gone from your desktop.

================================================== ===========

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================== ============

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- none

4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
- O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
- O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
- O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
- O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
- O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
- O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #17 (permalink)  
Old 23-06-2009, 01:18 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Ooops, I just deleted all the ComboFix files from C:

Here is the latest log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:10 AM, on 6/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 12536 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 23-06-2009, 01:33 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,272
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

10. Let me know, how is your computer doing.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 24-06-2009, 03:50 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Thank you for your great support Broni,

The computer is running perfectly fine now thanks to your night after night help. I truly appreciate your service.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 24-06-2009, 03:55 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,272
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Re-directed sites - Can't System Restore - Can't Install
Super!
Happy surfing
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] pop sites idr Spyware, Adware, Viruses and HijackThis Logs 19 28-07-2009 06:16 AM
[Resolved] Re-directed sites wbutt Spyware, Adware, Viruses and HijackThis Logs 13 24-06-2009 01:41 AM
XP System Restore won't restore?? bydnas Windows XP Help 1 26-06-2006 04:58 PM
system restore paulwatson Windows XP Help 7 30-03-2005 01:18 AM
System Restore - restore points brighteyed Windows ME Help 5 15-02-2005 12:20 AM


All times are GMT +1. The time now is 04:57 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav