Author Topic: Yoog Search (firefox+IE) (Read 5273 times)

antdgar · « **on:** December 19, 2008, 12:04:35 PM »

Hi, I've ran the following programs and deleted everything they found:

Ad-aware
MalwareBytes
Spybot S+D
NOD32 AV
SuperAntiSpyware
CC Cleaner
Trojan Hunter

They found about 300 trojans/viruses/spyware in total. I've removed them all.

However, yoog search remains in IE search/url bar and the firefox search/url bar.
I have tried deleting yoog entries from the registry and from IE's options. It still comes back.

I've reinstalled firefox twice, yet yoog still remains. I also deleted all folders from firefox after the install.

Can anyone recommend anyway to get rid of this nonsense? The only thing I can't do is reformat or re-install windows.

HiJackThis SystemScan Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:12 PM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5338 bytes

edit: the hijackthis system scan log is attached to this post.
<I removed the attachment as you have posted it in a replay>

guestolo · « **Reply #1 on:** December 19, 2008, 01:28:48 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please
NOTE: You may get an error message posting back log.txt
If you do, can you upload it please

antdgar · « **Reply #2 on:** December 19, 2008, 02:25:15 PM »

Thanks for your help:

info.txt logfile of random's system information tool 1.05 2008-12-19 14:20:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI-SV92PP Soft Modem-->C:\WINDOWS\agrsmdel
AstroPop Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe"
Bejeweled 2 Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe"
Blackhawk Striker 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Boggle Supreme from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe"
Bookworm Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\Uninstall.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Crystal Maze from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Family Feud-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\Uninstall.exe"
FATE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\Uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview-->"C:\WINDOWS\unins000.exe"
Insaniquarium Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Lemonade Tycoon 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\Uninstall.exe"
Lexibox Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
Mah Jong Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Puzzle Express from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe"
SCRABBLE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB960714)-->"C:\WINDOWS\ie8updates\KB960714-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shooting Stars Pool from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
Shrek 2 Ogre Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe"
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe"
Snowboard SuperJam from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tradewinds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Zuma Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\Uninstall.exe"

=====HijackThis Backups=====

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 antivirus system 2.70

System event log

Computer Name: YOUR-27E1513D96
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 3834
Source Name: Service Control Manager
Time Written: 20081217141812.000000-480
Event Type: error
User:

Computer Name: YOUR-27E1513D96
Event Code: 6005
Message: The Event log service was started.

Record Number: 3833
Source Name: EventLog
Time Written: 20081217141758.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 6009
Message: Microsoft Â® Windows Â® 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 3832
Source Name: EventLog
Time Written: 20081217141758.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 3831
Source Name: EventLog
Time Written: 20081217141707.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 3830
Source Name: DCOM
Time Written: 20081217141657.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: YOUR-27E1513D96
Event Code: 36
Message:
Record Number: 1156
Source Name: ccSetMgr
Time Written: 20081217142834.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 11724
Message: Product: SymNet -- Removal completed successfully.

Record Number: 1155
Source Name: MsiInstaller
Time Written: 20081217142824.000000-480
Event Type: information
User: YOUR-27E1513D96\Compaq_Owner

Computer Name: YOUR-27E1513D96
Event Code: 2
Message:
Record Number: 1154
Source Name: SNDSrvc
Time Written: 20081217142759.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 27
Message:
Record Number: 1153
Source Name: SNDSrvc
Time Written: 20081217142758.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 11724
Message: Product: Norton Internet Security -- Removal completed successfully.

Record Number: 1152
Source Name: MsiInstaller
Time Written: 20081217142752.000000-480
Event Type: information
User: YOUR-27E1513D96\Compaq_Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-19 14:19:48
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 119 GB (82%) free of 145 GB
Total RAM: 446 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:11 PM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4945 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-17 949376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft OCX]
C:\WINDOWS\system32\fglimztkm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe [1999-11-06 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\SanDisk\Common\Bin\WINCIN~1.EXE [2006-09-19 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2005-11-27 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\DISPLA~1.EXE [2005-05-09 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ï¿½Torrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\fglimztkm.exe"="C:\WINDOWS\system32\fglimztkm.exe:*:Enabled:Microsoft OCX"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======List of files/folders created in the last 1 months======

2008-12-19 14:19:48 ----D---- C:\rsit
2008-12-19 13:41:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-19 13:29:04 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 13:29:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 13:27:25 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 13:27:13 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-19 13:24:10 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 12:51:06 ----D---- C:\Program Files\LSI SoftModem
2008-12-19 12:50:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-19 12:44:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-19 12:41:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-19 12:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-19 12:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-19 03:07:47 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 03:07:38 ----D---- C:\WINDOWS\ie8updates
2008-12-18 18:47:06 ----D---- C:\Program Files\Trend Micro
2008-12-18 18:42:05 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-18 18:24:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 18:17:23 ----A---- C:\WINDOWS\system32\hpzll43a.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-18 18:11:06 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-18 18:11:05 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-18 18:11:04 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-18 18:11:03 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-18 18:11:03 ----A---- C:\WINDOWS\system32\hpzids01.dll
2008-12-18 16:26:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 15:51:40 ----D---- C:\Program Files\CCleaner
2008-12-18 14:26:19 ----D---- C:\WINDOWS\ERDNT
2008-12-18 12:14:13 ----D---- C:\Program Files\ERUNT
2008-12-18 12:13:17 ----D---- C:\Program Files\Lavasoft
2008-12-18 12:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 10:31:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-18 10:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 02:09:49 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 02:09:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-18 02:09:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-17 18:28:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-17 18:23:44 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-17 18:23:04 ----D---- C:\Program Files\Windows Live
2008-12-17 18:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-17 18:11:44 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 16:45:39 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-17 16:43:37 ----D---- C:\Program Files\ESET
2008-12-17 15:10:13 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-17 15:10:12 ----D---- C:\Program Files\Xvid
2008-12-17 15:10:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-17 15:09:47 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sun
2008-12-17 14:42:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 14:41:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 14:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 14:25:15 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-17 13:35:14 ----D---- C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 06:27:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-17 06:27:42 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-17 06:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 06:23:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 06:23:08 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 06:22:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-17 06:22:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinRAR
2008-12-17 06:21:22 ----D---- C:\Program Files\WinRAR
2008-12-16 19:24:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-16 19:14:52 ----D---- C:\Program Files\Winamp
2008-12-16 19:14:52 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 18:55:39 ----D---- C:\Program Files\uTorrent
2008-12-16 18:55:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 18:50:55 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-16 18:50:54 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-15 12:42:17 ----HDC---- C:\WINDOWS\ie8
2008-12-13 19:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 19:42:53 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-13 19:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-13 19:31:16 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-13 18:26:31 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-13 12:01:46 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 11:41:43 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Help
2008-12-13 11:22:48 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 10:57:57

newbiz02 · « **Reply #3 on:** December 19, 2008, 03:45:43 PM »

you could dissable that toolbar in ie. go to view and toolbars, and you could uncheck it. see how it goes.

To remove it i suppose you could use webroot spysweeper.
turn off system restore and run spysweeper. remember to turn system restore back on.

If all this doesnt work, run Norton internet security 2009.

guestolo · « **Reply #4 on:** December 19, 2008, 04:10:38 PM »

Don't worry about the reply from
newbiz02

Can you do the following for me please
Open Malwarebyte's AntiMalware
Open the LOGS tab
Double click on the log of the scan you made

Post back here the contents of that log please

antdgar · « **Reply #5 on:** December 19, 2008, 05:01:41 PM »

[quote name=\'guestolo\' post=\'451390\' date=\'Dec 19 2008, 04:10 PM\']Post back here the contents of that log please[/quote]

Ok. It's here:

Malwarebytes' Anti-Malware 1.31

Database version: 1512
Windows 5.1.2600 Service Pack 2

12/17/2008 4:31:42 PM
mbam-log-2008-12-17 (16-31-42).txt

Scan type: Quick Scan
Objects scanned: 60424
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TDSSd6df.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\Starware381Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\Starware381Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1317_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB40.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB50.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Tem3A9.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News\Music_NewsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News\Music_NewsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4\TMB4Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4\TMB4Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5\TMB5Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5\TMB5Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6\TMB6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6\TMB6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7\TMB7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7\TMB7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

guestolo · « **Reply #6 on:** December 20, 2008, 03:49:31 PM »

Can you do the following
Set Windows is to show hidden files/folders
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it

Navigate to the following folder
c:\documents and settings\test\Application Data\Mozilla\Firefox\Profiles\*********.default
In that folder right click on prefs.js and select EDIT
Can you copy/paste that info back here please

Also, if you see user.js in the same folder
Can you right click on it and select EDIT
Can you copy/paste that info back here too

antdgar · « **Reply #7 on:** December 21, 2008, 01:07:18 PM »

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1229094858);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("browser.visited_color", "#800080");
user_pref("extensions.enabledItems", "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("spellchecker.dictionary", "en-US");
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1231647541);

*AND userpref*

user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("keyword.enabled", true);

Second xxxdefault folder:

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1229649044);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1229838320);
user_pref("browser.download.lastDir", "C:\\Documents and Settings\\Compaq_Owner.YOUR-27E1513D96\\My Documents\\Downloads");
user_pref("browser.download.manager.alertOnEXEOpen", false);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.rights.3.shown", true);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.startup.homepage", "http://www.comcast.net/a/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.5");
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.warnOnRestart", false);
user_pref("extensions.adblockplus.currentVersion", "1.0");
user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5");
user_pref("extensions.lastAppVersion", "3.0.5");
user_pref("extensions.update.notifyUser", false);
user_pref("general.warnOnAboutConfig", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8, ISO-8859-2, us-ascii, EUC-JP");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("pref.browser.homepage.disable_button.current_page", false);
user_pref("print.print_printer", "Quicken PDF Printer");
user_pref("print.printer_Quicken_PDF_Printer.print_bgcolor", false);
user_pref("print.printer_Quicken_PDF_Printer.print_bgimages", false);
user_pref("print.printer_Quicken_PDF_Printer.print_command", "");
user_pref("print.printer_Quicken_PDF_Printer.print_downloadfonts", false);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_bottom", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_left", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_right", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_top", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_evenpages", true);
user_pref("print.printer_Quicken_PDF_Printer.print_footercenter", "");
user_pref("print.printer_Quicken_PDF_Printer.print_footerleft", "&PT");
user_pref("print.printer_Quicken_PDF_Printer.print_footerright", "&D");
user_pref("print.printer_Quicken_PDF_Printer.print_headercenter", "");
user_pref("print.printer_Quicken_PDF_Printer.print_headerleft", "&T");
user_pref("print.printer_Quicken_PDF_Printer.print_headerright", "&U");
user_pref("print.printer_Quicken_PDF_Printer.print_in_color", true);
user_pref("print.printer_Quicken_PDF_Printer.print_margin_bottom", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_left", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_right", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_top", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_oddpages", true);
user_pref("print.printer_Quicken_PDF_Printer.print_orientation", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_pagedelay", 500);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_data", 1);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_height", " 11.00");
user_pref("print.printer_Quicken_PDF_Printer.print_paper_size_type", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_size_unit", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_width", " 8.50");
user_pref("print.printer_Quicken_PDF_Printer.print_reversed", false);
user_pref("print.printer_Quicken_PDF_Printer.print_scaling", " 1.00");
user_pref("print.printer_Quicken_PDF_Printer.print_shrink_to_fit", true);
user_pref("print.printer_Quicken_PDF_Printer.print_to_file", false);
user_pref("print.printer_Quicken_PDF_Printer.print_to_filename", "");
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_left", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_right", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_top", 0);
user_pref("security.warn_viewing_mixed", false);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1232241051);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");

userpref:
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("keyword.enabled", true);

I have 2 xxxdefault folders within mozilla. I've also found that my google search results are now getting redirected to random ad sites. This only just started to happen. I can't believe this!!

guestolo · « **Reply #8 on:** December 21, 2008, 01:24:31 PM »

Try the following
The first set of instructions are for IE7, but we'll see if there the same for IE8

Print these next set of Instructions, or save them to a text file on desktop
I'll need you to keep your browser windows closed for much of this

In IE7, beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults" (It may be "Search Settings" in IE8)
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google (or another search provider) and set to Default

Close IE7

In Mozilla Firefox
Beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it
Then Highlight Google and Hit OK

Close Firefox, don't reopen it until we are done
Navigate to the following folder
c:\documents and settings\test\Application Data\Mozilla\Firefox\Profiles\****.default
The first prefs.js file you posted
In that folder right click on prefs.js and select EDIT
Delete the 2 lines referring to the following

===================================================
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
======================================================
Don't leave spacings
Close prefs.js and save the changes when prompted
remain in the folder
Right click on user.js and delete it

Go to the other *****.default folder
Delete user.js
The edit prefs.js and remove the following lines

user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
Close it and save the changes

Come back here, let's ensure that you didn't get reinfected
run RSIT.exe again from desktop
Post just the log that opens>>log.txt

In addition, can I see the following
Please download [color=\"#0000FF\"]GooredFix[/color] and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: [color=\"red\"]Do not run Option #2 yet[/color].

Let me know how things are running

antdgar · « **Reply #9 on:** December 21, 2008, 03:31:36 PM »

I did exactly as you said however YOOG SEARCH bar is still in firefox and IE. Infact it's right there as I'm typing this.

I almost feel it's impossible to remove. v___v
Also, it seems I'm still infected with something as all my google searches would be redirected to some malicious place. I have just fixed this though. However, it must have somehow snuck in since the google search problem only happened today.
This is my grandmothers computer which I'm trying to fix btw.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Her son had a trojan which transferred to the PC from his Sony PSP. It seems everything came from this.

The cause of the google results redirects was TDSSserv.sys. I also see some "TDS" related files in RSIT's log of 'recently created files'. hmm...

Here's the RSIT log:
(attached)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-21 14:26:32
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 82 GB (57%) free of 145 GB
Total RAM: 446 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:24 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5798 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-17 949376]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft OCX]
C:\WINDOWS\system32\fglimztkm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe [1999-11-07 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-20 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\SanDisk\Common\Bin\WINCIN~1.EXE [2006-09-19 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2005-11-27 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\DISPLA~1.EXE [2005-05-09 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ï¿½Torrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\fglimztkm.exe"="C:\WINDOWS\system32\fglimztkm.exe:*:Enabled:Microsoft OCX"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98d5040a-c23c-11dd-92c6-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======List of files/folders created in the last 1 months======

2008-12-21 11:34:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-12-20 21:40:30 ----A---- C:\WINDOWS\system32\TDSSqekn.dll
2008-12-20 21:40:26 ----A---- C:\WINDOWS\system32\TDSSrojf.dll
2008-12-20 21:40:26 ----A---- C:\WINDOWS\system32\TDSSirxy.dll
2008-12-20 21:39:42 ----A---- C:\WINDOWS\system32\TDSSktkl.dll
2008-12-19 17:14:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14:04 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-19 17:13:33 ----D---- C:\Program Files\iPod
2008-12-19 17:13:21 ----D---- C:\Program Files\iTunes
2008-12-19 17:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-19 17:11:06 ----D---- C:\Program Files\Apple Software Update
2008-12-19 17:10:27 ----D---- C:\Program Files\Common Files\Apple
2008-12-19 17:10:25 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-19 16:50:08 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-12-19 16:50:04 ----D---- C:\Program Files\Illustrate
2008-12-19 16:19:48 ----D---- C:\rsit
2008-12-19 15:41:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-19 15:29:04 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:29:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:27:25 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:27:13 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-19 15:24:10 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 14:51:06 ----D---- C:\Program Files\LSI SoftModem
2008-12-19 14:50:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-19 14:44:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-19 14:41:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-19 14:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-19 14:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-19 05:07:47 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 05:07:38 ----D---- C:\WINDOWS\ie8updates
2008-12-18 20:47:06 ----D---- C:\Program Files\Trend Micro
2008-12-18 20:42:05 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-18 20:24:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17:23 ----A---- C:\WINDOWS\system32\hpzll43a.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-18 20:11:06 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-18 20:11:05 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-18 20:11:04 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-18 20:11:03 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-18 20:11:03 ----A---- C:\WINDOWS\system32\hpzids01.dll
2008-12-18 18:26:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51:40 ----D---- C:\Program Files\CCleaner
2008-12-18 16:26:19 ----D---- C:\WINDOWS\ERDNT
2008-12-18 14:14:13 ----D---- C:\Program Files\ERUNT
2008-12-18 14:13:17 ----D---- C:\Program Files\Lavasoft
2008-12-18 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 12:31:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-18 12:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09:49 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 04:09:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-18 04:09:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-17 20:28:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-17 20:23:44 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-17 20:23:04 ----D---- C:\Program Files\Windows Live
2008-12-17 20:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-17 20:11:44 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45:39 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-17 18:43:37 ----D---- C:\Program Files\ESET
2008-12-17 17:10:13 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-17 17:10:12 ----D---- C:\Program Files\Xvid
2008-12-17 17:10:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-17 17:09:47 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sun
2008-12-17 16:42:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 16:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 16:25:15 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-17 15:35:14 ----D---- C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 08:27:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-17 08:27:42 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-17 08:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 08:23:08 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-17 08:22:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinRAR
2008-12-17 08:21:22 ----D---- C:\Program Files\WinRAR
2008-12-16 21:24:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-16 21:14:52 ----D---- C:\Program Files\Winamp
2008-12-16 21:14:52 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55:39 ----D---- C:\Program Files\uTorrent
2008-12-16 20:55:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50:55 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-16 20:50:54 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-15 14:42:17 ----HDC---- C:\WINDOWS\ie8
2008-12-13 21:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 21:42:53 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-13 21:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-13 21:31:16 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-13 20:26:31 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-13 14:01:46 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 13:41:43 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Help
2008-12-13 13:22:48 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 12:57:57 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skype
2008-12-11 22:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 22:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 22:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:37:51 ----D---- C:\Program Files\InterActual
2008-12-11 08:45:40 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\alot
2008-12-08 22:12:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\InterVideo
2008-12-05 08:13:19 ----D---- C:\WINDOWS\system32\en-US
2008-12-05 07:36:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla
2008-12-04 18:36:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Adobe
2008-12-04 14:14:17 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Macromedia
2008-12-04 14:08:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-04 14:05:40 ----ASH---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\desktop.ini
2008-12-04 14:05:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Intuit
2008-12-04 14:05:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Identities
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Symantec
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Real
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Microsoft
2008-12-04 13:58:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-02 12:05:39 ----D---- C:\Program Files\Inbox Toolbar
2008-11-28 11:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-22 05:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-22 05:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-22 05:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-21 14:26:33 ----D---- C:\WINDOWS\Prefetch
2008-12-21 14:23:17 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 14:09:32 ----D---- C:\WINDOWS\Tasks
2008-12-21 13:34:16 ----D---- C:\WINDOWS\Temp
2008-12-21 12:18:14 ----D---- C:\WINDOWS\system32
2008-12-21 12:17:14 ----D---- C:\WINDOWS
2008-12-21 12:15:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 12:15:30 ----RASH---- C:\boot. ini
2008-12-21 12:15:30 ----A---- C:\WINDOWS\win.ini
2008-12-21 12:15:30 ----A---- C:\WINDOWS\system.ini
2008-12-21 11:40:50 ----HD---- C:\WINDOWS\inf
2008-12-21 11:40:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 10:53:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 21:40:25 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 13:04:22 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 02:24:14 ----HD---- C:\Config.Msi
2008-12-20 02:24:12 ----SHD---- C:\WINDOWS\Installer
2008-12-20 02:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-20 02:23:19 ----D---- C:\WINDOWS\system32\dllcache
2008-12-20 02:23:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 02:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-20 02:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-20 02:17:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 02:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-19 19:30:40 ----D---- C:\Program Files
2008-12-19 17:12:44 ----D---- C:\Program Files\Bonjour
2008-12-19 17:12:13 ----D---- C:\Program Files\QuickTime
2008-12-19 17:10:27 ----D---- C:\Program Files\Common Files
2008-12-19 16:16:26 ----D---- C:\WINDOWS\system32\config
2008-12-19 15:41:23 ----D---- C:\WINDOWS\WinSxS
2008-12-19 15:40:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-19 15:34:39 ----D---- C:\Program Files\Microsoft Office
2008-12-19 15:34:39 ----D---- C:\Program Files\Common Files\System
2008-12-19 15:25:11 ----D---- C:\WINDOWS\security
2008-12-19 15:11:13 ----D---- C:\WINDOWS\SHELLNEW
2008-12-19 14:56:15 ----D---- C:\WINDOWS\AppPatch
2008-12-19 14:47:46 ----D---- C:\Program Files\Common Files\logishrd
2008-12-19 14:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-12-19 14:43:57 ----D---- C:\Program Files\Windows Media Player
2008-12-19 14:43:53 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-19 14:42:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-19 14:37:46 ----D---- C:\WINDOWS\Help
2008-12-19 14:37:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 14:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-19 14:36:43 ----D---- C:\Program Files\Internet Explorer
2008-12-19 14:32:59 ----D---- C:\WINDOWS\system32\usmt
2008-12-18 20:42:16 ----D---- C:\WINDOWS\system
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Setup
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Com
2008-12-18 20:34:43 ----D---- C:\WINDOWS\srchasst
2008-12-18 20:34:43 ----D---- C:\WINDOWS\msagent
2008-12-18 20:34:42 ----D---- C:\WINDOWS\ime
2008-12-18 20:34:42 ----D---- C:\WINDOWS\Downloaded Program Files
2008-12-18 20:34:40 ----D---- C:\Program Files\Quicken
2008-12-18 20:34:40 ----D---- C:\Program Files\Outlook Express
2008-12-18 20:34:40 ----D---- C:\Program Files\NetMeeting
2008-12-18 20:34:40 ----D---- C:\Program Files\Movie Maker
2008-12-18 20:34:40 ----D---- C:\Program Files\Microsoft Works
2008-12-18 20:34:40 ----D---- C:\Program Files\Messenger
2008-12-18 20:34:39 ----D---- C:\Program Files\Google
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Skype
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Palo Alto Software
2008-12-18 20:34:39 ----AD---- C:\Program Files\Common Files\LightScribe
2008-12-18 20:30:53 ----D---- C:\WINDOWS\pss
2008-12-18 20:24:17 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-18 20:16:34 ----D---- C:\Program Files\HP
2008-12-18 17:53:03 ----D---- C:\WINDOWS\Debug
2008-12-18 14:05:13 ----A---- C:\WINDOWS\WININIT.INI
2008-12-17 20:27:20 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-17 16:32:02 ----D---- C:\Program Files\Symantec
2008-12-17 16:29:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-17 16:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-17 14:51:23 ----D---- C:\Documents and Settings
2008-12-17 11:03:38 ----D---- C:\Program Files\Morpheus
2008-12-15 18:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-12-15 18:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-12-15 18:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-12-15 18:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-12-15 18:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-12-15 18:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-15 18:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-12-15 18:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-12-15 18:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-12-15 18:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-12-15 18:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-12-15 18:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-12-15 18:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-12-15 18:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-12-15 18:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-12-15 18:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-12-15 18:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-15 18:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-12-15 18:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-12-15 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-12-15 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-12-15 18:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-12-15 18:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-12-15 18:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-12-15 18:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-12-15 17:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-12-15 17:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-12-15 17:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-12-15 17:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-12-15 17:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-12-15 17:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-12-15 17:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-12-15 17:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-12-15 17:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-12-15 17:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-12-15 17:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-12-15 17:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-12-15 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-12-15 17:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-12-15 17:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-15 17:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-12-15 17:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-12-15 17:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-12-15 17:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-12-15 17:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-12-15 17:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-12-15 17:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-12-15 17:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-12-15 17:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-12-15 17:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-15 17:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-12-15 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-12-15 17:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-12-15 17:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-12-15 17:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-15 17:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-12-15 17:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-12-15 17:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-12-15 17:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-12-15 17:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-12-15 17:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-12-15 17:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-12-15 15:16:18 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-15 14:47:38 ----D---- C:\WINDOWS\Media
2008-12-14 07:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-13 21:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-13 21:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-13 21:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-13 21:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-13 21:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-13 21:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-13 21:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-13 21:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-13 21:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-13 21:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-13 21:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-13 21:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-13 21:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-13 21:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-13 21:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-13 21:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-13 21:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-13 21:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-13 21:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-13 20:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-13 13:36:07 ----SHD---- C:\RECYCLER
2008-12-13 13:20:22 ----HD---- C:\hp
2008-12-13 13:14:58 ----D---- C:\WINDOWS\Registration
2008-12-13 13:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-13 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-13 13:14:14 ----HDC---- C:\WINDOWS\ie7
2008-12-13 13:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-13 13:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-12-13 13:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-12-13 13:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-13 12:27:26 ----D---- C:\Program Files\MSN
2008-12-11 12:24:32 ----D---- C:\WINDOWS\network diagnostic
2008-12-06 12:40:59 ----D---- C:\WINDOWS\ie7updates
2008-12-04 14:08:25 ----AD---- C:\WINDOWS\system32\pcintro
2008-12-04 13:58:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-04 13:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-04 12:47:58 ----D---- C:\WINDOWS\I386
2008-12-04 12:45:27 ----D---- C:\Program Files\Windows NT
2008-12-04 12:45:12 ----D---- C:\Program Files\Common Files\Services
2008-12-04 12:44:45 ----D---- C:\WINDOWS\system32\ras
2008-12-04 12:44:43 ----D---- C:\WINDOWS\system32\oobe
2008-12-04 12:44:29 ----D---- C:\WINDOWS\system32\npp
2008-12-04 12:44:15 ----D---- C:\WINDOWS\system32\icsxml
2008-12-04 12:44:14 ----D---- C:\WINDOWS\system32\ias
2008-12-04 12:42:29 ----RD---- C:\WINDOWS\Web
2008-12-04 12:42:29 ----D---- C:\WINDOWS\addins
2008-12-04 12:42:24 ----D---- C:\WINDOWS\PeerNet
2008-12-04 12:42:08 ----D---- C:\WINDOWS\Cursors
2008-12-04 12:42:05 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-12-04 12:42:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-12-04 12:42:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-12-04 12:41:58 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2008-12-04 12:41:55 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-12-04 12:41:52 ----RHD---- C:\MSOCache
2008-12-04 12:41:04 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-17 512096]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 aza1nkgc;aza1nkgc; C:\WINDOWS\system32\drivers\aza1nkgc.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-03 170640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-17 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

guestolo · « **Reply #10 on:** December 21, 2008, 03:44:57 PM »

You picked up a rootkit we must remove
I need you to do the following

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#0000FF\"]Link 3[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus, AntiSpyware and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]

This includes: Nod32
Navigate to the system tray on the bottom right hand corner
* click it -> click on the X button.
* a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

TROJAN HUNTER
* Go to TrojanHunter Guard in the the system tray. It is a light blue icon with a magnifying glass and red handle.
* Right click on it and select settings.
* Uncheck "Load at startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 15 minutes, let it run uninterrupted please

antdgar · « **Reply #11 on:** December 21, 2008, 04:22:34 PM »

yoog still remains (I tried again after running combo fix)

Combo Fix Log:

ComboFix 08-12-21.01 - Compaq_Owner 2008-12-21 15:05:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.99 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
c:\windows\system32\Drivers\TDSSpcuu.sys
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSrojf.dll
c:\windows\system32\TDSSwgqe.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 11:34 . 2008-12-21 11:34 2,748 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-12-20 21:40 . 2008-12-21 11:33 2,707 --a------ c:\windows\system32\TDSSqekn.dll
2008-12-19 19:30 . 2008-12-19 19:30 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-12-19 19:30 . 2008-12-19 19:30 2,987 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-12-19 17:14 . 2008-12-19 17:38 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14 . 2008-04-17 15:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-19 17:14 . 2008-04-17 15:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 17:13 . 2008-12-19 17:14 <DIR> d-------- c:\program files\iTunes
2008-12-19 17:13 . 2008-12-19 17:13 <DIR> d-------- c:\program files\iPod
2008-12-19 17:13 . 2008-12-19 17:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11 . 2008-12-19 17:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-19 17:11 . 2008-12-19 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-19 17:10 . 2008-12-19 17:13 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-19 17:10 . 2008-12-19 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-19 17:10 . 2008-11-07 16:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-19 16:51 . 2008-12-19 16:51 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-12-19 16:51 . 2008-12-19 16:51 3,625 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-12-19 16:50 . 2008-12-19 16:50 <DIR> d-------- c:\program files\Illustrate
2008-12-19 16:50 . 2008-12-19 19:30 513,400 --a------ c:\windows\system32\SpoonUninstall.exe
2008-12-19 16:50 . 2008-12-19 16:49 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-19 16:50 . 2008-12-19 16:50 13,085 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-19 16:19 . 2008-12-19 16:20 <DIR> d-------- C:\rsit
2008-12-19 15:29 . 2008-12-19 15:29 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:29 . 2008-12-19 15:29 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:27 . 2008-12-19 15:27 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-19 15:27 . 2008-12-19 15:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:29 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:24 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-19 14:51 . 2008-12-19 14:51 <DIR> d-------- c:\program files\LSI SoftModem
2008-12-19 14:50 . 2008-12-19 14:50 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-19 14:41 . 2008-12-19 14:41 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-19 14:41 . 2008-12-19 14:42 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-19 14:29 . 2006-11-13 00:02 288,768 --------- c:\windows\system32\rhttpaa.dll
2008-12-19 14:29 . 2006-11-13 00:02 116,736 --------- c:\windows\system32\aaclient.dll
2008-12-19 14:29 . 2006-11-13 00:02 36,352 --------- c:\windows\system32\tsgqec.dll
2008-12-19 14:28 . 2005-04-28 13:16 274,432 --a------ c:\windows\system32\dllcache\SET2A1C.tmp
2008-12-19 14:28 . 2005-04-27 18:12 245,248 --a------ c:\windows\system32\dllcache\SET2A1A.tmp
2008-12-19 14:28 . 2005-04-28 13:16 215,552 --a------ c:\windows\system32\dllcache\SET2A19.tmp
2008-12-19 14:28 . 2005-04-28 13:16 193,024 --a------ c:\windows\system32\dllcache\SET2A18.tmp
2008-12-19 14:28 . 2005-04-28 13:16 133,120 --a------ c:\windows\system32\dllcache\SET2A1E.tmp
2008-12-19 14:28 . 2005-04-27 18:12 103,424 --a------ c:\windows\system32\dllcache\SET2A1B.tmp
2008-12-19 14:28 . 2005-04-28 13:16 19,968 --a------ c:\windows\system32\dllcache\SET2A1D.tmp
2008-12-19 05:07 . 2008-12-19 05:07 <DIR> d-------- c:\windows\ie8updates
2008-12-19 05:07 . 2008-12-20 02:19 1,393 --a------ c:\windows\imsins.BAK
2008-12-18 20:47 . 2008-12-18 20:47 <DIR> d-------- c:\program files\Trend Micro
2008-12-18 20:43 . 2004-08-04 00:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-18 20:43 . 2004-08-04 00:58 5,504 --a------ c:\windows\system32\dllcache\mstee.sys
2008-12-18 20:24 . 2008-12-18 20:27 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17 . 2005-10-15 00:42 46,592 --a------ c:\windows\system32\hpzll43a.dll
2008-12-18 20:16 . 2005-03-14 14:03 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-12-18 20:16 . 2005-03-14 14:05 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-18 20:16 . 2005-03-08 13:55 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-18 20:16 . 2005-03-14 14:05 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-18 20:16 . 2005-03-14 15:39 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-12-18 20:16 . 2005-03-08 13:55 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-18 20:13 . 2008-12-18 20:27 110,206 --a------ c:\windows\hpoins08.dat
2008-12-18 20:13 . 2006-01-24 01:11 7,577 --------- c:\windows\hpomdl08.dat
2008-12-18 20:12 . 2005-10-21 21:58 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2008-12-18 20:12 . 2005-10-21 21:58 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-18 20:11 . 2005-10-28 17:11 614,400 --a------ c:\windows\system32\hpotscl2.dll
2008-12-18 20:11 . 2005-10-28 17:11 602,112 --a------ c:\windows\system32\hpowiax2.dll
2008-12-18 20:11 . 2005-10-28 17:11 254,026 --a------ c:\windows\system32\hpovst09.dll
2008-12-18 20:11 . 2005-09-09 17:28 98,304 --a------ c:\windows\system32\hpzjsn01.dll
2008-12-18 20:11 . 2005-03-22 06:48 77,824 --a------ c:\windows\system32\hpzids01.dll
2008-12-18 18:26 . 2008-12-18 18:26 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51 . 2008-12-18 17:51 <DIR> d-------- c:\program files\CCleaner
2008-12-18 14:14 . 2008-12-18 14:14 <DIR> d-------- c:\program files\ERUNT
2008-12-18 14:13 . 2008-12-18 14:13 <DIR> d-------- c:\program files\Lavasoft
2008-12-18 14:13 . 2008-12-18 14:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 12:31 . 2008-12-18 13:00 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-18 12:31 . 2008-12-19 00:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09 . 2008-10-16 16:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-18 04:09 . 2008-10-16 16:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-18 04:09 . 2008-10-16 16:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-17 20:30 . 2008-12-17 22:11 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Contacts
2008-12-17 20:28 . 2008-12-19 17:14 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-17 20:23 . 2008-12-17 20:27 <DIR> d-------- c:\program files\Windows Live
2008-12-17 20:23 . 2008-12-17 20:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 20:22 . 2008-12-18 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 20:11 . 2008-12-17 20:11 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45 . 2008-12-17 18:43 512,096 --a------ c:\windows\system32\drivers\amon.sys
2008-12-17 18:45 . 2008-12-17 18:43 298,104 --a------ c:\windows\system32\imon.dll
2008-12-17 18:45 . 2008-12-17 18:43 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2008-12-17 18:43 . 2008-12-18 20:34 <DIR> d-------- c:\program files\ESET
2008-12-17 17:10 . 2008-12-17 17:10 <DIR> d-------- c:\program files\Xvid
2008-12-17 17:10 . 2008-12-04 23:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2008-12-17 17:10 . 2008-12-04 23:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-12-17 17:10 . 2008-12-13 22:01 77,824 --a------ c:\windows\system32\xvid.ax
2008-12-17 16:42 . 2008-12-17 16:42 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-18 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 16:41 . 2008-12-17 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-03 21:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 16:41 . 2008-12-03 21:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-17 16:14 . 2008-12-17 16:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TrojanHunter
2008-12-17 15:50 . 2008-12-17 16:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-17 15:50 . 2008-12-17 16:00 454,467,584 --a------ C:\Howard.TV.Funny.Hot.Chicks.XviD.avi
2008-12-17 15:35 . 2008-12-17 15:35 <DIR> d-------- C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 15:10 . 2008-12-17 15:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-17 14:51 . 2005-11-27 15:02 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-17 14:51 . 2005-11-27 15:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-12-17 14:51 . 2005-11-27 15:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-12-17 14:51 . 2008-12-17 14:51 <DIR> d-------- c:\documents and settings\Administrator
2008-12-17 08:27 . 2004-08-04 02:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-17 08:27 . 2004-08-04 00:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-17 08:27 . 2004-08-04 00:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-17 08:27 . 2001-08-18 00:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-17 08:23 . 2008-12-18 20:34 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-17 08:23 . 2008-12-17 08:23 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23 . 2008-12-17 08:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22 . 2008-12-18 14:12 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-16 21:24 . 2008-12-16 21:24 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15 . 2007-03-07 17:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-12-16 21:15 . 2007-03-07 17:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-16 21:15 . 2007-03-07 17:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-16 21:14 . 2008-12-19 16:59 <DIR> d-------- c:\program files\Winamp
2008-12-16 21:14 . 2008-12-16 21:19 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55 . 2008-12-18 20:34 <DIR> d-------- c:\program files\uTorrent
2008-12-16 20:55 . 2008-12-21 14:59 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50 . 2008-12-18 20:34 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-15 14:50 . 2008-12-15 14:50 <DIR> d--hs---- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\PrivacIE
2008-12-15 14:42 . 2008-12-15 14:43 <DIR> d--h-c--- c:\windows\ie8
2008-12-13 14:01 . 2008-12-21 13:05 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 14:01 . 2008-12-13 14:01 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-13 13:22 . 2008-12-13 13:22 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 12:57 . 2008-12-21 15:00 <DIR> d-------- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 08:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 23:12 --------- d-----w c:\program files\QuickTime
2008-12-19 23:12 --------- d-----w c:\program files\Bonjour
2008-12-19 20:47 --------- d-----w c:\program files\Common Files\logishrd
2008-12-19 02:34 --------- d---a-w c:\program files\Common Files\LightScribe
2008-12-19 02:34 --------- d-----w c:\program files\Quicken
2008-12-19 02:34 --------- d-----w c:\program files\Microsoft Works
2008-12-19 02:34 --------- d-----w c:\program files\Google
2008-12-19 02:34 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-12-19 02:34 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-19 02:34 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 02:34 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-12-19 02:16 --------- d-----w c:\program files\HP
2008-12-19 00:22 3,649 ----a-w c:\windows\viassary-hp.reg
2008-12-17 22:32 --------- d-----w c:\program files\Symantec
2008-12-17 22:29 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-17 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 17:03 --------- d-----w c:\program files\Morpheus
2008-12-04 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-04 19:10 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-04 19:01 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\ComcastToolbar
2008-12-04 18:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-12-03 22:36 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-10-30 18:21 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\HP
2008-10-30 04:43 1,204,128 ----a-w c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-26 23:13 55,816 ----a-w c:\windows\agrsmdel.exe
2008-03-28 23:54 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-07-24 21:11 0 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-28 17:10 640,000 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-11-27 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 18:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=c:\windows\pss\Compaq Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 03:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 13:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 11:41 1605740 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 15:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 12:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
--a------ 1999-11-07 01:11 27136 c:\hp\bin\cloaker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 18:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-08-20 01:34 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-20 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-17 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-17 15504]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 21:59]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Microsoft OCX - c:\windows\system32\fglimztkm.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 15:10:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-12-21 15:15:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 21:15:27

Pre-Run: 86,165,348,352 bytes free
Post-Run: 87,118,278,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

341 --- E O F --- 2008-12-20 08:24:14

guestolo · « **Reply #12 on:** December 21, 2008, 04:49:33 PM »

Do the following please
In Firefox, remove Yoog from the Search bar list and set another as default

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
KillAll::
Driver::
TDSSSERV.SYS
File::
c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\user.js
c:\windows\system32\TDSSqekn.dll
c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
c:\program files\Mozilla Firefox\components\nsdcads.dll

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..

DON'T open Firefox yet
Do my previous instructions
with editing pref.js, user.js should be gone, but recheck it
Then ONLY open Firefox for now, remove Yoog from the Search list of the Search bar if found
and set another as default
Post that log from ComboFix please

antdgar · « **Reply #13 on:** December 21, 2008, 06:07:10 PM »

Unfortunately the scanner didn't run after dragging the script txt file.

Combofix opens however it just sits there for a long time (30mins+). I can run combofix without dragging the script, and it that case it scans in under 10 minutes.

Yoog still remains ;_;

ComboFix 08-12-21.01 - Compaq_Owner 2008-12-21 16:13:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.159 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 16:01 . 2008-12-21 16:01   388,608   --a------   c:\windows\system32\CF17562.exe
2008-12-21 11:34 . 2008-12-21 11:34   2,748   --a------   c:\windows\system32\PerfStringBackup.TMP
2008-12-20 21:40 . 2008-12-21 11:33   2,707   --a------   c:\windows\system32\TDSSqekn.dll
2008-12-19 19:30 . 2008-12-19 19:30   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-12-19 19:30 . 2008-12-19 19:30   2,987   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-12-19 17:14 . 2008-12-19 17:38   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14 . 2008-04-17 15:12   107,368   --a------   c:\windows\system32\GEARAspi.dll
2008-12-19 17:14 . 2008-04-17 15:12   15,464   --a------   c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 17:13 . 2008-12-19 17:14   <DIR>   d--------   c:\program files\iTunes
2008-12-19 17:13 . 2008-12-19 17:13   <DIR>   d--------   c:\program files\iPod
2008-12-19 17:13 . 2008-12-19 17:14   <DIR>   d--------   c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11 . 2008-12-19 17:11   <DIR>   d--------   c:\program files\Apple Software Update
2008-12-19 17:11 . 2008-12-19 17:13   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-19 17:10 . 2008-12-19 17:13   <DIR>   d--------   c:\program files\Common Files\Apple
2008-12-19 17:10 . 2008-12-19 17:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Apple
2008-12-19 17:10 . 2008-11-07 16:23   32,000   --a------   c:\windows\system32\drivers\usbaapl.sys
2008-12-19 16:51 . 2008-12-19 16:51   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-12-19 16:51 . 2008-12-19 16:51   3,625   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-12-19 16:50 . 2008-12-19 16:50   <DIR>   d--------   c:\program files\Illustrate
2008-12-19 16:50 . 2008-12-19 19:30   513,400   --a------   c:\windows\system32\SpoonUninstall.exe
2008-12-19 16:50 . 2008-12-19 16:49   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-19 16:50 . 2008-12-19 16:50   13,085   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-19 16:19 . 2008-12-19 16:20   <DIR>   d--------   C:\rsit
2008-12-19 15:29 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:29 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:27 . 2008-12-19 15:27   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-12-19 15:27 . 2008-12-19 15:27   <DIR>   d--------   c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:24   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-19 14:51 . 2008-12-19 14:51   <DIR>   d--------   c:\program files\LSI SoftModem
2008-12-19 14:50 . 2008-12-19 14:50   <DIR>   d--------   c:\program files\Microsoft Silverlight
2008-12-19 14:41 . 2008-12-19 14:41   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-19 14:41 . 2008-12-19 14:42   <DIR>   d--------   c:\windows\system32\drivers\UMDF
2008-12-19 14:29 . 2006-11-13 00:02   288,768   ---------   c:\windows\system32\rhttpaa.dll
2008-12-19 14:29 . 2006-11-13 00:02   116,736   ---------   c:\windows\system32\aaclient.dll
2008-12-19 14:29 . 2006-11-13 00:02   36,352   ---------   c:\windows\system32\tsgqec.dll
2008-12-19 14:28 . 2005-04-28 13:16   274,432   --a------   c:\windows\system32\dllcache\SET2A1C.tmp

2008-12-19 14:28 . 2005-04-27 18:12   245,248   --a------   c:\windows\system32\dllcache\SET2A1A.tmp
2008-12-19 14:28 . 2005-04-28 13:16   215,552   --a------   c:\windows\system32\dllcache\SET2A19.tmp
2008-12-19 14:28 . 2005-04-28 13:16   193,024   --a------   c:\windows\system32\dllcache\SET2A18.tmp
2008-12-19 14:28 . 2005-04-28 13:16   133,120   --a------   c:\windows\system32\dllcache\SET2A1E.tmp
2008-12-19 14:28 . 2005-04-27 18:12   103,424   --a------   c:\windows\system32\dllcache\SET2A1B.tmp
2008-12-19 14:28 . 2005-04-28 13:16   19,968   --a------   c:\windows\system32\dllcache\SET2A1D.tmp
2008-12-19 05:07 . 2008-12-19 05:07   <DIR>   d--------   c:\windows\ie8updates
2008-12-19 05:07 . 2008-12-20 02:19   1,393   --a------   c:\windows\imsins.BAK
2008-12-18 20:47 . 2008-12-18 20:47   <DIR>   d--------   c:\program files\Trend Micro
2008-12-18 20:43 . 2004-08-04 00:58   5,504   --a------   c:\windows\system32\drivers\MSTEE.sys
2008-12-18 20:43 . 2004-08-04 00:58   5,504   --a------   c:\windows\system32\dllcache\mstee.sys
2008-12-18 20:24 . 2008-12-18 20:27   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17 . 2005-10-15 00:42   46,592   --a------   c:\windows\system32\hpzll43a.dll
2008-12-18 20:16 . 2005-03-14 14:03   278,584   --a------   c:\windows\system32\HPZidr12.dll
2008-12-18 20:16 . 2005-03-14 14:05   204,800   --a------   c:\windows\system32\HPZipr12.dll
2008-12-18 20:16 . 2005-03-08 13:55   94,208   --a------   c:\windows\system32\HPZipt12.dll
2008-12-18 20:16 . 2005-03-14 14:05   69,632   --a------   c:\windows\system32\HPZipm12.exe
2008-12-18 20:16 . 2005-03-14 15:39   65,536   --a------   c:\windows\system32\HPZinw12.exe
2008-12-18 20:16 . 2005-03-08 13:55   57,344   --a------   c:\windows\system32\HPZisn12.dll
2008-12-18 20:13 . 2008-12-18 20:27   110,206   --a------   c:\windows\hpoins08.dat
2008-12-18 20:13 . 2006-01-24 01:11   7,577   ---------   c:\windows\hpomdl08.dat
2008-12-18 20:12 . 2005-10-21 21:58   49,920   --a------   c:\windows\system32\drivers\HPZid412.sys
2008-12-18 20:12 . 2005-10-21 21:58   16,496   --a------   c:\windows\system32\drivers\HPZipr12.sys
2008-12-18 20:11 . 2005-10-28 17:11   614,400   --a------   c:\windows\system32\hpotscl2.dll
2008-12-18 20:11 . 2005-10-28 17:11   602,112   --a------   c:\windows\system32\hpowiax2.dll
2008-12-18 20:11 . 2005-10-28 17:11   254,026   --a------   c:\windows\system32\hpovst09.dll
2008-12-18 20:11 . 2005-09-09 17:28   98,304   --a------   c:\windows\system32\hpzjsn01.dll
2008-12-18 20:11 . 2005-03-22 06:48   77,824   --a------   c:\windows\system32\hpzids01.dll
2008-12-18 18:26 . 2008-12-18 18:26   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51 . 2008-12-18 17:51   <DIR>   d--------   c:\program files\CCleaner
2008-12-18 14:14 . 2008-12-18 14:14   <DIR>   d--------   c:\program files\ERUNT
2008-12-18 14:13 . 2008-12-18 14:13   <DIR>   d--------   c:\program files\Lavasoft
2008-12-18 14:13 . 2008-12-18 14:15   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 12:31 . 2008-12-18 13:00   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-18 12:31 . 2008-12-19 00:45   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09 . 2008-10-16 16:06   268,648   --a------   c:\windows\system32\mucltui.dll
2008-12-18 04:09 . 2008-10-16 16:06   208,744   --a------   c:\windows\system32\muweb.dll
2008-12-18 04:09 . 2008-10-16 16:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2008-12-17 20:30 . 2008-12-17 22:11   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Contacts
2008-12-17 20:28 . 2008-12-19 17:14   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-17 20:23 . 2008-12-17 20:27   <DIR>   d--------   c:\program files\Windows Live
2008-12-17 20:23 . 2008-12-17 20:26   <DIR>   d--hsc---   c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 20:22 . 2008-12-18 22:49   <DIR>   d--------   c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 20:11 . 2008-12-17 20:11   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45 . 2008-12-17 18:43   512,096   --a------   c:\windows\system32\drivers\amon.sys
2008-12-17 18:45 . 2008-12-17 18:43   298,104   --a------   c:\windows\system32\imon.dll
2008-12-17 18:45 . 2008-12-17 18:43   15,424   --a------   c:\windows\system32\drivers\nod32drv.sys
2008-12-17 18:43 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\ESET
2008-12-17 17:10 . 2008-12-17 17:10   <DIR>   d--------   c:\program files\Xvid
2008-12-17 17:10 . 2008-12-04 23:42   815,104   --a------   c:\windows\system32\xvidcore.dll
2008-12-17 17:10 . 2008-12-04 23:46   180,224   --a------   c:\windows\system32\xvidvfw.dll
2008-12-17 17:10 . 2008-12-13 22:01   77,824   --a------   c:\windows\system32\xvid.ax
2008-12-17 16:42 . 2008-12-17 16:42   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-17 16:41 . 2008-12-17 16:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-03 21:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 16:41 . 2008-12-03 21:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-17 16:14 . 2008-12-17 16:14   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\TrojanHunter
2008-12-17 15:50 . 2008-12-17 16:16   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-17 15:50 . 2008-12-17 16:00   454,467,584   --a------   C:\Howard.TV.Funny.Hot.Chicks.XviD.avi
2008-12-17 15:35 . 2008-12-17 15:35   <DIR>   d--------   C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 15:10 . 2008-12-17 15:10   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-17 14:51 . 2005-11-27 15:02   <DIR>   d--------   c:\documents and settings\Administrator\WINDOWS
2008-12-17 14:51 . 2005-11-27 15:22   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Symantec
2008-12-17 14:51 . 2005-11-27 15:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Intuit
2008-12-17 14:51 . 2008-12-17 14:51   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-17 08:27 . 2004-08-04 02:56   159,232   --a------   c:\windows\system32\ptpusd.dll
2008-12-17 08:27 . 2004-08-04 00:58   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2008-12-17 08:27 . 2004-08-04 00:58   15,104   --a------   c:\windows\system32\dllcache\usbscan.sys
2008-12-17 08:27 . 2001-08-18 00:36   5,632   --a------   c:\windows\system32\ptpusb.dll
2008-12-17 08:23 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2008-12-17 08:23 . 2008-12-17 08:23   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23 . 2008-12-17 08:23   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22 . 2008-12-18 14:12   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-12-16 21:24 . 2008-12-16 21:24   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15 . 2007-03-07 17:51   129,784   ---------   c:\windows\system32\pxafs.dll
2008-12-16 21:15 . 2007-03-07 17:51   9,464   ---------   c:\windows\system32\drivers\cdralw2k.sys
2008-12-16 21:15 . 2007-03-07 17:51   9,336   ---------   c:\windows\system32\drivers\cdr4_xp.sys
2008-12-16 21:14 . 2008-12-19 16:59   <DIR>   d--------   c:\program files\Winamp
2008-12-16 21:14 . 2008-12-16 21:19   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\uTorrent
2008-12-16 20:55 . 2008-12-21 16:03   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\TrojanHunter 5.0
2008-12-15 14:50 . 2008-12-15 14:50   <DIR>   d--hs----   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\PrivacIE
2008-12-15 14:42 . 2008-12-15 14:43   <DIR>   d--h-c---   c:\windows\ie8
2008-12-13 14:01 . 2008-12-21 13:05   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 14:01 . 2008-12-13 14:01   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-12-13 13:22 . 2008-12-13 13:22   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 08:24   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 23:12   ---------   d-----w   c:\program files\QuickTime
2008-12-19 23:12   ---------   d-----w   c:\program files\Bonjour
2008-12-19 20:47   ---------   d-----w   c:\program files\Common Files\logishrd
2008-12-19 02:34   ---------   d---a-w   c:\program files\Common Files\LightScribe
2008-12-19 02:34   ---------   d-----w   c:\program files\Quicken
2008-12-19 02:34   ---------   d-----w   c:\program files\Microsoft Works
2008-12-19 02:34   ---------   d-----w   c:\program files\Google
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\SureThing Shared
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Sonic Shared
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Skype
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Palo Alto Software
2008-12-19 02:16   ---------   d-----w   c:\program files\HP
2008-12-19 00:22   3,649   ----a-w   c:\windows\viassary-hp.reg
2008-12-17 22:32   ---------   d-----w   c:\program files\Symantec
2008-12-17 22:29   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-17 22:26   ---------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 17:03   ---------   d-----w   c:\program files\Morpheus
2008-12-14 13:59   5,699,584   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-04 19:12   ---------   d-----w   c:\documents and settings\All Users\Application Data\Kontiki
2008-12-04 19:10   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-04 19:01   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\ComcastToolbar
2008-12-04 18:11   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-12-03 22:36   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-10-30 18:21   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\HP
2008-10-30 04:43   1,204,128   ----a-w   c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\dllcache\gdi32.dll
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-16 10:37   55,808   ----a-w   c:\windows\system32\dllcache\extmgr.dll
2008-10-16 10:37   474,112   ----a-w   c:\windows\system32\dllcache\shlwapi.dll
2008-10-16 10:37   151,040   ----a-w   c:\windows\system32\dllcache\cdfview.dll
2008-10-16 10:37   1,494,528   ----a-w   c:\windows\system32\dllcache\shdocvw.dll
2008-10-16 10:37   1,054,208   ----a-w   c:\windows\system32\dllcache\danim.dll
2008-10-16 10:37   1,023,488   ----a-w   c:\windows\system32\dllcache\browseui.dll
2008-10-15 16:57   332,800   ----a-w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45   18,432   ----a-w   c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:15   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:15   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
2008-10-01 00:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-26 23:13   55,816   ----a-w   c:\windows\agrsmdel.exe
2008-03-28 23:54   774,144   ----a-w   c:\program files\RngInterstitial.dll
2006-07-24 21:11   0   -c--a-w   c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-28 17:10   640,000   ----a-w   c:\program files\mozilla firefox\components\nsdcads.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-11-27 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 18:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=c:\windows\pss\Compaq Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 03:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 13:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 11:41 1605740 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 15:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 12:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
--a------ 1999-11-07 01:11 27136 c:\hp\bin\cloaker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 18:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-08-20 01:34 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-20 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-17 15504]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-17 170640]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 21:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 16:18:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-21 16:21:11
ComboFix-quarantined-files.txt 2008-12-21 22:21:09
ComboFix2.txt 2008-12-21 21:15:34

Pre-Run: 80,940,683,264 bytes free
Post-Run: 80,924,254,208 bytes free

327   --- E O F ---   2008-12-20 08:24:14

guestolo · « **Reply #14 on:** December 21, 2008, 06:11:50 PM »

Quote

Resident AV is active

It's like earlier, did you disable your AV, antispyware, etc before running?
If not, it may not work
I suggest that you delete Combofix from desktop
redownload it and run it again with CFScript.txt as described ealier
Ensure AV, etc protections are disabled

antdgar · « **Reply #15 on:** December 21, 2008, 06:20:13 PM »

I disabled all programs, as I did before. I also tried it again and it still didn't work.
Also that log I showed you was from an earlier attempt. But it was the only log file that was made, since it refused to scan when I drag the script.

guestolo · « **Reply #16 on:** December 21, 2008, 06:30:38 PM »

Download and save to your desktop
[color=\"#FF0000\"]OTScanIt2[/color][/url]
by OldTimer

Double click on it to Run it and then Extract it to a folder on desktop
Open that newly created folder and double click on OTScanIt2.exe
Leave all defaults selected
Except, change Rootkit Search to YES

Then click on [color=\"#0000FF\"]Run Scan [/color]

When done, it will produce a log
Can you post the contents of that log back here please
A copy of it can also be found it the OTScanIt2 folder on desktop

antdgar · « **Reply #17 on:** December 21, 2008, 09:37:03 PM »

Thanks. Scanned with Otscanit2.

The log is attached to this post. (you may have to right-click -> save as the txt file if firefox doesn't render the text correctly)

guestolo · « **Reply #18 on:** December 21, 2008, 10:23:51 PM »

Can you start by removing Yoog in IE and Firefox, as I described here
In IE7, beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults" (It may be "Search Settings" in IE8)
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google (or another search provider) and set to Default

Close IE8

In Mozilla Firefox
Beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it
Then Highlight Google and Hit OK
Don't close Firefox yet, Instead

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the [color=\"#2E8B57\"]Run Fix[/color] button.

Code: [Select]

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe
[Registry - Safe List]
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\FireFox\Profiles\ft4o9l13.default\prefs.js
YN -> browser.search.selectedEngine -> "Yoog Search"
[Files/Folders - Modified Within 30 Days]
NY -> TDSSqekn.dll -> %SystemRoot%\System32\TDSSqekn.dll
NY -> hosts.20081218-114724.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081218-114724.backup
[Custom Items]
:files
c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
c:\program files\Mozilla Firefox\components\nsdcads.dll
c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\user.js
:end
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Before you open any Web browsers
Can you navigate to your folders and edit prefs.js
remove the yoog entries

antdgar · « **Reply #19 on:** December 21, 2008, 11:13:10 PM »

Thanks, that has removed YOOG from firefox and IE.
I'm unsure as to whether I'm still infected though, with the root kit and all...

The log of the paste fix is attached.

News:

Author Topic: Yoog Search (firefox+IE) (Read 5273 times)