Jacee help with HJT Log Please

ok jacee heres the mbam log, however looking back i do have an external drive that was not powered up and excluded from the scan, should power it up and rescan?

EDIT: that was a dumb question, of course i need to rescan, ill post the results of the rescan instead.
 

My Computer My Computer

OS
xp
Jacee, you work/help at Bleeping Computers forum as well?
 

My Computer My Computer

Computer Manufacturer/Model Number
This and that with a bit more of this.
OS
Slackware / Windows 7 x64 7100
CPU
AMD X2 5200+ Windsor
Motherboard
ECS (Yeah, I was broke)
Memory
4GB DDR2 PC5300
Graphics Card(s)
GeForce 7300 GS 256MB
Sound Card
Realtek HD
Monitor(s) Displays
Westinghouse 22 in LCD
Screen Resolution
1680 x 1050
Hard Drives
WD 320 GB
WD 500 GB x2
Maxtor OneTouch 4 Mini 250GB
PSU
Antec 450W
Case
Generic
Cooling
Lots.......sounds like an F-18
Keyboard
Logitech S510 combo
Mouse
Logitech S510 Combo
Internet Speed
Fast

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
jblade said:
ok jacee heres the mbam log, however looking back i do have an external drive that was not powered up and excluded from the scan, should power it up and rescan?

EDIT: that was a dumb question, of course i need to rescan, ill post the results of the rescan instead.
Click to expand...
Please post the log from MBam ...
You may have an infected flash drive (or?) that's keeping this vundo infection alive. We can deal with that one a bit later.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
ok here is the first one with the external drive off

Malwarebytes' Anti-Malware 1.36
Database version: 2040
Windows 5.1.2600 Service Pack 2
4/25/2009 5:02:00 PM
mbam-log-2009-04-25 (17-02-00).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 171576
Time elapsed: 1 hour(s), 37 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 41
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\instsp1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\55.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\79.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\90.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcCvvt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otbfoqif.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewgbjtvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmzykc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rymqrk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDTJBS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mndnwp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hwadqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hwmduo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aitaqaer.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjhkfjwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrdpokqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kqrsywfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kyrxjjgv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\PROGS\CD + DVD BURNING\Nero Ultra 8.3.6.0 + Keygen (halofubar)\Nero 8 Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\PROGS\GRAPHICS\ACDSee v9 Photo Manager Incl Keymaker CORE\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\117.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\117.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\78.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMccYRj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRJBQjJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.


here is the second with it on

Malwarebytes' Anti-Malware 1.36
Database version: 2040
Windows 5.1.2600 Service Pack 2
4/25/2009 8:12:59 PM
mbam-log-2009-04-25 (20-12-59).txt
Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 172518
Time elapsed: 2 hour(s), 45 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

My Computer My Computer

OS
xp

My Computer My Computer

Computer Manufacturer/Model Number
This and that with a bit more of this.
OS
Slackware / Windows 7 x64 7100
CPU
AMD X2 5200+ Windsor
Motherboard
ECS (Yeah, I was broke)
Memory
4GB DDR2 PC5300
Graphics Card(s)
GeForce 7300 GS 256MB
Sound Card
Realtek HD
Monitor(s) Displays
Westinghouse 22 in LCD
Screen Resolution
1680 x 1050
Hard Drives
WD 320 GB
WD 500 GB x2
Maxtor OneTouch 4 Mini 250GB
PSU
Antec 450W
Case
Generic
Cooling
Lots.......sounds like an F-18
Keyboard
Logitech S510 combo
Mouse
Logitech S510 Combo
Internet Speed
Fast
Most excellent jblade! :D

Now,
remove ComboFix
Go to Start---> Run Command ---> In the space provided, type ComboFix /u and press the Enter Key.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • CF_Cleanup.png
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
Next,

Download ComboFix once again and follow my instructions above posting the ComboFix.txt and fresh
HJT log taken after the above scan has run
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Jacee said:
Most excellent jblade! :D

Now,
remove ComboFix
Go to Start---> Run Command ---> In the space provided, type ComboFix /u and press the Enter Key.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • CF_Cleanup.png
i got here but combofix tried to run again, and it warned that avast would interfere.
should i just uninstal via cp?
Click to expand...
 

My Computer My Computer

OS
xp
Look at the instructions once again, then select "2" at the disclaimer :)
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
I don't have Avast, so if you can set it to 'ignore' or exit it for the moment, then do do so. We're moving all the bad files out, and we don't want to keep any of them on the machine.

Also, do not use any of your P2P applications! (the cause of your infection)
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
ok i dont want to show how much of an idiot i am and appear not to able to follow instructions, but there was no disclaimer that appeared nor anywhere i could select any option 2 but i did let it run its course and it was uninstalled, downloaded a new and scanned here are both logs.

p.s. i do have my torrent client running on start up, of course i can stop it from starting up and do another scan.

ComboFix 09-04-25.A3 - Carson 04/25/2009 21:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.93 [GMT -7:00]
Running from: c:\documents and settings\Carson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Carson\LOCALS~1\Temp\swt-win32-3430.dll
c:\documents and settings\Carson\Local Settings\temp\swt-win32-3430.dll
c:\windows\system32\Pncrt.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\Carson\Application Data\Malwarebytes
2009-04-25 22:05 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 22:05 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 22:02 . 2009-04-25 22:02 -------- d-----w c:\program files\Alwil Software
2009-04-23 07:10 . 2004-08-04 12:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls
2009-04-23 07:08 . 2004-08-04 12:00 4096 -c--a-w c:\windows\system32\dllcache\rpcref.dll
2009-04-23 07:07 . 2004-08-04 12:00 22016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll
2009-04-23 07:06 . 2004-08-04 12:00 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll
2009-04-23 07:05 . 2004-08-04 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20838.nls
2009-04-23 07:04 . 2003-03-24 23:52 188494 -c--a-w c:\windows\system32\dllcache\fpcount.exe
2009-04-23 07:02 . 2009-04-23 07:02 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-21 00:54 . 2009-04-21 00:54 615 ----a-w c:\windows\system32\6wkBX8Q.vbs
2009-04-18 21:52 . 2006-09-29 18:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-18 21:52 . 2006-09-29 18:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-18 21:52 . 2006-09-29 18:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\program files\vso
2009-04-18 09:04 . 2009-04-20 04:00 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Corel
2009-04-18 09:03 . 2009-04-20 04:06 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-18 09:03 . 2009-04-20 03:51 88 --sha-r c:\windows\system32\480696C863.sys
2009-04-18 09:02 . 2009-04-18 09:03 -------- d-----w c:\documents and settings\Carson\Application Data\Corel
2009-04-18 09:01 . 2009-04-18 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-04-18 08:55 . 2009-04-18 08:57 -------- d-----w c:\program files\Common Files\Corel
2009-04-18 08:43 . 2009-04-18 08:43 -------- d-----w c:\documents and settings\Carson\Application Data\InstallShield
2009-04-15 19:57 . 2009-04-15 19:57 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-15 19:57 . 2009-04-21 21:24 -------- d-----w c:\documents and settings\Carson\Application Data\skypePM
2009-04-15 19:54 . 2009-04-21 21:24 -------- d-----w c:\documents and settings\Carson\Application Data\Skype
2009-04-15 19:54 . 2009-04-15 19:54 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 19:53 . 2009-04-15 19:54 -------- d-----r c:\program files\Skype
2009-04-15 19:53 . 2009-04-15 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-06 02:33 . 2009-04-06 02:33 -------- d-----w c:\program files\VSTplugins
2009-04-06 02:32 . 2009-04-06 02:32 -------- d-----w c:\documents and settings\Carson\Application Data\Publish Providers
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Sony
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Application Data\Sony
2009-04-06 00:56 . 2009-04-06 02:29 34 ----a-w c:\windows\cdplayer.ini
2009-04-02 23:40 . 2009-04-02 23:40 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-01 22:54 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-20 00:03 -------- d-----w c:\program files\Google
2009-04-01 22:54 . 2009-04-18 21:50 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Google
2009-03-31 04:19 . 2009-03-31 04:19 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\WinAVI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 05:03 . 2009-02-11 06:56 -------- d-----w c:\documents and settings\Carson\Application Data\Azureus
2009-04-26 03:14 . 2009-02-20 00:14 -------- d-----w c:\program files\Trojan Remover
2009-04-25 19:22 . 2009-02-11 08:27 -------- d-----w c:\documents and settings\Carson\Application Data\Vso
2009-04-25 08:31 . 2009-03-04 21:53 -------- d-----w c:\documents and settings\All Users\Application Data\Vso
2009-04-25 07:10 . 2009-02-11 06:41 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-04-24 09:04 . 2009-03-13 09:34 -------- d-----w c:\documents and settings\Carson\Application Data\Any Video Converter Professional
2009-04-23 07:40 . 2009-02-11 06:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 07:00 . 2009-02-11 06:12 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-23 01:23 . 2009-04-23 01:24 2075136 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-04-22 22:22 . 2009-02-25 02:02 -------- d-----w c:\documents and settings\Carson\Application Data\LimeWire
2009-04-20 08:57 . 2009-02-25 02:00 -------- d-----w c:\program files\Java
2009-04-18 21:44 . 2009-04-18 21:46 68608 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-04-18 21:44 . 2009-04-18 21:46 3340800 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-04-18 21:35 . 2009-04-18 21:37 3335680 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-04-18 21:35 . 2009-04-18 21:37 2895872 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-15 20:33 . 2009-03-21 06:05 268 ---ha-w C:\sqmdata18.sqm
2009-04-15 20:33 . 2009-03-21 06:05 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-14 04:46 . 2009-03-21 04:13 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-14 04:46 . 2009-03-21 04:13 232 ---ha-w C:\sqmdata17.sqm
2009-04-14 04:46 . 2009-03-21 04:13 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-14 04:46 . 2009-03-21 04:13 232 ---ha-w C:\sqmdata16.sqm
2009-04-11 17:02 . 2009-03-18 21:20 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-11 17:02 . 2009-03-18 21:20 232 ---ha-w C:\sqmdata15.sqm
2009-04-11 00:49 . 2009-03-18 21:08 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-11 00:49 . 2009-03-18 21:08 232 ---ha-w C:\sqmdata14.sqm
2009-04-11 00:46 . 2009-03-18 21:06 232 ---ha-w C:\sqmdata13.sqm
2009-04-11 00:46 . 2009-03-18 21:06 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-09 03:18 . 2009-03-18 17:34 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-09 03:18 . 2009-03-18 17:34 232 ---ha-w C:\sqmdata12.sqm
2009-04-09 03:13 . 2009-03-18 17:32 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-09 03:13 . 2009-03-18 17:32 232 ---ha-w C:\sqmdata11.sqm
2009-04-09 03:08 . 2009-03-17 14:04 232 ---ha-w C:\sqmdata10.sqm
2009-04-09 03:08 . 2009-03-17 14:04 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-05 04:00 . 2009-03-17 14:01 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-05 04:00 . 2009-03-17 14:01 232 ---ha-w C:\sqmdata09.sqm
2009-04-04 21:55 . 2009-03-17 14:00 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-04 21:55 . 2009-03-17 14:00 232 ---ha-w C:\sqmdata08.sqm
2009-04-03 07:54 . 2009-04-03 07:56 3200000 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-03 07:54 . 2009-04-03 07:56 2880000 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-30 18:34 . 2009-03-17 00:37 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-30 18:34 . 2009-03-17 00:37 232 ---ha-w C:\sqmdata07.sqm
2009-03-30 18:30 . 2009-03-17 00:36 244 ---ha-w C:\sqmnoopt06.sqm
2009-03-30 18:30 . 2009-03-17 00:36 232 ---ha-w C:\sqmdata06.sqm
2009-03-30 18:25 . 2009-03-15 19:16 232 ---ha-w C:\sqmdata05.sqm
2009-03-30 18:25 . 2009-03-15 19:16 244 ---ha-w C:\sqmnoopt05.sqm
2009-03-30 01:52 . 2009-03-30 01:52 2243609 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-29 09:23 . 2009-02-26 11:04 -------- d-----w c:\documents and settings\Carson\Application Data\dvdcss
2009-03-27 22:16 . 2009-03-14 15:48 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-27 22:16 . 2009-03-14 15:48 232 ---ha-w C:\sqmdata04.sqm
2009-03-27 18:38 . 2009-03-13 15:14 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-27 18:38 . 2009-03-13 15:14 232 ---ha-w C:\sqmdata03.sqm
2009-03-25 04:46 . 2009-03-25 04:46 -------- d-----w c:\documents and settings\Carson\Application Data\TypingMaster7
2009-03-25 04:44 . 2009-03-25 04:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-24 06:49 . 2009-03-11 17:58 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-24 06:49 . 2009-03-11 17:58 232 ---ha-w C:\sqmdata02.sqm
2009-03-24 06:44 . 2009-03-10 05:04 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-24 06:44 . 2009-03-10 05:04 232 ---ha-w C:\sqmdata01.sqm
2009-03-23 21:12 . 2009-03-23 21:12 135037 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_23_13_04_54_small.dmp.zip
2009-03-23 04:45 . 2009-02-11 07:48 -------- d-----w c:\documents and settings\Carson\Application Data\Roxio
2009-03-22 17:41 . 2009-02-23 19:20 232 ---ha-w C:\sqmdata00.sqm
2009-03-22 17:41 . 2009-02-23 19:20 244 ---ha-w C:\sqmnoopt00.sqm
2009-03-21 06:28 . 2009-03-21 06:28 244 ---ha-w C:\sqmnoopt19.sqm
2009-03-21 06:28 . 2009-03-21 06:28 232 ---ha-w C:\sqmdata19.sqm
2009-03-10 06:40 . 2009-03-10 06:40 -------- d-----w c:\documents and settings\Carson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-09 12:19 . 2009-02-25 02:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 06:19 . 2009-02-11 07:00 27712 ----a-w c:\documents and settings\Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 00:56 . 2009-03-05 00:56 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-05 00:55 . 2009-03-05 00:14 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\documents and settings\Carson\Application Data\pcouffin.sys
2009-03-01 06:16 . 2009-03-01 06:16 -------- d-----w c:\documents and settings\Carson\Application Data\ACD Systems
2009-03-01 06:13 . 2009-03-01 06:12 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-01 06:12 . 2009-03-01 06:12 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-28 19:14 . 2009-02-11 06:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-28 12:38 . 2009-02-28 12:41 2703872 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-28 12:35 . 2009-02-28 12:41 1259008 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-23 00:21 . 2009-02-23 00:23 2853888 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-02-20 09:03 . 2009-02-20 09:06 2837504 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-02-20 09:03 . 2009-02-20 09:06 1031168 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-02-18 17:44 . 2009-02-18 17:46 2802688 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-18 17:44 . 2009-02-18 17:46 2981888 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-17 23:27 . 2009-02-17 23:27 129024 ----a-w c:\windows\system32\pvubrcbb.dll
2009-02-16 16:52 . 2009-02-16 16:59 1424384 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-02-16 16:51 . 2009-02-16 17:00 684544 ----a-w c:\windows\Internet Logs\xDB5.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Azureus Vuze.lnk - e:\program files\Azureus\Azureus.exe [2008-12-13 254976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\iassam32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9b31cd9abb7d3;Google Update Service (gupdate1c9b31cd9abb7d3);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 laguna;laguna;c:\windows\system32\DRIVERS\cl546xm.sys [2001-08-17 248064]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-11 337800]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

--- Other Services/Drivers In Memory ---
*Deregistered* - vsmon
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2160b7f0-2fac-11de-a2ba-00b0d0925717}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefb84d9-0626-11de-a290-00b0d0925717}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Carson\Application Data\Mozilla\Firefox\Profiles\4xisy04g.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 22:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-04-26 22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 05:07
ComboFix2.txt 2009-04-25 07:06
Pre-Run: 4,778,323,968 bytes free
Post-Run: 4,794,515,456 bytes free
240


hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:21 PM, on 4/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Azureus\Azureus.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Carson\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Azureus Vuze.lnk = E:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\iassam32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9b31cd9abb7d3) (gupdate1c9b31cd9abb7d3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4684 bytes
 

My Computer My Computer

OS
xp
The worst part is MBAM wont even run if the computer is badly infected. I would recommend try a smitfraudfix scan.
 

My Computer My Computer

Computer Manufacturer/Model Number
Samsung NP530U4B-S02IN
OS
Windows® 8 Pro (64-bit)
CPU
Intel® Core™ i5 Processor 2467M (1.60GHz, 3MB L3 Cache)
Motherboard
Samsung Electronics
Memory
6GB DDR3 System Memory at 1,333MHz (on BD 4GB + 2GB x 1)
Graphics Card(s)
AMD Radeon™ HD7550M 1GB DDR3 (Ext. Graphic)
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
35.56cm (14.0) SuperBright 300nit HD LED Display
Screen Resolution
1366x768
Hard Drives
1TB S-ATA II Hard Drive (5400RPM) with ExpressCache 16GB SSD
Internet Speed
sucks
Antivirus
Microsoft Security Essentials
Browser
Google Chrome (Sync enabled)
Akkk! Keygens, cracks and trojans ..... oh my! :shock:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\6wkBX8Q.vbs
c:\windows\system32\480696C863.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\pvubrcbb.dll
c:\windows\System32\iassam32.dll

Folder::
g:\resycled

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefb84d9-0626-11de-a290-00b0d0925717}]
Click to expand...

Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Or
Disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.

Please post that log.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
ok
ComboFix 09-04-25.A3 - Carson 04/26/2009 20:39.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.203 [GMT -7:00]
Running from: c:\documents and settings\Carson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carson\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090426-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\480696C863.sys
c:\windows\system32\6wkBX8Q.vbs
c:\windows\system32\ezsidmv.dat
c:\windows\System32\iassam32.dll
c:\windows\system32\pvubrcbb.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\480696C863.sys
c:\windows\system32\6wkBX8Q.vbs
c:\windows\system32\ezsidmv.dat
c:\windows\system32\pvubrcbb.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\Carson\Application Data\Malwarebytes
2009-04-25 22:05 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 22:05 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 22:02 . 2009-04-25 22:02 -------- d-----w c:\program files\Alwil Software
2009-04-23 07:10 . 2004-08-04 12:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls
2009-04-23 07:08 . 2004-08-04 12:00 4096 -c--a-w c:\windows\system32\dllcache\rpcref.dll
2009-04-23 07:07 . 2004-08-04 12:00 22016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll
2009-04-23 07:06 . 2004-08-04 12:00 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll
2009-04-23 07:05 . 2004-08-04 12:00 66082 -c--a-w c:\windows\system32\dllcache\c_20838.nls
2009-04-23 07:04 . 2003-03-24 23:52 188494 -c--a-w c:\windows\system32\dllcache\fpcount.exe
2009-04-23 07:02 . 2009-04-23 07:02 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-23 07:02 . 2009-04-23 07:02 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-18 21:52 . 2006-09-29 18:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-18 21:52 . 2006-09-29 18:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-18 21:52 . 2006-09-29 18:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\program files\vso
2009-04-18 09:04 . 2009-04-20 04:00 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Corel
2009-04-18 09:03 . 2009-04-20 04:06 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-18 09:02 . 2009-04-18 09:03 -------- d-----w c:\documents and settings\Carson\Application Data\Corel
2009-04-18 09:01 . 2009-04-18 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-04-18 08:55 . 2009-04-18 08:57 -------- d-----w c:\program files\Common Files\Corel
2009-04-18 08:43 . 2009-04-18 08:43 -------- d-----w c:\documents and settings\Carson\Application Data\InstallShield
2009-04-15 19:57 . 2009-04-21 21:24 -------- d-----w c:\documents and settings\Carson\Application Data\skypePM
2009-04-15 19:54 . 2009-04-21 21:24 -------- d-----w c:\documents and settings\Carson\Application Data\Skype
2009-04-15 19:54 . 2009-04-15 19:54 -------- d-----w c:\program files\Common Files\Skype
2009-04-15 19:53 . 2009-04-15 19:54 -------- d-----r c:\program files\Skype
2009-04-15 19:53 . 2009-04-15 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-06 02:33 . 2009-04-06 02:33 -------- d-----w c:\program files\VSTplugins
2009-04-06 02:32 . 2009-04-06 02:32 -------- d-----w c:\documents and settings\Carson\Application Data\Publish Providers
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Sony
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Application Data\Sony
2009-04-06 00:56 . 2009-04-06 02:29 34 ----a-w c:\windows\cdplayer.ini
2009-04-02 23:40 . 2009-04-02 23:40 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-01 22:54 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-20 00:03 -------- d-----w c:\program files\Google
2009-04-01 22:54 . 2009-04-18 21:50 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Google
2009-03-31 04:19 . 2009-03-31 04:19 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\WinAVI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 03:36 . 2009-02-11 06:56 -------- d-----w c:\documents and settings\Carson\Application Data\Azureus
2009-04-27 03:30 . 2009-02-11 08:27 -------- d-----w c:\documents and settings\Carson\Application Data\Vso
2009-04-26 03:14 . 2009-02-20 00:14 -------- d-----w c:\program files\Trojan Remover
2009-04-25 08:31 . 2009-03-04 21:53 -------- d-----w c:\documents and settings\All Users\Application Data\Vso
2009-04-25 07:10 . 2009-02-11 06:41 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-04-24 09:04 . 2009-03-13 09:34 -------- d-----w c:\documents and settings\Carson\Application Data\Any Video Converter Professional
2009-04-23 07:40 . 2009-02-11 06:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 07:00 . 2009-02-11 06:12 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-23 01:23 . 2009-04-23 01:24 2075136 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-04-22 22:22 . 2009-02-25 02:02 -------- d-----w c:\documents and settings\Carson\Application Data\LimeWire
2009-04-20 08:57 . 2009-02-25 02:00 -------- d-----w c:\program files\Java
2009-04-18 21:44 . 2009-04-18 21:46 68608 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-04-18 21:44 . 2009-04-18 21:46 3340800 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-04-18 21:35 . 2009-04-18 21:37 3335680 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-04-18 21:35 . 2009-04-18 21:37 2895872 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-15 20:33 . 2009-03-21 06:05 268 ---ha-w C:\sqmdata18.sqm
2009-04-15 20:33 . 2009-03-21 06:05 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-14 04:46 . 2009-03-21 04:13 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-14 04:46 . 2009-03-21 04:13 232 ---ha-w C:\sqmdata17.sqm
2009-04-14 04:46 . 2009-03-21 04:13 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-14 04:46 . 2009-03-21 04:13 232 ---ha-w C:\sqmdata16.sqm
2009-04-11 17:02 . 2009-03-18 21:20 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-11 17:02 . 2009-03-18 21:20 232 ---ha-w C:\sqmdata15.sqm
2009-04-11 00:49 . 2009-03-18 21:08 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-11 00:49 . 2009-03-18 21:08 232 ---ha-w C:\sqmdata14.sqm
2009-04-11 00:46 . 2009-03-18 21:06 232 ---ha-w C:\sqmdata13.sqm
2009-04-11 00:46 . 2009-03-18 21:06 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-09 03:18 . 2009-03-18 17:34 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-09 03:18 . 2009-03-18 17:34 232 ---ha-w C:\sqmdata12.sqm
2009-04-09 03:13 . 2009-03-18 17:32 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-09 03:13 . 2009-03-18 17:32 232 ---ha-w C:\sqmdata11.sqm
2009-04-09 03:08 . 2009-03-17 14:04 232 ---ha-w C:\sqmdata10.sqm
2009-04-09 03:08 . 2009-03-17 14:04 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-05 04:00 . 2009-03-17 14:01 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-05 04:00 . 2009-03-17 14:01 232 ---ha-w C:\sqmdata09.sqm
2009-04-04 21:55 . 2009-03-17 14:00 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-04 21:55 . 2009-03-17 14:00 232 ---ha-w C:\sqmdata08.sqm
2009-04-03 07:54 . 2009-04-03 07:56 3200000 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-03 07:54 . 2009-04-03 07:56 2880000 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-30 18:34 . 2009-03-17 00:37 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-30 18:34 . 2009-03-17 00:37 232 ---ha-w C:\sqmdata07.sqm
2009-03-30 18:30 . 2009-03-17 00:36 244 ---ha-w C:\sqmnoopt06.sqm
2009-03-30 18:30 . 2009-03-17 00:36 232 ---ha-w C:\sqmdata06.sqm
2009-03-30 18:25 . 2009-03-15 19:16 232 ---ha-w C:\sqmdata05.sqm
2009-03-30 18:25 . 2009-03-15 19:16 244 ---ha-w C:\sqmnoopt05.sqm
2009-03-30 01:52 . 2009-03-30 01:52 2243609 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-29 09:23 . 2009-02-26 11:04 -------- d-----w c:\documents and settings\Carson\Application Data\dvdcss
2009-03-27 22:16 . 2009-03-14 15:48 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-27 22:16 . 2009-03-14 15:48 232 ---ha-w C:\sqmdata04.sqm
2009-03-27 18:38 . 2009-03-13 15:14 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-27 18:38 . 2009-03-13 15:14 232 ---ha-w C:\sqmdata03.sqm
2009-03-25 04:46 . 2009-03-25 04:46 -------- d-----w c:\documents and settings\Carson\Application Data\TypingMaster7
2009-03-25 04:44 . 2009-03-25 04:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-24 06:49 . 2009-03-11 17:58 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-24 06:49 . 2009-03-11 17:58 232 ---ha-w C:\sqmdata02.sqm
2009-03-24 06:44 . 2009-03-10 05:04 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-24 06:44 . 2009-03-10 05:04 232 ---ha-w C:\sqmdata01.sqm
2009-03-23 21:12 . 2009-03-23 21:12 135037 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_23_13_04_54_small.dmp.zip
2009-03-23 04:45 . 2009-02-11 07:48 -------- d-----w c:\documents and settings\Carson\Application Data\Roxio
2009-03-22 17:41 . 2009-02-23 19:20 232 ---ha-w C:\sqmdata00.sqm
2009-03-22 17:41 . 2009-02-23 19:20 244 ---ha-w C:\sqmnoopt00.sqm
2009-03-21 06:28 . 2009-03-21 06:28 244 ---ha-w C:\sqmnoopt19.sqm
2009-03-21 06:28 . 2009-03-21 06:28 232 ---ha-w C:\sqmdata19.sqm
2009-03-10 06:40 . 2009-03-10 06:40 -------- d-----w c:\documents and settings\Carson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-09 12:19 . 2009-02-25 02:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 06:19 . 2009-02-11 07:00 27712 ----a-w c:\documents and settings\Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 00:56 . 2009-03-05 00:56 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-05 00:55 . 2009-03-05 00:14 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\documents and settings\Carson\Application Data\pcouffin.sys
2009-03-01 06:16 . 2009-03-01 06:16 -------- d-----w c:\documents and settings\Carson\Application Data\ACD Systems
2009-03-01 06:13 . 2009-03-01 06:12 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-01 06:12 . 2009-03-01 06:12 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-28 19:14 . 2009-02-11 06:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-28 12:38 . 2009-02-28 12:41 2703872 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-28 12:35 . 2009-02-28 12:41 1259008 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-23 00:21 . 2009-02-23 00:23 2853888 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-02-20 09:03 . 2009-02-20 09:06 2837504 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-02-20 09:03 . 2009-02-20 09:06 1031168 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-02-18 17:44 . 2009-02-18 17:46 2802688 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-18 17:44 . 2009-02-18 17:46 2981888 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-16 16:52 . 2009-02-16 16:59 1424384 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-02-16 16:51 . 2009-02-16 17:00 684544 ----a-w c:\windows\Internet Logs\xDB5.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Azureus Vuze.lnk - e:\program files\Azureus\Azureus.exe [2008-12-13 254976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\iassam32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9b31cd9abb7d3;Google Update Service (gupdate1c9b31cd9abb7d3);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 laguna;laguna;c:\windows\system32\DRIVERS\cl546xm.sys [2001-08-17 248064]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-11 337800]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2160b7f0-2fac-11de-a2ba-00b0d0925717}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Carson\Application Data\Mozilla\Firefox\Profiles\4xisy04g.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 20:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-27 20:44
ComboFix-quarantined-files.txt 2009-04-27 03:44
ComboFix2.txt 2009-04-26 05:08
ComboFix3.txt 2009-04-25 07:06
Pre-Run: 3,916,595,200 bytes free
Post-Run: 3,910,189,056 bytes free
222



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:07 PM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Carson\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Azureus Vuze.lnk = E:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\iassam32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9b31cd9abb7d3) (gupdate1c9b31cd9abb7d3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4448 bytes
 

My Computer My Computer

OS
xp
Download ATF Cleaner
http://www.atribune.org/index.phpoption=com_content&task=view&id=25&Itemid=25
Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Next,

Please run a free online scan with Kaspersky AntiVirus (works only
with MS Internet Explorer 5.0 or higher).
http://www.kaspersky.com/kos/english/kavwebscan.html
1. click the "Accept" button to
accept the user agreement, install the ActiveX control, and download the
program.
2. When you get the Windows dialog asking if you want to install this
software, click the "Install" button.
3. When the "Update progress" line changes to "Ready" and the
"NEXT ->" button lights up with a
green arrow, click it.
4. Click on the "Scan Settings" button, and in the next window
select the "extended" database, and click Ok.
5. Under "Please select a target to scan:", click My Computer
to start the scan.
6. When the scan is finished, click the "Save as .txt" button, and
save the file as kavscan.txt to your Desktop, close the Kaspersky On-line
Scanner window, and post the text in kavscan.txt in your next reply.
Please restart your system, and post a new HijackThis log, and the log from
Kaspersky's on-line virus scan.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Jacee im having trouble with the kaspersky scan, ie hangs at the last few hundred kb of the update stage, after reading your post last night i fell asleep waiting for it to update, and when i woke up this morning i tried it again and when i got off work today ie hung again with only 202 kb left to go on the update stage.
 

My Computer My Computer

OS
xp
Rescan with HJT, check these items:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: Azureus Vuze.lnk = E:\Program Files\Azureus\Azureus.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O20 - AppInit_DLLs: C:\WINDOWS\System32\iassam32.dll

Close all windows except HJT, click "fix checked".

Exit out of HJT, and reboot/restart your computer.

Update Malwarebyte's Antimalware, run a scan as per my earlier instructions.
Post the saved log and a fresh HJT log.

*** Please don't use Azureus, LimeWire or any other such application, while we're trying to get this mess off your machine.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Ok on the p2p software.

Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 2
4/27/2009 8:23:50 PM
mbam-log-2009-04-27 (20-23-50).txt
Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 172682
Time elapsed: 2 hour(s), 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:20 PM, on 4/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carson\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9b31cd9abb7d3) (gupdate1c9b31cd9abb7d3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3996 bytes
 

My Computer My Computer

OS
xp
Looks good! Post one more Combofix log, please.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
ok doky

ComboFix 09-04-28.02 - Carson 04/28/2009 14:26.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.183 [GMT -7:00]
Running from: c:\documents and settings\Carson\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090427-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\Carson\Application Data\Malwarebytes
2009-04-25 22:05 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 22:05 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 22:02 . 2009-04-25 22:02 -------- d-----w c:\program files\Alwil Software
2009-04-23 07:08 . 2004-08-04 12:00 4096 -c--a-w c:\windows\system32\dllcache\rpcref.dll
2009-04-23 07:07 . 2004-08-04 12:00 22016 -c--a-w c:\windows\system32\dllcache\logscrpt.dll
2009-04-23 07:06 . 2004-08-04 12:00 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll
2009-04-23 07:05 . 2004-08-04 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-04-23 07:04 . 2003-03-24 23:52 188494 -c--a-w c:\windows\system32\dllcache\fpcount.exe
2009-04-23 06:50 . 2004-08-04 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-23 06:50 . 2004-08-04 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-23 06:50 . 2004-08-04 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-23 06:50 . 2004-08-04 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-18 21:52 . 2006-09-29 18:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-18 21:52 . 2006-09-29 18:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-18 21:52 . 2006-09-29 18:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\program files\vso
2009-04-18 09:04 . 2009-04-20 04:00 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Corel
2009-04-18 09:03 . 2009-04-20 04:06 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-18 09:02 . 2009-04-18 09:03 -------- d-----w c:\documents and settings\Carson\Application Data\Corel
2009-04-18 09:01 . 2009-04-18 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-04-18 08:55 . 2009-04-18 08:57 -------- d-----w c:\program files\Common Files\Corel
2009-04-18 08:43 . 2009-04-18 08:43 -------- d-----w c:\documents and settings\Carson\Application Data\InstallShield
2009-04-15 19:57 . 2009-04-21 21:24 -------- d-----w c:\documents and settings\Carson\Application Data\skypePM
2009-04-15 19:53 . 2009-04-28 21:11 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-06 02:33 . 2009-04-06 02:33 -------- d-----w c:\program files\VSTplugins
2009-04-06 02:32 . 2009-04-06 02:32 -------- d-----w c:\documents and settings\Carson\Application Data\Publish Providers
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Application Data\Sony
2009-04-06 02:30 . 2009-04-06 02:30 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Sony
2009-04-02 23:40 . 2009-04-02 23:40 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-01 22:54 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-01 22:54 . 2009-04-20 00:03 -------- d-----w c:\program files\Google
2009-04-01 22:54 . 2009-04-18 21:50 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\Google
2009-03-31 04:19 . 2009-03-31 04:19 -------- d-----w c:\documents and settings\Carson\Local Settings\Application Data\WinAVI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 21:18 . 2009-02-11 07:20 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-26 03:14 . 2009-02-20 00:14 -------- d-----w c:\program files\Trojan Remover
2009-04-25 07:10 . 2009-02-11 06:41 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-04-23 07:03 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-23 07:00 . 2009-02-11 06:12 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-23 01:23 . 2009-04-23 01:24 2075136 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-04-20 08:57 . 2009-02-25 02:00 -------- d-----w c:\program files\Java
2009-04-18 21:44 . 2009-04-18 21:46 68608 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-04-18 21:44 . 2009-04-18 21:46 3340800 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-04-18 21:35 . 2009-04-18 21:37 3335680 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-04-18 21:35 . 2009-04-18 21:37 2895872 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-03 07:54 . 2009-04-03 07:56 3200000 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-03 07:54 . 2009-04-03 07:56 2880000 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-30 01:52 . 2009-03-30 01:52 2243609 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-25 04:44 . 2009-03-25 04:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-23 21:12 . 2009-03-23 21:12 135037 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_23_13_04_54_small.dmp.zip
2009-03-09 12:19 . 2009-02-25 02:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 06:19 . 2009-02-11 07:00 27712 ----a-w c:\documents and settings\Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 00:56 . 2009-03-05 00:56 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-04 21:52 . 2009-03-04 21:52 47360 ----a-w c:\documents and settings\Carson\Application Data\pcouffin.sys
2009-03-01 06:13 . 2009-03-01 06:12 -------- d-----w c:\program files\Common Files\ACD Systems
2009-02-28 19:14 . 2009-02-11 06:16 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-28 12:38 . 2009-02-28 12:41 2703872 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-28 12:35 . 2009-02-28 12:41 1259008 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-23 00:21 . 2009-02-23 00:23 2853888 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-02-20 09:03 . 2009-02-20 09:06 2837504 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-02-20 09:03 . 2009-02-20 09:06 1031168 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-02-20 00:16 . 2009-02-20 00:16 0 ----a-w c:\windows\nsreg.dat
2009-02-18 17:44 . 2009-02-18 17:46 2802688 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-18 17:44 . 2009-02-18 17:46 2981888 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-16 16:52 . 2009-02-16 16:59 1424384 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-02-16 16:51 . 2009-02-16 17:00 684544 ----a-w c:\windows\Internet Logs\xDB5.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_05.03.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 01:14 . 2009-04-28 01:14 16384 c:\windows\Temp\Perflib_Perfdata_584.dat
+ 2009-04-28 01:14 . 2009-04-28 01:14 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2160b7f0-2fac-11de-a2ba-00b0d0925717}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder
2009-04-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Carson\Application Data\Mozilla\Firefox\Profiles\4xisy04g.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 14:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-28 14:31
ComboFix-quarantined-files.txt 2009-04-28 21:31
ComboFix2.txt 2009-04-27 03:45
ComboFix3.txt 2009-04-26 05:08
ComboFix4.txt 2009-04-25 07:06
Pre-Run: 4,185,264,128 bytes free
Post-Run: 4,258,709,504 bytes free
146
 

My Computer My Computer

OS
xp
You must log in or register to reply here.

Similar threads

Solved Stuck on activation (help, please! Details below)
Replies
4
Views
2K
AeroTheBetta
A
help with bug check codes please!
Replies
4
Views
1K
axe0
A
Microsoft Windows Activation Technologies Prompt Keeps Popping Up
Replies
2
Views
4K
torchwood
torchwood
Virus?
Replies
2
Views
2K
Ridillz
R
Error Playing League of Legends 0xc000007b
Replies
2
Views
3K
GokAy
GokAy
Back
Top