Spyware IE Monster nightmare

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Spyware IE Monster nightmare29th October 2009, 11:32 pm

Hello!!!

I'm a new member and I have a big problem and it's call Spyware IE Monster and it's turning my computer upside down. I cannot disfragment, I cannot use spybot search and destroy and the same goes with an anti virus. The latest I tried was search on the web about this thing and I find this page that have some instructions and anti virus. I download the two program and I install the anti virus but when was updating the computer said there was a error and shut down. Every time I tried to use my computer the database of the anti virus is trying to update, my background it's black, and suddenly I cannot use anything.

I hope you guys can help me I need my computer working I have tons of work to do

June Bee

Re: Spyware IE Monster nightmare29th October 2009, 11:41 pm

Please download ComboFix Spyware IE Monster nightmare Combofix

from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Spyware IE Monster nightmare RC_successful

Spyware IE Monster nightmare RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Spyware IE Monster nightmare30th October 2009, 12:58 am

Thanks for all your recommendation but when I try to desintall all the antivirus my computer got in big trouble beacause now I can't do thing because in black and in white fonts there is a message telling me We are sorry for the inconvenience blah blah blah and have 3 options on safe mode and in the end start the computer normally.

Now I'm really worry because this happen again and again and again .... my computer it's not working

Re: Spyware IE Monster nightmare30th October 2009, 1:53 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, please try to run ComboFix from there.

Re: Spyware IE Monster nightmare30th October 2009, 2:52 am

This is the log

Have to said my computer it's better now but the background it's still black, the AV database update of pareto its trying to download for the thousand time and I don't have an anti virus... Oh! and still there are pop up from internet explorer even when I used Firefox. Before I forgot I have this weird things in my desktop called: setupxv, setupxv2, setupxv.exe, setup.exepart (2), sdsetup_aff and sdsetup_aff.exe.part what I should do with that?

Hope you can help me and MILLIONS thanks you been a savior Dragon Master Jay ^_^

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\02878833
c:\documents and settings\All Users\Application Data\02878833\02878833 .exe
c:\documents and settings\All Users\Application Data\02878833\02878833.exe
c:\documents and settings\All Users\Application Data\02878833\02878833.exe85
c:\documents and settings\All Users\Application Data\08741323
c:\documents and settings\All Users\Application Data\08741323\08741323.exe
c:\documents and settings\All Users\Application Data\16365930
c:\documents and settings\All Users\Application Data\16365930\16365930 .exe
c:\documents and settings\All Users\Application Data\16365930\16365930.exe
c:\documents and settings\All Users\Application Data\47425224
c:\documents and settings\All Users\Application Data\47425224\47425224.exe
c:\documents and settings\All Users\Application Data\53983533
c:\documents and settings\All Users\Application Data\53983533\53983533.exe
c:\documents and settings\All Users\Application Data\54454426
c:\documents and settings\All Users\Application Data\54454426\54454426.exe
c:\documents and settings\All Users\Application Data\70517525
c:\documents and settings\All Users\Application Data\70517525\70517525.exe
c:\documents and settings\All Users\Application Data\70649632
c:\documents and settings\All Users\Application Data\70649632\70649632 .exe
c:\documents and settings\All Users\Application Data\70649632\70649632.exe
c:\documents and settings\All Users\Application Data\70649632\70649632.exe78
c:\documents and settings\All Users\Application Data\70649632\70649632.exe79
c:\documents and settings\All Users\Application Data\70649632\70649632.exe83
c:\documents and settings\All Users\Application Data\77647132
c:\documents and settings\All Users\Application Data\77647132\77647132 .exe
c:\documents and settings\All Users\Application Data\77647132\77647132.exe
c:\documents and settings\All Users\Application Data\77647132\77647132.exe76
c:\documents and settings\All Users\Application Data\77647132\77647132.exe78
c:\documents and settings\All Users\Application Data\77647132\77647132.exe80
c:\documents and settings\All Users\Application Data\77647132\77647132.exe81
c:\documents and settings\All Users\Application Data\77647132\77647132.exe87
c:\documents and settings\All Users\Application Data\82259430
c:\documents and settings\All Users\Application Data\82259430\82259430.exe
c:\documents and settings\All Users\Application Data\83003115
c:\documents and settings\All Users\Application Data\83003115\83003115 .exe
c:\documents and settings\All Users\Application Data\83003115\83003115.exe
c:\documents and settings\All Users\Application Data\83003115\83003115.exe73
c:\documents and settings\All Users\Application Data\83003115\83003115.exe84
c:\documents and settings\All Users\Application Data\99954541
c:\documents and settings\All Users\Application Data\99954541\99954541.exe
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\JuneBee\alcmtr .exe
c:\documents and settings\JuneBee\Desktop\Security Tool.lnk
c:\documents and settings\JuneBee\rthdcpl .exe
c:\documents and settings\JuneBee\Start Menu\Programs\Security Tool.lnk
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0447394906-7198135938-923767527-5896
c:\recycler\S-1-5-21-0501512522-7646158172-667485994-9599
c:\recycler\S-1-5-21-0582488896-0341407879-146508784-9943
c:\recycler\S-1-5-21-0649299018-0575681889-665819181-3226
c:\recycler\S-1-5-21-1480887236-1093427048-286052243-5724
c:\recycler\S-1-5-21-1902740502-0352043327-731400298-0847
c:\recycler\S-1-5-21-2085476138-6352448493-487585985-8755
c:\recycler\S-1-5-21-2122057287-6182961808-270161215-3959
c:\recycler\S-1-5-21-2468030876-1522567419-221921824-0293
c:\recycler\S-1-5-21-2912753090-5297996505-907942846-7299
c:\recycler\S-1-5-21-3067157358-7231541252-267691266-3851
c:\recycler\S-1-5-21-3692477152-2525541581-418592227-5865
c:\recycler\S-1-5-21-3790742162-2058005016-745427202-8068
c:\recycler\S-1-5-21-3990368166-8654793356-095416647-4906
c:\recycler\S-1-5-21-4102207103-2194824243-971658871-9078
c:\recycler\S-1-5-21-5142299543-4635009795-527315827-0715
c:\recycler\S-1-5-21-5703035853-6813495754-080281061-9322
c:\recycler\S-1-5-21-5752942097-7665383375-038214147-4259
c:\recycler\S-1-5-21-6241425650-5669090170-738427037-7085
c:\recycler\S-1-5-21-6370770112-5774991198-729954531-5808
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543\Desktop.ini
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543\wnzip32.exe
c:\recycler\S-1-5-21-6997879675-0605734716-576047685-4774
c:\recycler\S-1-5-21-7807370869-1119633313-376371884-4884
c:\recycler\S-1-5-21-7837854904-9411621144-094828858-4805
c:\recycler\S-1-5-21-7848606716-6156794711-750258791-4330
c:\recycler\S-1-5-21-8031493540-0863843849-222041641-5349
c:\recycler\S-1-5-21-8675054998-7311240254-664893633-9758
c:\recycler\S-1-5-21-8806091670-5718497770-109241868-5350
c:\recycler\S-1-5-21-8906878401-0971736850-802790970-9204
c:\recycler\S-1-5-21-8988344427-5542921364-820724886-4169
c:\recycler\S-1-5-21-9061000854-2489376264-628387852-4673
c:\recycler\S-1-5-21-9111695606-7120013336-717352267-6103
c:\recycler\S-1-5-21-9688612448-2536263893-654770479-3607
c:\recycler\S-1-5-21-9699104548-3362457128-342960239-8047
c:\recycler\S-1-5-21-9878363925-5772207793-828694395-4689
c:\windows\plfsetl .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\mscert.dll
c:\windows\system32\msvcrt2.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\reg32 .exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\vsnp2uvc .exe

c:\windows\system32\drivers\beep.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_glaide32
-------\Legacy_npf
-------\Service_glaide32
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 01:49 . 2009-10-30 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-10-30 01:49 . 2009-10-30 01:49 -------- d-----w- c:\program files\RegCure
2009-10-30 00:48 . 2009-10-30 01:12 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-30 00:48 . 2009-10-30 01:12 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-30 00:43 . 2009-10-30 01:14 30208 ----a-w- C:\rkfo.exe
2009-10-30 00:43 . 2009-10-30 01:14 205990 ----a-w- C:\vckjykp.exe
2009-10-30 00:43 . 2009-10-30 01:14 15872 ----a-w- C:\hfhhhml.exe
2009-10-30 00:43 . 2009-10-30 01:14 91648 ----a-w- C:\brhpxf.exe
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\program files\ParetoLogic
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-28 23:44 . 2009-10-28 23:44 -------- d-----w- c:\documents and settings\JuneBee\Local Settings\Application Data\Downloaded Installations
2009-10-28 23:25 . 2009-10-30 00:38 1490 ----a-w- C:\MsFrameNet23.5.dat
2009-10-28 23:25 . 2009-10-28 23:57 126464 --sh--r- C:\fxdpynbu.exe
2009-10-28 23:25 . 2009-10-28 23:25 126464 --sha-r- C:\fxdpynbu .exe
2009-10-28 21:22 . 2009-10-30 02:01 4096 ----a-w- c:\windows\system32\drivers\SecuLay.sys
2009-10-28 21:22 . 2009-10-30 02:25 30208 ----a-w- c:\windows\system32\reg32.exe
2009-10-28 21:22 . 2009-10-30 02:25 30208 ----a-w- c:\windows\system32\reg32 .exe
2009-10-28 21:21 . 2009-10-29 01:37 91648 ----a-w- C:\dtnm.exe
2009-10-28 11:37 . 2009-10-30 00:43 822 ----a-w- c:\windows\system32\wininit.dll
2009-10-27 23:37 . 2009-10-27 23:37 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:30 . 2009-10-30 01:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-27 23:29 . 2009-10-30 01:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 23:29 . 2009-10-30 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-27 03:44 . 2009-10-27 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-27 02:37 . 2009-10-30 01:14 30208 ----a-w- c:\documents and settings\JuneBee\alcmtr.exe
2009-10-27 02:37 . 2009-10-30 02:25 30208 ----a-w- c:\documents and settings\JuneBee\rthdcpl.exe
2009-10-27 01:39 . 2009-10-30 02:25 30208 ----a-w- c:\windows\vsnp2uvc.exe
2009-10-27 01:39 . 2009-10-29 01:37 208420 ----a-w- C:\vppf.exe
2009-10-27 01:38 . 2009-10-29 01:37 30208 ----a-w- C:\wwwvg.exe
2009-10-14 21:23 . 2009-10-14 21:23 -------- d-----w- c:\program files\Alwil Software
2009-10-14 02:51 . 2009-10-14 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-14 02:50 . 2009-10-27 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 02:50 . 2009-10-27 03:45 -------- d-----w- c:\documents and settings\JuneBee\Application Data\SUPERAntiSpyware.com
2009-10-14 02:44 . 2009-10-14 02:44 -------- d-----w- c:\documents and settings\JuneBee\Application Data\Malwarebytes
2009-10-14 02:44 . 2009-10-14 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 02:36 . 2009-10-27 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 02:09 . 2009-10-27 22:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 01:47 . 2009-10-27 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-14 00:53 . 2009-10-27 01:37 -------- d-sh--w- c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH
2009-10-11 16:11 . 2009-10-11 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-11 16:09 . 2009-10-15 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-30 18:28 . 2009-09-30 19:04 -------- d-----w- c:\documents and settings\JuneBee\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 02:26 . 2009-10-29 02:22 76288 ----a-w- c:\windows\system32\drivers\a0d2fd81.sys
2009-10-30 02:26 . 2009-10-29 00:23 76288 ----a-w- c:\windows\system32\drivers\45b46bca.sys
2009-10-30 02:25 . 2007-07-05 04:35 30208 ----a-w- c:\windows\plfsetl.exe
2009-10-30 02:25 . 2009-03-06 16:11 -------- d-----w- c:\program files\Launch Manager
2009-10-30 02:25 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\hkcmd.exe
2009-10-30 02:25 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\igfxtray.exe
2009-10-30 01:18 . 2009-10-29 01:10 34854 ----a-w- c:\windows\system32\uses32.dat
2009-10-30 01:14 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\igfxpers.exe
2009-10-29 02:22 . 2009-10-28 23:56 30208 ----a-w- C:\biqxh.exe
2009-10-29 02:22 . 2009-10-28 23:56 91648 ----a-w- C:\fospdj.exe
2009-10-29 02:22 . 2009-10-28 23:56 185034 ----a-w- C:\wtcqrqjr.exe
2009-10-29 01:37 . 2009-10-29 01:37 76288 ----a-w- c:\windows\system32\drivers\47c0a42.sys
2009-10-29 01:36 . 2009-10-29 01:36 12800 ----a-w- C:\ee11.exe
2009-10-29 01:34 . 2009-10-29 01:34 76288 ----a-w- c:\windows\system32\drivers\613d0426.sys
2009-10-29 01:31 . 2009-10-29 01:31 76288 ----a-w- c:\windows\system32\drivers\c28f0714.sys
2009-10-29 00:20 . 2009-10-28 23:57 0 ----a-w- c:\windows\system32\drivers\26efeaee.sys
2009-10-28 23:56 . 2009-10-28 23:56 126464 --sh--r- C:\iopuabg.exe
2009-10-28 11:36 . 2009-03-07 23:40 82008 ----a-w- c:\documents and settings\Idamar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 21:24 . 2008-08-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-19 12:44 . 2009-03-17 22:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-14 22:54 . 2008-08-15 18:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-13 23:27 . 2009-08-22 00:21 -------- d-----w- c:\program files\CorrectNotas
2009-09-13 23:23 . 2009-06-25 16:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-13 23:01 . 2009-09-11 23:45 111975 ----a-w- c:\windows\hpoins07.dat
2009-09-13 23:01 . 2009-09-11 23:45 -------- d-----w- c:\documents and settings\JuneBee\Application Data\HP
2009-09-12 17:56 . 2009-09-12 17:56 129 ----a-w- c:\documents and settings\JuneBee\Local Settings\Application Data\fusioncache.dat
2009-09-12 00:04 . 2009-09-12 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-12 00:02 . 2009-09-12 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-12 00:02 . 2009-09-12 00:02 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-12 00:01 . 2009-09-12 00:01 -------- d-----w- c:\program files\Common Files\HP
2009-09-11 23:57 . 2009-09-11 23:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-11 23:57 . 2009-09-11 23:47 -------- d-----w- c:\program files\HP
2009-09-11 23:55 . 2009-09-11 23:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-11 14:18 . 2008-04-15 03:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-15 03:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2007-08-14 01:54 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-15 03:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-15 03:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2008-04-15 03:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2008-04-15 03:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-15 03:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
"Windows Sicherheitscenter"="c:\windows\system32\reg32.exe" [2009-10-30 30208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-30 30208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-30 30208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-30 30208]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2009-10-30 30208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-30 30208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2009-10-30 30208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-06 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2009-10-30 30208]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-10-30 30208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2009-10-30 30208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-10-30 30208]
"Windows Login Assistance"="c:\documents and settings\Idamar\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft FrameNet 2"="c:\fxdpynbu.exe" [2009-10-28 126464]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-10-30 2355]
"Windows Security Layer"="c:\windows\system32\reg32.exe" [2009-10-30 30208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableCMD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"NoRun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"NoRun"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdnet.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/01/2009 04:17 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 04:17 p.m. 55024]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 02:40 p.m. 587216]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 26efeaee;26efeaee;c:\windows\system32\drivers\26efeaee.sys [28/10/2009 07:57 p.m. 0]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06/03/2009 12:12 p.m. 24064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 04:17 p.m. 7408]
S3 seculay;Security Layer;c:\windows\system32\drivers\SecuLay.sys [28/10/2009 05:22 p.m. 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BEEP
*NewlyCreated* - classpnp_2
*NewlyCreated* - mbr
*NewlyCreated* - pciidex_2
*Deregistered* - classpnp_2
*Deregistered* - mbr
*Deregistered* - pciidex_2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
"c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"

[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
"c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-10-30 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-10-30 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JuneBee\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\
FF - plugin: c:\documents and settings\JuneBee\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-83003115 - c:\docume~1\ALLUSE~1\APPLIC~1\83003115\83003115.exe
HKLM-Run-77647132 - c:\docume~1\ALLUSE~1\APPLIC~1\77647132\77647132.exe
HKLM-Run-70649632 - c:\docume~1\ALLUSE~1\APPLIC~1\70649632\70649632.exe
HKLM-Run-02878833 - c:\docume~1\ALLUSE~1\APPLIC~1\02878833\02878833.exe
HKLM-Run-16365930 - c:\docume~1\ALLUSE~1\APPLIC~1\16365930\16365930.exe
HKLM-Run-08741323 - c:\docume~1\ALLUSE~1\APPLIC~1\08741323\08741323.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 22:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe [916] 0x85168B28

scanning hȋdden autostart entries ...

scanning hȋdden files ...

c:\windows\system32\reg32 .exe 30208 bytes executable

scan completed successfully
hȋdden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45b46bca]
"ImagePath"="\SystemRoot\System32\drivers\45b46bca.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0d2fd81]
"ImagePath"="\SystemRoot\System32\drivers\a0d2fd81.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
c:\acer\Empowering Technology\eRecovery\eRAgent .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\progra~1\LAUNCH~1\QtZgAcer .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\docume~1\JuneBee\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\docume~1\JuneBee\LOCALS~1\Temp\ctv145.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-10-30 22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 02:29

Pre-Run: 141,868,634,112 bytes free
Post-Run: 141,220,454,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CB30168593103D4AC2A49C3DB12DA2CE

Re: Spyware IE Monster nightmare30th October 2009, 3:28 am

Hello.

It appears a spider rootkit is appearing in the log. Please be patient as this may get to be a long process. I have a scanner I created to reveal these types of rootkits. Bow or Thanks

==

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\rkfo.exe
C:\vckjykp.exe
C:\hfhhhml.exe
C:\brhpxf.exe
C:\MsFrameNet23.5.dat
C:\fxdpynbu.exe
C:\fxdpynbu .exe
c:\windows\system32\drivers\SecuLay.sys
c:\windows\system32\reg32.exe
c:\windows\system32\reg32 .exe
C:\dtnm.exe
C:\vppf.exe
C:\wwwvg.exe
c:\windows\system32\drivers\a0d2fd81.sys
c:\windows\system32\drivers\45b46bca.sys
C:\biqxh.exe
C:\wtcqrqjr.exe
c:\windows\system32\drivers\47c0a42.sys
C:\ee11.exe
c:\windows\system32\drivers\613d0426.sys
c:\windows\system32\drivers\c28f0714.sys
c:\windows\system32\drivers\26efeaee.sys
C:\iopuabg.exe
C:\fospdj.exe
c:\windows\system32\kbdnet.dll
c:\windows\system32\drivers\26efeaee.sys

Folder::
c:\program files\Common Files\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
c:\program files\ParetoLogic
c:\documents and settings\All Users\Application Data\RegCure
c:\program files\RegCure
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Login Assistance"=-
"Windows Sicherheitscenter"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Login Assistance"=-
"ParetoLogic Anti-Virus PLUS"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"=-

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableCMD"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=-
"DisableRegistryTools"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=-
"NoRun"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=-
"NoRun"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
[-HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45b46bca]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0d2fd81]

NetSvc::
seculay
26efeaee
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

NEXT

Please go HERE. Copy and paste the following file path in to the box.

c:\windows\system32\user32.DLL

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\system32\wininit.dll

Then click submit.

When prompted to get old results, PLEASE RESCAN instead. The files must be re-scanned.

Please post the results (URL) to your next reply.

NEXT

Please download SpiderKill and save it to your Desktop.

Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

==

Please make sure the ComboFix log, VirusTotal urls, and the SpiderKill log is in your next reply.

Re: Spyware IE Monster nightmare30th October 2009, 10:22 pm

There is a problem ... Combo fix don't want to open every time I click on run it start to download and suddenly closed itself...

Re: Spyware IE Monster nightmare30th October 2009, 10:49 pm

Ok. Do you have the other results?

Re: Spyware IE Monster nightmare30th October 2009, 11:11 pm

c:\windows\system32\user32.DLL
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.30 -
AhnLab-V3 5.0.0.2 2009.10.29 -
AntiVir 7.9.1.50 2009.10.29 -
Antiy-AVL 2.0.3.7 2009.10.27 -
Authentium 5.1.2.4 2009.10.29 -
Avast 4.8.1351.0 2009.10.29 -
AVG 8.5.0.423 2009.10.29 -
BitDefender 7.2 2009.10.30 -
CAT-QuickHeal 10.00 2009.10.30 -
ClamAV 0.94.1 2009.10.30 -
Comodo 2774 2009.10.30 -
DrWeb 5.0.0.12182 2009.10.29 -
eSafe 7.0.17.0 2009.10.29 Win32.Banker
eTrust-Vet 35.1.7092 2009.10.29 -
F-Prot 4.5.1.85 2009.10.29 -
F-Secure 9.0.15370.0 2009.10.27 -
Fortinet 3.120.0.0 2009.10.29 -
GData 19 2009.10.30 -
Ikarus T3.1.1.72.0 2009.10.30 -
Jiangmin 11.0.800 2009.10.30 -
K7AntiVirus 7.10.883 2009.10.29 -
Kaspersky 7.0.0.125 2009.10.30 -
McAfee 5786 2009.10.29 -
McAfee+Artemis 5786 2009.10.29 -
McAfee-GW-Edition 6.8.5 2009.10.29 -
Microsoft 1.5202 2009.10.29 -
NOD32 4556 2009.10.29 -
Norman 6.03.02 2009.10.29 -
nProtect 2009.1.8.0 2009.10.29 -
Panda 10.0.2.2 2009.10.29 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.30 -
Rising 21.53.40.00 2009.10.30 -
Sophos 4.47.0 2009.10.30 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.30 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.29 -
VBA32 3.12.10.11 2009.10.29 -
ViRobot 2009.10.30.2012 2009.10.30 -
VirusBuster 4.6.5.0 2009.10.29 -
Additional information
File size: 578560 bytes
MD5 : b26b135ff1b9f60c9388b4a7d16f600b
SHA1 : 08fe9ff1fe9b8fd237adedb10d65fb0447b91fe5
SHA256: acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB217
timedatestamp.....: 0x4802A11B (Mon Apr 14 02:11:07 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5F283 0x5F400 6.65 25051dc5344bd71f517de4813f1397ed
.data 0x61000 0x1180 0xC00 2.38 28fc1d764bf4ed37bb349bca5991a1ff
.rsrc 0x63000 0x2A088 0x2A200 4.97 818c69d1407c2f66058a8171086b2fba
.reloc 0x8E000 0x2DE4 0x2E00 6.77 68ebe5a2d822be0663a3e935b39d0bae

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=b26b135ff1b9f60c9388b4a7d16f600b
ssdeep: 6144:Q7ML7NoIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacCGNoEd:foHEHblpWz0jPLhEfgP6WMDoEJY
PEiD : -
RDS : NSRL Reference Data Set

a-squared 4.5.0.41 2009.10.30 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.50 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.30 -
Avast 4.8.1351.0 2009.10.29 -
AVG 8.5.0.423 2009.10.30 -
BitDefender 7.2 2009.10.30 -
CAT-QuickHeal 10.00 2009.10.30 -
ClamAV 0.94.1 2009.10.30 -
Comodo 2780 2009.10.30 -
DrWeb 5.0.0.12182 2009.10.30 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7093 2009.10.30 -
F-Prot 4.5.1.85 2009.10.30 -
F-Secure 9.0.15370.0 2009.10.27 -
Fortinet 3.120.0.0 2009.10.30 -
GData 19 2009.10.30 -
Ikarus T3.1.1.72.0 2009.10.30 -
Jiangmin 11.0.800 2009.10.30 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.30 -
McAfee 5786 2009.10.29 -
McAfee+Artemis 5786 2009.10.29 -
McAfee-GW-Edition 6.8.5 2009.10.30 -
Microsoft 1.5202 2009.10.30 -
NOD32 4558 2009.10.30 -
Norman 6.03.02 2009.10.30 -
nProtect 2009.1.8.0 2009.10.30 -
Panda 10.0.2.2 2009.10.30 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.30 -
Rising 21.53.43.00 2009.10.30 -
Sophos 4.47.0 2009.10.30 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.30 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.30 -
VBA32 3.12.10.11 2009.10.29 -
ViRobot 2009.10.30.2013 2009.10.30 -
VirusBuster 4.6.5.0 2009.10.29 -
Additional information
File size: 26112 bytes
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54AD
timedatestamp.....: 0x480251A8 (Sun Apr 13 20:32:08 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520E 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1
.data 0x7000 0x14C 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0xB50 0xC00 3.27 bac832e39f87c4f5f640e5d5c6a1c2fc

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
PEiD : -
RDS : NSRL Reference Data Set
-

C:\windows\system32\wininit.dll
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.30 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.30 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.30 -
BitDefender 7.2 2009.10.30 -
CAT-QuickHeal 10.00 2009.10.30 -
ClamAV 0.94.1 2009.10.30 -
Comodo 2780 2009.10.30 -
DrWeb 5.0.0.12182 2009.10.30 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.30 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.30 -
GData 19 2009.10.30 -
Ikarus T3.1.1.72.0 2009.10.30 -
Jiangmin 11.0.800 2009.10.30 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.30 -
Microsoft 1.5202 2009.10.30 -
NOD32 4559 2009.10.30 -
Norman 6.03.02 2009.10.30 TdssConf.D
nProtect 2009.1.8.0 2009.10.30 -
Panda 10.0.2.2 2009.10.30 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.43.00 2009.10.30 -
Sophos 4.47.0 2009.10.30 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.30 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.30 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.30.2013 2009.10.30 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 822 bytes
MD5...: 8391abede62450de09f3c478f5711e27
SHA1..: c0d7a909b831ce572cf520f5855b5ee659a6740b
SHA256: 2cc03363ff462c057f8e806b3180f957fe259a0db1bb7d410e2300fbcfe454b9
ssdeep: 12:73r1CzuI+/KIqYieV//VXGhmUMZ1TDhsKGelztCCscA5GWc6Dx9M7NTqwjfEr
JOM:XNTq5i/9OmVZJRsj5Gom7NPTErJwufaM
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Re: Spyware IE Monster nightmare30th October 2009, 11:20 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )

Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************

Volume in drive C is ACER
Volume Serial Number is

Directory of C:\Windows\System32\Drivers

29/10/2009 10:29 p.m. .
29/10/2009 10:29 p.m. ..
09/01/2008 10:27 p.m. 8 1025_ACER_AOA150.MRK
28/10/2009 08:20 p.m. 0 26efeaee.sys
30/10/2009 07:12 p.m. 76,288 45b46bca.sys
28/10/2009 09:37 p.m. 76,288 47c0a42.sys
28/10/2009 09:34 p.m. 76,288 613d0426.sys
18/01/2008 04:16 p.m. 83,880 a016bus.sys
18/01/2008 04:16 p.m. 12,200 a016cm.sys
18/01/2008 04:16 p.m. 12,200 a016cmnt.sys
18/01/2008 04:16 p.m. 15,016 a016mdfl.sys
18/01/2008 04:16 p.m. 110,504 a016mdm.sys
18/01/2008 04:16 p.m. 104,488 a016mgmt.sys
18/01/2008 04:16 p.m. 100,648 a016obex.sys
18/01/2008 04:16 p.m. 12,200 a016wh.sys
18/01/2008 04:16 p.m. 12,200 a016whnt.sys
30/10/2009 07:12 p.m. 76,288 a0d2fd81.sys
14/04/2008 11:00 p.m. 23,552 ABP480N5.SYS
14/04/2008 11:00 p.m. 187,776 acpi.sys
14/04/2008 11:00 p.m. 11,648 acpiec.sys
14/04/2008 11:00 p.m. 101,888 adpu160m.sys
14/04/2008 01:09 a.m. 142,592 aec.sys
14/08/2008 06:04 a.m. 138,496 afd.sys
14/04/2008 03:06 a.m. 42,368 agp440.sys
14/04/2008 03:06 a.m. 44,928 AGPCPQ.SYS
14/04/2008 11:00 p.m. 12,800 aha154x.sys
14/04/2008 11:00 p.m. 55,168 aic78u2.sys
14/04/2008 11:00 p.m. 56,960 aic78xx.sys
14/04/2008 11:00 p.m. 5,248 aliide.sys
14/04/2008 03:06 a.m. 42,752 ALIM1541.SYS
14/04/2008 03:06 a.m. 43,008 AMDAGP.SYS
14/04/2008 11:00 p.m. 37,376 amdk6.sys
14/04/2008 11:00 p.m. 37,760 amdk7.sys
14/04/2008 11:00 p.m. 12,032 amsint.sys
14/04/2008 11:00 p.m. 60,800 arp1394.sys
14/04/2008 11:00 p.m. 26,496 asc.sys
14/04/2008 11:00 p.m. 22,400 asc3350p.sys
14/04/2008 11:00 p.m. 14,848 asc3550.sys
14/04/2008 11:00 p.m. 14,336 asyncmac.sys
14/04/2008 11:00 p.m. 96,512 atapi.sys
20/05/2008 08:31 p.m. 1,312,576 athw.sys
14/04/2008 11:00 p.m. 59,904 atmarpc.sys
14/04/2008 11:00 p.m. 31,360 atmepvc.sys
14/04/2008 11:00 p.m. 55,808 atmlane.sys
14/04/2008 11:00 p.m. 352,256 atmuni.sys
17/08/2001 09:59 a.m. 3,072 audstub.sys
13/04/2008 08:06 p.m. 14,208 battc.sys
14/04/2008 11:00 p.m. 4,224 beep.sys
14/04/2008 11:00 p.m. 71,552 bridge.sys
13/06/2008 07:05 a.m. 272,128 bthport.sys
28/10/2009 09:31 p.m. 76,288 c28f0714.sys
14/04/2008 11:00 p.m. 13,952 cbidf2k.sys
14/04/2008 04:16 a.m. 17,024 CCDECODE.sys
14/04/2008 11:00 p.m. 7,680 cd20xrnt.sys
14/04/2008 11:00 p.m. 18,688 cdaudio.sys
14/04/2008 11:00 p.m. 63,744 cdfs.sys
14/04/2008 11:00 p.m. 62,976 cdrom.sys
14/04/2008 11:00 p.m. 262,528 cinemst2.sys
14/04/2008 11:00 p.m. 49,536 classpnp.sys
13/04/2008 08:06 p.m. 13,952 CmBatt.sys
14/04/2008 11:00 p.m. 6,656 cmdide.sys
13/04/2008 08:06 p.m. 10,240 compbatt.sys
14/04/2008 11:00 p.m. 14,976 cpqarray.sys
14/04/2008 11:00 p.m. 11,776 cpqdap01.sys
14/04/2008 11:00 p.m. 36,736 crusoe.sys
14/04/2008 11:00 p.m. 179,584 dac2w2k.sys
14/04/2008 11:00 p.m. 14,720 dac960nt.sys
15/08/2008 06:24 a.m. disdn
14/04/2008 11:00 p.m. 36,352 disk.sys
14/04/2008 11:00 p.m. 14,208 diskdump.sys
08/12/2004 02:10 a.m. 16,896 DKbFltr.SYS
14/04/2008 11:00 p.m. 799,744 dmboot.sys
14/04/2008 11:00 p.m. 153,344 dmio.sys
14/04/2008 11:00 p.m. 5,888 dmload.sys
14/04/2008 03:15 a.m. 52,864 DMusic.sys
14/04/2008 11:00 p.m. 20,192 dpti2o.sys
14/04/2008 03:15 a.m. 60,160 drmk.sys
14/04/2008 03:15 a.m. 2,944 drmkaud.sys
14/04/2008 11:00 p.m. 10,496 dxapi.sys
14/04/2008 11:00 p.m. 71,168 dxg.sys
14/04/2008 11:00 p.m. 3,328 dxgthk.sys
29/10/2009 10:24 p.m. etc
14/04/2008 11:00 p.m. 143,744 fastfat.sys
14/04/2008 11:00 p.m. 27,392 fdc.sys
14/04/2008 11:00 p.m. 44,544 fips.sys
14/04/2008 11:00 p.m. 20,480 flpydisk.sys
14/04/2008 11:00 p.m. 129,792 fltMgr.sys
14/04/2008 11:00 p.m. 12,160 fsvga.sys
14/04/2008 11:00 p.m. 7,936 fs_rec.sys
14/04/2008 11:00 p.m. 125,056 ftdisk.sys
14/04/2008 11:00 p.m. 3,440,660 gm.dls
14/04/2008 11:00 p.m. 646 gmreadme.txt
14/04/2008 11:00 p.m. 144,384 hdaudbus.sys
14/04/2008 11:00 p.m. 36,864 hidclass.sys
14/04/2008 11:00 p.m. 24,960 hidparse.sys
14/04/2008 11:00 p.m. 25,952 hpn.sys
08/03/2005 12:43 a.m. 51,120 HPZid412.sys
08/03/2005 12:43 a.m. 16,496 HPZipr12.sys
08/03/2005 12:43 a.m. 21,744 HPZius12.sys
14/04/2008 11:00 p.m. 264,832 http.sys
14/04/2008 11:00 p.m. 8,576 i2omgmt.sys
14/04/2008 11:00 p.m. 18,560 i2omp.sys
14/04/2008 11:00 p.m. 52,480 i8042prt.sys
15/02/2008 01:12 a.m. 5,854,752 igxpmp32.sys
14/04/2008 11:00 p.m. 42,112 imapi.sys
14/04/2008 11:00 p.m. 16,000 ini910u.sys
14/04/2008 11:00 p.m. 5,504 intelide.sys
14/04/2008 11:00 p.m. 36,352 intelppm.sys
14/04/2008 11:00 p.m. 36,608 ip6fw.sys
14/04/2008 11:00 p.m. 32,896 ipfltdrv.sys
14/04/2008 11:00 p.m. 20,864 ipinip.sys
14/04/2008 11:00 p.m. 152,832 ipnat.sys
14/04/2008 11:00 p.m. 75,264 ipsec.sys
14/04/2008 11:00 p.m. 11,264 irenum.sys
14/04/2008 11:00 p.m. 37,248 isapnp.sys
14/04/2008 11:00 p.m. 24,576 kbdclass.sys
14/04/2008 03:15 a.m. 172,416 kmixer.sys
14/04/2008 12:46 a.m. 141,056 ks.sys
24/06/2009 07:18 a.m. 92,928 ksecdd.sys
14/04/2008 11:00 p.m. 7,680 mcd.sys
14/04/2008 11:00 p.m. 63,744 mf.sys
14/04/2008 11:00 p.m. 4,224 mnmdd.sys
14/04/2008 11:00 p.m. 30,080 modem.sys
14/04/2008 03:09 a.m. 23,040 mouclass.sys
14/04/2008 11:00 p.m. 42,368 mountmgr.sys
14/04/2008 11:00 p.m. 17,280 mraid35x.sys
14/04/2008 11:00 p.m. 180,608 mrxdav.sys
24/10/2008 07:21 a.m. 455,296 mrxsmb.sys
14/04/2008 11:00 p.m. 19,072 msfs.sys
14/04/2008 11:00 p.m. 35,072 msgpc.sys
14/04/2008 03:09 a.m. 7,552 MSKSSRV.sys
14/04/2008 03:09 a.m. 5,376 MSPCLOCK.sys
14/04/2008 03:09 a.m. 4,992 MSPQM.sys
14/04/2008 03:06 a.m. 15,488 mssmbios.sys
14/04/2008 04:09 a.m. 5,504 MSTEE.sys
14/04/2008 11:00 p.m. 105,344 mup.sys
14/04/2008 04:16 a.m. 85,248 NABTSFEC.sys
14/04/2008 11:00 p.m. 182,656 ndis.sys
14/04/2008 04:16 a.m. 10,880 NdisIP.sys
14/04/2008 11:00 p.m. 10,112 ndistapi.sys
14/04/2008 11:00 p.m. 14,592 ndisuio.sys
14/04/2008 11:00 p.m. 91,520 ndiswan.sys
14/04/2008 11:00 p.m. 40,576 ndproxy.sys
14/04/2008 11:00 p.m. 34,688 netbios.sys
14/04/2008 11:00 p.m. 162,816 netbt.sys
14/04/2008 11:00 p.m. 61,824 nic1394.sys
14/04/2008 11:00 p.m. 12,032 nikedrv.sys
14/04/2008 11:00 p.m. 40,320 nmnt.sys
14/04/2008 11:00 p.m. 30,848 npfs.sys
14/04/2008 11:00 p.m. 574,976 ntfs.sys
14/04/2008 11:00 p.m. 2,944 null.sys
14/04/2008 11:00 p.m. 12,416 nwlnkflt.sys
14/04/2008 11:00 p.m. 32,512 nwlnkfwd.sys
14/04/2008 11:00 p.m. 88,320 nwlnkipx.sys
14/04/2008 11:00 p.m. 63,232 nwlnknb.sys
14/04/2008 11:00 p.m. 55,936 nwlnkspx.sys
14/04/2008 11:00 p.m. 3,456 oprghdlr.sys
14/04/2008 11:00 p.m. 42,752 p3.sys
14/04/2008 11:00 p.m. 80,128 parport.sys
14/04/2008 11:00 p.m. 19,712 partmgr.sys
14/04/2008 11:00 p.m. 6,784 parvdm.sys
14/04/2008 11:00 p.m. 68,224 pci.sys
14/04/2008 11:00 p.m. 3,328 pciide.sys
14/04/2008 11:00 p.m. 24,960 pciidex.sys
14/04/2008 11:00 p.m. 120,192 pcmcia.sys
14/04/2008 11:00 p.m. 27,296 perc2.sys
14/04/2008 11:00 p.m. 5,504 perc2hib.sys
14/04/2008 03:49 a.m. 146,048 portcls.sys
14/04/2008 11:00 p.m. 35,840 processr.sys
14/04/2008 11:00 p.m. 69,120 psched.sys
14/04/2008 11:00 p.m. 17,792 ptilink.sys
26/01/2005 02:03 a.m. 20,576 pxhelp20.sys
14/04/2008 11:00 p.m. 40,320 ql1080.sys
14/04/2008 11:00 p.m. 33,152 ql10wnt.sys
14/04/2008 11:00 p.m. 45,312 ql12160.sys
14/04/2008 11:00 p.m. 40,448 ql1240.sys
14/04/2008 11:00 p.m. 49,024 ql1280.sys
14/04/2008 11:00 p.m. 8,832 rasacd.sys
14/04/2008 11:00 p.m. 51,328 rasl2tp.sys
14/04/2008 11:00 p.m. 41,472 raspppoe.sys
14/04/2008 11:00 p.m. 48,384 raspptp.sys
14/04/2008 11:00 p.m. 16,512 raspti.sys
14/04/2008 11:00 p.m. 34,432 rawwan.sys
14/04/2008 11:00 p.m. 175,744 rdbss.sys
14/04/2008 11:00 p.m. 4,224 rdpcdd.sys
14/04/2008 03:02 a.m. 196,224 rdpdr.sys
14/04/2008 11:00 p.m. 139,656 rdpwd.sys
14/04/2008 03:10 a.m. 57,600 redbook.sys
14/04/2008 11:00 p.m. 12,032 rio8drv.sys
14/04/2008 11:00 p.m. 12,032 riodrv.sys
08/05/2008 10:02 a.m. 203,136 rmcast.sys
14/04/2008 11:00 p.m. 30,592 rndismp.sys
14/04/2008 11:00 p.m. 5,888 rootmdm.sys
07/08/2008 06:14 a.m. 111,360 Rtenicxp.sys
26/06/2005 05:29 p.m. 520 RTEQEX0.dat
26/06/2005 05:29 p.m. 520 RTEQEX1.dat
13/07/2007 02:11 a.m. 8 rtkhdaud.dat
20/05/2008 05:53 a.m. 4,800,000 RtkHDAud.sys
06/06/2008 10:08 a.m. 164 SamSfPa.dat
27/10/2009 07:37 p.m. 93,360 SBREDrv.sys
14/04/2008 11:00 p.m. 96,384 scsiport.sys
14/04/2008 11:00 p.m. 79,232 sdbus.sys
14/04/2008 11:00 p.m. 20,480 secdrv.sys
29/10/2009 10:01 p.m. 4,096 SecuLay.sys
14/04/2008 11:00 p.m. 15,744 serenum.sys
14/04/2008 11:00 p.m. 64,512 serial.sys
14/04/2008 11:00 p.m. 11,904 sffdisk.sys
14/04/2008 11:00 p.m. 10,240 sffp_mmc.sys
14/04/2008 11:00 p.m. 11,008 sffp_sd.sys
14/04/2008 11:00 p.m. 11,392 sfloppy.sys
14/04/2008 03:06 a.m. 40,960 SISAGP.SYS
14/04/2008 11:00 p.m. 11,136 SLIP.sys
14/04/2008 11:00 p.m. 14,592 smclib.sys
09/05/2007 03:16 p.m. 28,160 sncduvc.sys
01/10/2007 02:59 p.m. 1,769,984 snp2uvc.sys
14/04/2008 11:00 p.m. 25,344 sonydcam.sys
14/04/2008 11:00 p.m. 19,072 sparrow.sys
14/04/2008 03:15 a.m. 6,272 splitter.sys
14/04/2008 11:00 p.m. 73,472 sr.sys
11/12/2008 06:57 a.m. 333,952 srv.sys
14/04/2008 03:15 a.m. 49,408 stream.sys
14/04/2008 11:00 p.m. 15,232 StreamIP.sys
14/04/2008 03:09 a.m. 4,352 swenum.sys
14/04/2008 03:15 a.m. 56,576 swmidi.sys
14/04/2008 11:00 p.m. 16,256 symc810.sys
14/04/2008 11:00 p.m. 32,640 symc8xx.sys
14/04/2008 11:00 p.m. 28,384 sym_hi.sys
14/04/2008 11:00 p.m. 30,688 sym_u3.sys
24/04/2008 09:17 p.m. 225,024 SynTP.sys
14/04/2008 03:45 a.m. 60,800 sysaudio.sys
14/04/2008 11:00 p.m. 14,976 tape.sys
20/06/2008 07:51 a.m. 361,600 tcpip.sys
20/06/2008 07:08 a.m. 225,856 tcpip6.sys
14/04/2008 11:00 p.m. 19,072 tdi.sys
14/04/2008 11:00 p.m. 12,040 tdpipe.sys
14/04/2008 11:00 p.m. 21,896 tdtcp.sys
14/04/2008 08:43 a.m. 40,840 termdd.sys
14/04/2008 11:00 p.m. 51,712 tosdvd.sys
14/04/2008 11:00 p.m. 4,992 toside.sys
14/04/2008 11:00 p.m. 21,376 tsbvcap.sys
14/04/2008 11:00 p.m. 12,288 tunmp.sys
14/04/2008 11:00 p.m. 66,048 udfs.sys
14/04/2008 11:00 p.m. 36,736 ultra.sys
05/07/2009 06:50 p.m. UMDF
14/04/2008 11:00 p.m. 384,768 update.sys
14/04/2008 11:00 p.m. 12,800 usb8023.sys
14/04/2008 11:00 p.m. 25,600 usbcamd.sys
14/04/2008 11:00 p.m. 25,728 usbcamd2.sys
14/04/2008 11:00 p.m. 32,128 usbccgp.sys
14/04/2008 11:00 p.m. 4,736 usbd.sys
14/04/2008 03:15 a.m. 30,208 usbehci.sys
14/04/2008 03:15 a.m. 59,520 usbhub.sys
14/04/2008 11:00 p.m. 15,872 usbintel.sys
14/04/2008 03:15 a.m. 143,872 usbport.sys
14/04/2008 12:17 a.m. 25,856 usbprint.sys
14/04/2008 12:15 a.m. 15,104 usbscan.sys
14/04/2008 11:00 p.m. 26,368 USBSTOR.SYS
14/04/2008 03:15 a.m. 20,608 usbuhci.sys
14/04/2008 11:00 p.m. 58,112 vdmindvd.sys
14/04/2008 11:00 p.m. 20,992 vga.sys
14/04/2008 03:06 a.m. 42,240 VIAAGP.SYS
14/04/2008 11:00 p.m. 5,376 viaide.sys
14/04/2008 11:00 p.m. 81,664 videoprt.sys
14/04/2008 11:00 p.m. 52,352 volsnap.sys
14/04/2008 11:00 p.m. 34,560 wanarp.sys
14/04/2008 03:47 a.m. 83,072 wdmaud.sys
13/04/2008 08:06 p.m. 8,832 wmiacpi.sys
14/04/2008 11:00 p.m. 4,352 wmilib.sys
18/10/2006 08:00 p.m. 38,528 wpdusb.sys
14/04/2008 11:00 p.m. 12,032 ws2ifsl.sys
14/04/2008 04:16 a.m. 19,200 WSTCODEC.SYS
28/09/2006 06:55 p.m. 77,568 WudfPf.sys
28/09/2006 07:00 p.m. 82,944 WudfRd.sys
268 File(s) 32,733,894 bytes

Directory of C:\Windows\System32\Drivers\disdn

15/08/2008 06:24 a.m. .
15/08/2008 06:24 a.m. ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

29/10/2009 10:24 p.m. .
29/10/2009 10:24 p.m. ..
29/10/2009 10:24 p.m. 27 hosts
14/04/2008 11:00 p.m. 734 hosts.msn
14/04/2008 11:00 p.m. 3,683 lmhosts.sam
14/04/2008 11:00 p.m. 407 networks
14/04/2008 11:00 p.m. 799 protocol
14/04/2008 11:00 p.m. 7,116 services
6 File(s) 12,766 bytes

Directory of C:\Windows\System32\Drivers\UMDF

05/07/2009 06:50 p.m. .
05/07/2009 06:50 p.m. ..
18/10/2006 09:47 p.m. 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
275 File(s) 33,417,892 bytes
11 Dir(s) 141,242,834,944 bytes free

***********************Hidden Drivers********************
Volume in drive C is ACER
Volume Serial Number is F001-C7B1

Directory of C:\Windows\System32\Drivers

*********************Processes*******************

PROCESS PID PRIO PATH
smss.exe 644 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 700 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 724 High C:\WINDOWS\system32\winlogon.exe
services.exe 768 Normal C:\WINDOWS\system32\services.exe
lsass.exe 780 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 948 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 992 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1032 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1176 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1200 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1452 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1528 Normal C:\WINDOWS\system32\svchost.exe
iviRegMgr.exe 1584 Normal C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
jqs.exe 1596 Idle C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe 1688 Normal C:\WINDOWS\system32\svchost.exe
Explorer.EXE 132 Normal C:\WINDOWS\Explorer.EXE
alg.exe 1132 Normal C:\WINDOWS\System32\alg.exe
igfxtray.exe 492 Normal C:\WINDOWS\system32\igfxtray.exe
RTHDCPL.EXE 516 Normal C:\WINDOWS\RTHDCPL.EXE
wscntfy.exe 520 Normal C:\WINDOWS\system32\wscntfy.exe
GoogleDesktop.exe 1852 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
jusched.exe 1224 Normal C:\Program Files\Java\jre6\bin\jusched.exe
fxdpynbu.exe 1652 Normal C:\fxdpynbu.exe
msnmsgr.exe 2068 Normal C:\Program Files\Windows Live\Messenger\msnmsgr.exe
GoogleToolbarNotifier.exe 2108 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SEPCSuite.exe 2140 Normal C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
hpqtra08.exe 2272 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
WinCinemaMgr.exe 2388 Normal C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
SynTPEnh .exe 2472 Above Normal C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
QtZgAcer .exe 2568 Normal C:\PROGRA~1\LAUNCH~1\QtZgAcer .exe
eRAgent .exe 2604 Normal C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
HPWuSchd2 .exe 2680 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
RtkBtMnt.exe 2816 Normal C:\DOCUME~1\JuneBee\LOCALS~1\Temp\RtkBtMnt.exe
hpqimzone.exe 2924 Normal C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
igfxext.exe 2928 Normal C:\WINDOWS\system32\igfxext.exe
igfxsrvc.exe 2980 Normal C:\WINDOWS\system32\igfxsrvc.exe
hpqSTE08.exe 3040 Normal C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
ctfmon.exe 3236 Normal C:\WINDOWS\system32\ctfmon.exe
hprblog.exe 3252 Normal C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
firefox.exe 2304 Normal C:\Program Files\Mozilla Firefox\firefox.exe
ctv3816.exe 1904 Normal C:\DOCUME~1\Idamar\LOCALS~1\Temp\ctv3816.exe
IEXPLORE.EXE 3960 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
cmd.exe 3232 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 128 Normal C:\Documents and Settings\JuneBee\Desktop\SpiderKill\SpiderKill\processes.exe

Module information for 'Explorer.EXE'(132)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.16915 (vista_gdr.090826-0339) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16915 (vista_gdr.090826-0339) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1360000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
ieframe.dll 3e1c0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16915 (vista_gdr.090826-0339) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
urlmon.dll 78130000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16915 (vista_gdr.090826-0339) OLE32 Extensions for Win32
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16915 (vista_gdr.090826-0339) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
msutb.dll 5fc10000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft

Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
sendmail.dll 5cdc0000 65536 C:\WINDOWS\system32\sendmail.dll 6.00.2900.5512 (xpsp.080413-2105) Send Mail
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
wpdshext.dll 16210000 2613248 C:\WINDOWS\system32\wpdshext.dll 5.2.5721.5145 (WMP_11.061018-2006) Portable Devices Shell Extension
gdiplus.dll 4ec50000 1748992 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll 5.2.6001.22319 (vistasp1_ldr.081126-1506) Microsoft GDI+
shgina.dll 73d70000 77824 C:\WINDOWS\system32\shgina.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Shell User Logon
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll 2c70000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
Audiodev.dll 7160000 286720 C:\WINDOWS\system32\Audiodev.dll 5.2.5721.5145 (WMP_11.061018-2006) Portable Media Devices Shell Extension
WMVCore.DLL 15110000 2473984 C:\WINDOWS\system32\WMVCore.DLL 11.0.5721.5265 (WMP_11.090519-2220) Windows Media Playback/Authoring DLL
WMASF.DLL 11c70000 237568 C:\WINDOWS\system32\WMASF.DLL 11.0.5721.5238 (WMP_11.071025-0642) Windows Media ASF DLL
wiashext.dll 593f0000 598016 C:\WINDOWS\system32\wiashext.dll 5.1.2600.5512 (xpsp.080413-0852) Imaging Devices Shell Folder UI
sti.dll 73ba0000 77824 C:\WINDOWS\system32\sti.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
PDFShell.dll 10000000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MSVCR80.dll 38c0000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft

C Runtime Library
WinSCard.dll 723d0000 114688 C:\WINDOWS\system32\WinSCard.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Smart Card API
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub

******************************************
EOF

Re: Spyware IE Monster nightmare31st October 2009, 1:15 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\rkfo.exe
C:\vckjykp.exe
C:\hfhhhml.exe
C:\brhpxf.exe
C:\MsFrameNet23.5.dat
C:\fxdpynbu.exe
C:\fxdpynbu .exe
c:\windows\system32\drivers\SecuLay.sys
c:\windows\system32\reg32.exe
c:\windows\system32\reg32 .exe
C:\dtnm.exe
C:\vppf.exe
C:\wwwvg.exe
c:\windows\system32\drivers\a0d2fd81.sys
c:\windows\system32\drivers\45b46bca.sys
C:\biqxh.exe
C:\wtcqrqjr.exe
c:\windows\system32\drivers\47c0a42.sys
C:\ee11.exe
c:\windows\system32\drivers\613d0426.sys
c:\windows\system32\drivers\c28f0714.sys
c:\windows\system32\drivers\26efeaee.sys
C:\iopuabg.exe
C:\fospdj.exe
c:\windows\system32\kbdnet.dll
c:\windows\system32\drivers\26efeaee.sys

Folder::
c:\program files\Common Files\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
c:\program files\ParetoLogic
c:\documents and settings\All Users\Application Data\RegCure
c:\program files\RegCure
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Login Assistance"=-
"Windows Sicherheitscenter"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Login Assistance"=-
"ParetoLogic Anti-Virus PLUS"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"=-

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableCMD"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=-
"DisableRegistryTools"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=-
"NoRun"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=-
"NoRun"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
[-HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45b46bca]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0d2fd81]

NetSvc::
seculay
26efeaee
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Spyware IE Monster nightmare31st October 2009, 2:21 am

Hello!

Thank you so much for your time ...

Here is the new log .... still having problems and another weird thing call Catch me and I don't dare to open or delete it ...

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-31 30208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-31 30208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-31 30208]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2009-10-31 30208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-31 30208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2009-10-31 30208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-06 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2009-10-31 30208]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-10-31 30208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2009-10-31 30208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-10-31 30208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft FrameNet 2"="c:\fxdpynbu.exe" [2009-10-31 30208]
"Windows Security Layer"="c:\windows\system32\reg32.exe" [2009-10-31 30208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/01/2009 04:17 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 04:17 p.m. 55024]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06/03/2009 12:12 p.m. 24064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 04:17 p.m. 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - RECYCLER\autorun.exe
\Shell\open\command - RECYCLER\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Idamar\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\
FF - plugin: c:\documents and settings\JuneBee\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 22:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

c:\windows\system32\igfxtray .exe 30208 bytes executable

scan completed successfully
hȋdden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\progra~1\LAUNCH~1\QtZgAcer .exe
c:\acer\Empowering Technology\eRecovery\eRAgent .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\windows\system32\igfxext.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\docume~1\JuneBee\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-10-31 22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 02:14
ComboFix2.txt 2009-10-31 01:48
ComboFix3.txt 2009-10-30 02:29

Pre-Run: 142,316,216,320 bytes free
Post-Run: 141,217,497,088 bytes free

- - End Of File - -

Re: Spyware IE Monster nightmare31st October 2009, 2:28 am

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your Desktop.

Re: Spyware IE Monster nightmare31st October 2009, 4:44 pm

Here:

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\fxdpynbu.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\DOCUME~1\Idamar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer .exe
C:\Acer\Empowering Technology\eRecovery\eRAgent .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JuneBee\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft FrameNet 2] c:\fxdpynbu.exe
mRun: [Windows Security Layer] c:\windows\system32\reg32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\JuneBee\applic~1\mozilla\firefox\profiles\5uzncmt6.default\
FF - plugin: c:\documents and settings\JuneBee\application data\mozilla\firefox\profiles\5uzncmt6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000005.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2009-7-5 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2009-7-5 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2009-7-5 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2009-7-5 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2009-7-5 100648]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-6 24064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-10-31 02:11:14 30208 ----a-w- c:\windows\system32\reg32.exe
2009-10-31 02:11:14 30208 ----a-w- c:\windows\system32\reg32 .exe
2009-10-31 02:11:13 30208 ----a-w- C:\fxdpynbu.exe
2009-10-31 01:51:12 80512 ----a-w- c:\windows\system32\drivers\86d462a0.sys
2009-10-31 01:51:08 15872 ----a-w- C:\tbhrnc.exe
2009-10-31 01:51:02 19968 ----a-w- C:\jmmnuwd.exe
2009-10-31 01:33:39 91648 ----a-w- C:\xhcxwtvo.exe
2009-10-31 01:33:39 194289 ----a-w- C:\mimupxdc.exe
2009-10-30 02:15:06 0 d-sha-r- C:\cmdcons
2009-10-30 02:11:25 98816 ----a-w- c:\windows\sed.exe
2009-10-30 02:11:25 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 02:11:25 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 02:11:25 161792 ----a-w- c:\windows\SWREG.exe
2009-10-30 00:48:41 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-30 00:48:41 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-30 00:38:44 53 ----a-w- C:\MsFrameNet2
2009-10-30 00:37:57 100 ----a-w- c:\windows\system32\flags.ini
2009-10-29 01:10:58 34943 ----a-w- c:\windows\system32\uses32.dat
2009-10-28 23:53:52 2272 ----a-w- C:\img_36350013.jpg
2009-10-28 21:22:06 30208 ----a-w- c:\windows\system32\reg32.exe49
2009-10-28 21:22:06 30208 ----a-w- c:\windows\system32\reg32.exe44
2009-10-28 11:37:56 822 ----a-w- c:\windows\system32\wininit.dll
2009-10-27 23:37:48 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 03:44:08 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-27 02:37:45 30208 ----a-w- c:\documents and settings\idamar\alcmtr.exe
2009-10-27 02:37:44 30208 ----a-w- c:\documents and settings\idamar\rthdcpl.exe
2009-10-27 02:37:44 30208 ----a-w- c:\documents and settings\idamar\rthdcpl .exe
2009-10-27 01:39:25 30208 ----a-w- c:\windows\vsnp2uvc.exe
2009-10-27 01:39:25 30208 ----a-w- c:\windows\vsnp2uvc .exe
2009-10-14 02:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-14 02:50:44 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 02:50:44 0 d-----w- c:\docume~1\idamar\applic~1\SUPERAntiSpyware.com
2009-10-14 02:44:49 0 d-----w- c:\docume~1\idamar\applic~1\Malwarebytes
2009-10-14 02:44:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-14 02:09:04 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 01:47:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-14 00:53:37 0 d-sh--w- c:\docume~1\idamar\applic~1\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH
2009-10-11 16:11:08 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

==================== Find3M ====================

2009-10-31 16:30:54 30208 ----a-w- c:\windows\plfsetl.exe
2009-10-31 16:30:43 30208 ----a-w- c:\windows\system32\igfxpers.exe
2009-10-31 16:30:42 30208 ----a-w- c:\windows\system32\hkcmd.exe
2009-10-31 16:30:41 30208 ----a-w- c:\windows\system32\igfxtray.exe
2009-10-31 02:10:50 30208 ----a-w- c:\windows\system32\igfxpers .exe
2009-10-31 01:50:04 30208 ----a-w- c:\windows\plfsetl .exe
2009-10-31 01:49:52 30208 ----a-w- c:\windows\system32\hkcmd .exe
2009-10-30 02:25:13 30208 ----a-w- c:\windows\system32\igfxtray .exe
2009-10-03 02:14:08 44389 ----a-w- c:\windows\fonts\arci.ttf
2009-09-13 23:01:53 111975 ----a-w- c:\windows\hpoins07.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-08-15 17:51:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-03-06 15:53:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030620090307\index.dat

============= FINISH: 12:34:08.65 ===============

Should I delete Catchme in my desktop?

And why I saw spybot in this log when I desintall it?

Thanks again

Re: Spyware IE Monster nightmare31st October 2009, 8:20 pm

No big deal.

I recommend to print these instructions or copy+paste them to Notepad and save to your Desktop. This fix is done in Safe Mode and you cannot access the Internet.

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

Save it to your desktop.
Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked:
- System Memory
- Startup Objects
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then choose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: Spyware IE Monster nightmare1st November 2009, 9:24 am

I think I do something wrong when AVP Kaspery finish I click on delete all ... everything was fine until I restart the computer because now the HPproduct asistance it's trying to download and can't but I think maybe I can fix that with the HP CD, catchme it's still there in my desktop ......

Re: Spyware IE Monster nightmare1st November 2009, 6:24 pm

CatchMe is a tool involved in removing malware. Therefore, it is safe.

Spyware IE Monster nightmare Mbamicontw5

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Spyware IE Monster nightmare

descriptionSpyware IE Monster nightmare29th October 2009, 11:32 pm

descriptionRe: Spyware IE Monster nightmare29th October 2009, 11:41 pm

descriptionRe: Spyware IE Monster nightmare30th October 2009, 12:58 am

descriptionRe: Spyware IE Monster nightmare30th October 2009, 1:53 am

descriptionRe: Spyware IE Monster nightmare30th October 2009, 2:52 am

descriptionRe: Spyware IE Monster nightmare30th October 2009, 3:28 am

descriptionRe: Spyware IE Monster nightmare30th October 2009, 10:22 pm

descriptionRe: Spyware IE Monster nightmare30th October 2009, 10:49 pm

descriptionRe: Spyware IE Monster nightmare30th October 2009, 11:11 pm

descriptionRe: Spyware IE Monster nightmare30th October 2009, 11:20 pm

descriptionRe: Spyware IE Monster nightmare31st October 2009, 1:15 am

descriptionRe: Spyware IE Monster nightmare31st October 2009, 2:21 am

descriptionRe: Spyware IE Monster nightmare31st October 2009, 2:28 am

descriptionRe: Spyware IE Monster nightmare31st October 2009, 4:44 pm

descriptionRe: Spyware IE Monster nightmare31st October 2009, 8:20 pm

descriptionRe: Spyware IE Monster nightmare1st November 2009, 9:24 am

descriptionRe: Spyware IE Monster nightmare1st November 2009, 6:24 pm

descriptionRe: Spyware IE Monster nightmare