Malware Runtime Error

Something is seriously wrong with my computer and now I can't run my Malware. Please help!!! (I am currently on another computer)

EDIT: My super anti spyware is picking up 36 Registry, 3 Memory, and 6 File items. Pretty serious. It has been running for 40 min. now and says it is still running but the file path at the top where it is scanning has not changed for about the past 15 min. I am thinking about just moving on with the removal. Thoughts?

EDIT 2: I tried to continue and it just won't let me. It asks if I want to continue even though the scan is not complete, I click YES and nothing happens.

Last edited by Joey Jiggles on 17th June 2011, 2:19 pm; edited 2 times in total (Reason for editing : Updating my progress on a spyware scan.)

Ok so here is my final update. I restarted my computer and did a quick scan for super anti spyware. Once I hit about 30 items this time I stopped the scan and removed those items. Once I restarted my comp. I still was not able to open malware but I was able to reinstall it and able to run it. My log will be below.

One more thing... 2 screens pop up when I restart my computer:

1) Data Execution Prevention - Microsoft Windows
To help protect your computer, Windows has closed this program.
Name: cftnom
Publisher: DB1FWIrRlx38Sm9Wb
.. then it give me the options to "change Settings" or "close message"

2) RUNDLL
Error loading C:\WINOWS\lthatcE.dll
The specified module could not be found.

Malware Report:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6877

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/17/2011 10:59:13 AM
mbam-log-2011-06-17 (10-59-13).txt

Scan type: Quick scan
Objects scanned: 173881
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 8
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
c:\documents and settings\Debbie\application data\ihkd1.exe (Heuristics.Shuriken) -> 520 -> Unloaded process successfully.
c:\documents and settings\localservice\application data\lssas.exe (Backdoor.Bot) -> 3552 -> Unloaded process successfully.
c:\documents and settings\localservice\application data\conima.exe (Backdoor.Bot) -> 3712 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\lthatcE.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCAL ACCOUNT AUTHORITY SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSTEM UPDATER (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vmavujagedeyoxi (Trojan.Hiloti) -> Value: Vmavujagedeyoxi -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\o7sc (Heuristics.Shuriken) -> Value: o7sc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Account Service (Backdoor.Bot) -> Value: Local Account Service -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Input Manager (Backdoor.Bot) -> Value: Input Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Updater\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\lthatcE.dll (Trojan.Hiloti) -> Delete on reboot.
c:\documents and settings\Debbie\application data\ihkd1.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\conima.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\cleanhdm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\cleanhdm.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\conima.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nwsapagents.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\rewmaoxsnc.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\rwiyw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\nsoemawrxc.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\nxkbs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\vuoqojft.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\657.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\pcxq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\Vpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\Vps.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\Vpu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\Temp\bsdqrd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\application data\dvl.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\application data\mtw.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\application data\njg.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\temporary internet files\Content.IE5\6UQ5PHOY\oobbff[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\local settings\temporary internet files\Content.IE5\O9M34ZGT\xtkkbspt[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Vqugua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\System.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\LINKINFO.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\Debbie\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\Input.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\localaccountauthority.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\cftnom.bat (Trojan.Agent) -> Quarantined and deleted successfully.



Thanks again guys!

BUMP

I have also been trying to run OTL and it won't let me.. here is what it says:

"Exception EOleSysError in module OTL.exe at 000571A5. Class not registered."


Really looking forward to hearing from you guys. I have been really struggling here at work. After finally being able to run Malware.. it is working just enough, but will sometimes freeze on me and I have to reset it manually. PLEASE HELP!!

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Thank you for your response Sneakyone! I am dying over here.

I did everything as you said, BUT combofix is stuck on preparing it's report. The screen has been up for about 45 min. and I am afraid to open another program. I have to soon in order to continue doing work on that computer!

It did however say it found something called a "rootkit"

Looking forward to your response.

EDIT: I also tried running Commy.exe again and it had the same problem. It would not produce a log and would just sit there.

Last edited by Joey Jiggles on 21st June 2011, 5:30 pm; edited 2 times in total (Reason for editing : update)

Hi,

Please run in it Safe Mode.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Log into an account with administrative priviliges.
  

I will do this as soon as I get into work tomorrow morning. I do have to say this, I have tried that before and Safe Mode would not work. A blue screen would come up saying there was something wrong. I am hoping it does. I will be in touch.

Thank you.

SAFE Mode will not WORK!!!

A blue screen comes up saying: "A problem has been detected and Windows has been shut down to prevent damage to your computer."

Then it goes on saying use Virus software etc.

What should we do now!?

EDIT: I did Rkill and this came up:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/22/2011 at 14:18:49.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\Intuit\QUICKB~3\QBDBMgr.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 06/22/2011 at 14:18:53.

Last edited by Joey Jiggles on 22nd June 2011, 6:27 pm; edited 1 time in total (Reason for editing : UPDATE)

Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://www.itxassociates.com/ot-tools/OTL.scr
http://www.itxassociates.com/ot-tools/OTL.com

I tried all download links. OTL will download but will not run. An error message will come up saying this:

"Exception EOleSysError in module OTL.exe at 000571A5. Class not registered."

I will attempt in Safe Mode, but again my Safe Mode does not let me get into Windows at all. That blue screen comes up. I will EDIT this post with an update.

Thank you.

EDIT: Safe mode is still showing that horrible blue screen with the warning about Windows! So I could not obviously run OTL.

EDIT2: Any time I search something in google and try to click on one of the searches it will just re-route me to another website!

EDIT3: IT WORKED!

ComboFix 11-06-22.05 - Debbie 06/23/2011 10:50:30.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1383 [GMT -4:00]
Running from: c:\documents and settings\Debbie\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\commy.exe\023.dat
c:\commy.exe\023v.dat
c:\commy.exe\023w7.dat
c:\commy.exe\30Create2.dat
c:\commy.exe\AllDrivesFolders
c:\commy.exe\AppData.folder.dat
c:\commy.exe\asp.str
c:\commy.exe\Assoc.cmd
c:\commy.exe\ATTRIB.cfxxe
c:\commy.exe\av.cmd
c:\commy.exe\av.vbs
c:\commy.exe\AWF.cmd
c:\commy.exe\BHO.dat
c:\commy.exe\BHOFiles.dat
c:\commy.exe\BHOQuery.dat
c:\commy.exe\BitsPath
c:\commy.exe\BitsStr
c:\commy.exe\Boot-Rk.cmd
c:\commy.exe\Boot.bat
c:\commy.exe\BootDrv.vbs
c:\commy.exe\c.mrk
c:\commy.exe\Cache.folder.dat
c:\commy.exe\Catch-sub.cmd
c:\commy.exe\catch_k.dat
c:\commy.exe\Catchlog
c:\commy.exe\catchme.cfxxe
c:\commy.exe\Catchme.tmp
c:\commy.exe\CCS.bat
c:\commy.exe\CF23260.cfxxe
c:\commy.exe\cfdummy
c:\commy.exe\cfrun
c:\commy.exe\CHCP.bat
c:\commy.exe\ClistB.dat
c:\commy.exe\clsid.dat
c:\commy.exe\ClsidDumped
c:\commy.exe\ClsidFiles
c:\commy.exe\ComboFix-Download.cfxxe
c:\commy.exe\ComboFix.txt
c:\commy.exe\ConEnv.sed
c:\commy.exe\Create.cmd
c:\commy.exe\Create02.dat
c:\commy.exe\Creg.dat
c:\commy.exe\CregB.dat
c:\commy.exe\CregC.cmd
c:\commy.exe\CregC.dat
c:\commy.exe\CSCRIPT.cfxxe
c:\commy.exe\CSet.cmd
c:\commy.exe\d-del4AV.dat
c:\commy.exe\dd.cfxxe
c:\commy.exe\ddsDo.sed
c:\commy.exe\Debbie.user.cf
c:\commy.exe\del00
c:\commy.exe\DelClsid.bat
c:\commy.exe\delclsid00
c:\commy.exe\DisclaimED.dat
c:\commy.exe\dll_whitelist.dat
c:\commy.exe\dnd.dat
c:\commy.exe\dollar_log.dat
c:\commy.exe\DPF.str
c:\commy.exe\Drive.folder.dat
c:\commy.exe\DriveFile.dat
c:\commy.exe\DrivesB.dat
c:\commy.exe\DrvRun.vbs
c:\commy.exe\dumphive.cfxxe
c:\commy.exe\embedded.sed
c:\commy.exe\Env.sed
c:\commy.exe\ERDNT.e_e
c:\commy.exe\ERDNTDOS.LOC
c:\commy.exe\ERDNTWIN.LOC
c:\commy.exe\ErrTrap1
c:\commy.exe\ERUNT.cfxxe
c:\commy.exe\erunt.dat
c:\commy.exe\ERUNT.LOC
c:\commy.exe\Exe.reg
c:\commy.exe\extract.cfxxe
c:\commy.exe\f_system
c:\commy.exe\F3m.mrk
c:\commy.exe\FavFolderD.dat
c:\commy.exe\FD-SV.cmd
c:\commy.exe\FdsvOK
c:\commy.exe\ffdefstr.dll
c:\commy.exe\FileKill.cfxxe
c:\commy.exe\files.pif
c:\commy.exe\Fin.dat
c:\commy.exe\FIND3M.bat
c:\commy.exe\FIXLSP.bat
c:\commy.exe\FKMGen.cmd
c:\commy.exe\ForeignWht
c:\commy.exe\Gateway
c:\commy.exe\GetHive.cmd
c:\commy.exe\grep.cfxxe
c:\commy.exe\gsar.cfxxe
c:\commy.exe\handle.cfxxe
c:\commy.exe\HDCntrl01
c:\commy.exe\HDPEInfo.cfxxe
c:\commy.exe\hidec.cfxxe
c:\commy.exe\history.bat
c:\commy.exe\History.folder.dat
c:\commy.exe\iexplore.exe
c:\commy.exe\image001.gif
c:\commy.exe\Imefile.dat
c:\commy.exe\katch.cmd
c:\commy.exe\katchNT-OS
c:\commy.exe\kmd.dat
c:\commy.exe\L_Beep00
c:\commy.exe\Lang.bat
c:\commy.exe\LatestVer
c:\commy.exe\LegacyFull
c:\commy.exe\LegacyNoSvc
c:\commy.exe\lnkread.vbs
c:\commy.exe\LocalAppData.folder.dat
c:\commy.exe\LocalService.dat
c:\commy.exe\LocalServiceNetworkRestricted.dat
c:\commy.exe\LocalSettings.folder.dat
c:\commy.exe\LocalSystemNetworkRestricted.dat
c:\commy.exe\LSPDone
c:\commy.exe\mbr.cfxxe
c:\commy.exe\mbr.chk
c:\commy.exe\mbr.log
c:\commy.exe\mbr.txt
c:\commy.exe\md5sum.pif
c:\commy.exe\Mirrors
c:\commy.exe\MissingFiles.dat
c:\commy.exe\MoveIt.bat
c:\commy.exe\mtee.cfxxe
c:\commy.exe\MtPt00
c:\commy.exe\Music.folder.dat
c:\commy.exe\MWindows.dat
c:\commy.exe\mynul.dat
c:\commy.exe\N_\12538
c:\commy.exe\N_\13749
c:\commy.exe\N_\13854
c:\commy.exe\N_\15937
c:\commy.exe\N_\20102
c:\commy.exe\N_\20796
c:\commy.exe\N_\21527
c:\commy.exe\N_\23165
c:\commy.exe\N_\23930
c:\commy.exe\N_\27844
c:\commy.exe\N_\29573
c:\commy.exe\N_\4465
c:\commy.exe\N_\548
c:\commy.exe\N_\7002
c:\commy.exe\N_\8908
c:\commy.exe\ncmd.com
c:\commy.exe\ND_.bat
c:\commy.exe\ND_64.bat
c:\commy.exe\ndis_combofix.dat
c:\commy.exe\NetHood.folder.dat
c:\commy.exe\netsvc.bad.dat
c:\commy.exe\netsvc.dat
c:\commy.exe\NetworkService.dat
c:\commy.exe\NirCmd.cfxxe
c:\commy.exe\NircmdB.exe
c:\commy.exe\NirCmdC.cfxxe
c:\commy.exe\NIRKMD.cfxxe
c:\commy.exe\NlsLanguageDefault
c:\commy.exe\notifykeys.dat
c:\commy.exe\notifykeysB.dat
c:\commy.exe\NoX2del
c:\commy.exe\NT-OS.cmd
c:\commy.exe\NULL
c:\commy.exe\OriO4Files.dat
c:\commy.exe\OriO4FilesB.dat
c:\commy.exe\OsId.txt
c:\commy.exe\OSid.vbs
c:\commy.exe\OsVer
c:\commy.exe\patched.af
c:\commy.exe\PathSearch
c:\commy.exe\pausep.cfxxe
c:\commy.exe\pend.txt
c:\commy.exe\pev.cfxxe
c:\commy.exe\pevb.cfxxe
c:\commy.exe\Pictures.folder.dat
c:\commy.exe\PING.cfxxe
c:\commy.exe\Policies.dat
c:\commy.exe\powp.dat
c:\commy.exe\PreDIR
c:\commy.exe\Prep.inf
c:\commy.exe\PrintHood.folder.dat
c:\commy.exe\Profiles.Folder.dat
c:\commy.exe\Profiles.Folder.folder.dat
c:\commy.exe\progfile.dat
c:\commy.exe\Purity.dat
c:\commy.exe\PV.cfxxe
c:\commy.exe\pv.com
c:\commy.exe\rar_sfx.cmd
c:\commy.exe\RCLink.dat
c:\commy.exe\RcRdy
c:\commy.exe\RcRdyList
c:\commy.exe\RcVer00
c:\commy.exe\Recent.folder.dat
c:\commy.exe\REGDACL.sed
c:\commy.exe\RegDo.sed
c:\commy.exe\region.dat
c:\commy.exe\RegRun01
c:\commy.exe\RegScan.cmd
c:\commy.exe\REGT.cfxxe
c:\commy.exe\remdir00
c:\commy.exe\RenVDel.dat
c:\commy.exe\RenVSuspect
c:\commy.exe\Resident.txt
c:\commy.exe\restore_pt.dat
c:\commy.exe\Rkey.cmd
c:\commy.exe\rmbr.cfxxe
c:\commy.exe\rogues.dat
c:\commy.exe\ROUTE.cfxxe
c:\commy.exe\run.sed
c:\commy.exe\run2.sed
c:\commy.exe\Rust.str
c:\commy.exe\s0rt.cfxxe
c:\commy.exe\safeboot.dat
c:\commy.exe\safeboot.def.dat
c:\commy.exe\sed.cfxxe
c:\commy.exe\SendTo.folder.dat
c:\commy.exe\ServiceFiles.dat
c:\commy.exe\SetEnvmt.bat
c:\commy.exe\SetPath.bat
c:\commy.exe\setpath.cfxxe
c:\commy.exe\setpath_N.cmd
c:\commy.exe\SF.exe
c:\commy.exe\sfx.cmd
c:\commy.exe\snapshot.00.dat
c:\commy.exe\SnapShot.cmd
c:\commy.exe\SRestore.cmd
c:\commy.exe\srizbi.md5
c:\commy.exe\Start_dat
c:\commy.exe\StartUp.folder.dat
c:\commy.exe\SuppScan.cmd
c:\commy.exe\Suspect_ntfy.dat
c:\commy.exe\SuspectB_netsvc.dat
c:\commy.exe\suspectSvc.dat
c:\commy.exe\svc_wht.dat
c:\commy.exe\SvcCovered
c:\commy.exe\SvcDiff
c:\commy.exe\SvcDrv.vbs
c:\commy.exe\SvcDump
c:\commy.exe\SvcDumpB
c:\commy.exe\SvcDumpFull
c:\commy.exe\SvcFull
c:\commy.exe\svchost.dat
c:\commy.exe\svchost.vista.x64.dat
c:\commy.exe\svclist.dat
c:\commy.exe\SvcTarget.dat
c:\commy.exe\SvcTempAa
c:\commy.exe\swreg.cfxxe
c:\commy.exe\swsc.cfxxe
c:\commy.exe\swxcacls.cfxxe
c:\commy.exe\SysPath.dat
c:\commy.exe\system_ini.dat
c:\commy.exe\tail.cfxxe
c:\commy.exe\temp00
c:\commy.exe\temp0900
c:\commy.exe\temp4000
c:\commy.exe\toolbar.sed
c:\commy.exe\unhand.dat
c:\commy.exe\Unhandled.dat
c:\commy.exe\Update-CF.cmd
c:\commy.exe\UploadThese
c:\commy.exe\V-FilesB.dat
c:\commy.exe\v-tmp.dat
c:\commy.exe\v_str.dat
c:\commy.exe\v_wht.dat
c:\commy.exe\VerCF.bat
c:\commy.exe\version.txt
c:\commy.exe\VikPev00
c:\commy.exe\Vikpev01
c:\commy.exe\VInfo2
c:\commy.exe\VINFO3
c:\commy.exe\Vipev.dat
c:\commy.exe\vistaMcode.dat
c:\commy.exe\vRun_DLL
c:\commy.exe\vun.dat
c:\commy.exe\w7Mcode.dat
c:\commy.exe\whiteAll.dat
c:\commy.exe\whitedir.dat
c:\commy.exe\whitedirB.dat
c:\commy.exe\whitedirCreated.dat
c:\commy.exe\whitedircreated00.dat
c:\commy.exe\Wmi_rem.vbs
c:\commy.exe\WrgNameDLL
c:\commy.exe\XP.mac
c:\commy.exe\xpmcode.dat
c:\commy.exe\XPSBoot.reg
c:\commy.exe\zDomain.dat
c:\commy.exe\zip.cfxxe
c:\commy.exe\Zlob01
c:\windows\system32\cisvc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_INPUT_MANAGER
-------\Legacy_LOCAL_ACCOUNT_AUTHORITY_SERVICE
-------\Legacy_SYSTEM_UPDATER
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-22 19:55 . 2011-06-22 19:57 656896 ----a-w- c:\program files\MicrosoftFixit50525.msi
2011-06-22 19:14 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-22 13:49 . 2011-06-22 13:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-06-21 16:47 . 2011-06-21 16:48 -------- d-----w- C:\commy
2011-06-20 18:41 . 2011-06-20 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-06-20 14:54 . 2011-06-20 14:54 54016 ----a-w- c:\windows\system32\drivers\woqfh.sys
2011-06-17 17:26 . 2011-06-17 17:26 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-06-17 15:41 . 2011-06-17 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-06-17 15:41 . 2011-06-17 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine
2011-06-17 15:41 . 2011-06-17 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Freecorder
2011-06-17 15:41 . 2011-06-17 15:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-06-17 14:57 . 2011-06-17 14:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-17 14:37 . 2011-06-17 14:37 168 ----a-w- c:\documents and settings\LocalService\Application Data\Itf2chA4.bat
2011-06-17 14:37 . 2011-06-17 14:37 170 ----a-w- c:\documents and settings\LocalService\Application Data\FBN9SYSh.bat
2011-06-17 13:19 . 2011-06-17 13:19 -------- d-----w- c:\documents and settings\Debbie\Application Data\SUPERAntiSpyware.com
2011-06-17 13:18 . 2011-06-17 14:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-17 13:11 . 2011-06-17 13:11 170 ----a-w- c:\documents and settings\LocalService\Application Data\xWvrGMIG.bat
2011-06-17 13:11 . 2011-06-17 13:11 168 ----a-w- c:\documents and settings\LocalService\Application Data\pHXQREYr.bat
2011-06-17 13:08 . 2011-06-17 13:08 -------- d-----w- C:\found.000
2011-06-16 20:50 . 2011-06-17 16:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-06-16 20:45 . 2011-06-16 20:45 0 ----a-w- c:\windows\Qfuheqetalajoqi.bin
2011-06-16 20:23 . 2011-06-16 20:23 144 ----a-w- c:\documents and settings\Debbie\Application Data\um0tnw4sr.bat
2011-06-16 20:22 . 2011-06-16 20:22 180224 --sha-r- c:\windows\system32\usrvoica9.dll
2011-06-14 18:30 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 18:30 . 2011-04-29 19:07 852480 ------w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-04-11 18:22 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-11 18:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2005-08-16 08:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2005-08-16 08:18 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 14:47 . 2005-08-16 08:18 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2005-08-16 08:18 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2005-08-16 08:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 12:56 . 2005-08-16 08:18 369664 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2005-08-16 08:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 17:13 . 2011-04-20 17:13 4236872 ----a-w- c:\program files\veetle-0.9.18.exe
2011-04-19 16:11 . 2011-04-19 16:09 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe
2011-04-13 14:38 . 2010-11-20 23:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-11 18:20 . 2011-04-11 18:19 7734208 ----a-w- c:\program files\mbam-setup-1.50.1.1100.exe
2011-04-08 14:07 . 2011-04-08 14:07 3584 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2011-02-17 16:29 . 2011-02-17 16:29 4727808 ----a-w- c:\program files\Works632_en-US.msi
2011-02-07 15:44 . 2011-02-07 15:44 2933084 ----a-w- c:\program files\AdolixSplitMergePDFSetup.exe
2011-02-04 16:52 . 2011-02-04 16:52 113284440 ----a-w- c:\program files\601_b021_multilanguage.exe
2010-12-17 16:26 . 2010-12-17 16:26 58794264 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-12-14 19:39 . 2010-12-14 19:39 6875336 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE
2010-12-14 19:28 . 2010-12-14 19:28 395640 ----a-w- c:\program files\utorrent.exe
2010-12-14 19:05 . 2010-12-14 19:04 2652884 ----a-w- c:\program files\ac3filter_1_62b.exe
2010-12-14 18:51 . 2010-12-14 18:51 903520 ----a-w- c:\program files\DivXInstaller.exe
2010-12-13 21:04 . 2010-12-13 21:00 652794 ----a-w- c:\program files\XviD-1.2.2-07062009.exe
2010-10-18 13:52 . 2010-10-18 13:52 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-10-18 13:43 . 2010-10-18 13:43 5053024 ----a-w- c:\program files\jZipV1.exe
2010-10-18 13:41 . 2010-06-30 15:41 16262472 ----a-w- c:\program files\winzip145.exe
2010-10-15 18:40 . 2010-02-17 20:17 10840577 ----a-w- c:\program files\iVolume3Win.exe
2010-09-25 20:27 . 2010-09-25 20:26 2022008 ----a-w- c:\program files\tinyzip.exe
2010-07-08 19:40 . 2010-07-08 19:40 3249480 ----a-w- c:\program files\UnityWebPlayer.exe
2010-06-16 20:32 . 2010-06-16 20:32 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-06-11 15:31 . 2010-06-11 15:31 7302104 ----a-w- c:\program files\Install_AIM.exe
2010-05-21 18:46 . 2010-05-21 18:40 60348824 ----a-w- c:\program files\MFPS_Setup.EXE
2010-05-21 18:30 . 2010-05-21 18:23 62869323 ----a-w- c:\program files\FPVUpdater.EXE
2010-04-22 13:04 . 2010-04-21 18:06 121864 ----a-w- c:\program files\g2m_download.exe
2010-03-05 13:27 . 2010-03-05 13:27 569520 ----a-w- c:\program files\GoogleEarthPluginSetup.exe
2010-01-13 14:42 . 2010-01-13 14:42 15639552 ----a-w- c:\program files\DwfViewerSetup.msi
2009-12-08 16:53 . 2009-12-08 16:53 714528 ----a-w- c:\program files\xpiinstall.exe
2009-08-21 19:48 . 2009-08-21 19:08 77976864 ----a-w- c:\program files\iTunesSetup.exe
2009-08-13 17:20 . 2009-08-13 17:20 16070968 ----a-w- c:\program files\gimp-2.6.6-i686-setup.exe
2009-08-05 14:11 . 2009-08-05 14:11 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe
2009-07-09 14:47 . 2009-07-09 14:47 6224944 ----a-w- c:\program files\pkr80018en.EXE
2009-06-10 13:56 . 2009-06-10 13:56 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-05-21 18:46 . 2009-05-21 18:46 13714760 ----a-w- c:\program files\winzip121.exe
2009-04-29 17:35 . 2009-04-29 17:34 43083040 ----a-w- c:\program files\AdbeRdr910_en_US_Std.exe
2009-04-03 16:19 . 2009-04-03 16:16 559184 ----a-w- c:\program files\Setup_QuickBooksPremier2009.exe
2011-04-07 17:02 . 2011-04-07 17:02 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-05-11 15:28 . 2011-05-11 15:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-22_15.34.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-31 12:17 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\cisvc.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-06-22 19:13 . 2011-06-22 19:13 228352 c:\windows\Installer\42577c.msi
+ 2011-06-23 14:12 . 2011-06-23 14:12 620032 c:\windows\Installer\1d6eae.msi
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "c:\program files\My.Freeze.com Toolbar\freeze_us.dll" [BU]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-17 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launch2020.lnk - c:\program files\Launch2020\Launch2020.exe [2011-4-13 491520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk
backup=c:\windows\pss\20-20 Shortcut Bar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager]
2007-06-14 20:48 1282048 ----a-w- c:\windows\system32\wltray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 18:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-16 06:42 136176 ----atw- c:\documents and settings\Debbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1170340513\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-24 05:08 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-20 04:10 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 11:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-12-22 13:47 1092872 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-02-13 06:32 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 12:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2005-11-30 00:19 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 14:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 21:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-20 12:38 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-30 19:39 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"WANMiniportService"=2 (0x2)
"RoxLiveShare9"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"HP Status Server"=3 (0x3)
"gupdate"=2 (0x2)
"ELService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170340513\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Debbie\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32338:TCP"= 32338:TCP:@xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:27 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 9:27 AM 135664]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Debbie\LOCALS~1\Temp\00001389.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Debbie\LOCALS~1\Temp\00001389.nmc\nse\bin\ndiskio.sys [?]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [3/2/2009 4:18 PM 198144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lcnayjjn
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:27]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 13:27]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091619023-2511848912-4128872900-1006Core.job
- c:\documents and settings\Debbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-22 06:42]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4091619023-2511848912-4128872900-1006UA.job
- c:\documents and settings\Debbie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-22 06:42]
.
2011-06-23 c:\windows\Tasks\InSite_C 1163190862.job
- c:\program files\Intuit\QuickBooks Premier\autobackupexe.exe [2009-09-17 02:16]
.
2011-06-01 c:\windows\Tasks\Monthly.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2011-06-15 c:\windows\Tasks\Rotation 1.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2011-06-23 c:\windows\Tasks\Rotation 2.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
2011-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]
.
2011-06-12 c:\windows\Tasks\Weekly.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = Aol.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\2jrzubqj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - aol.com
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM_ActiveSetup-{F07C7882-9D81-4BA5-8B3D-A58E4A685876} - c:\documents and settings\Debbie\Application Data\Sun\hihvektf.dll
AddRemove-FreeFileViewer_is1 - c:\program files\FreeFileViewer\unins000.exe
AddRemove-Living 3D Dolphins Screen Saver - c:\progra~1\Freeze.com\Living 3D Dolphins\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-23 11:09:35
ComboFix-quarantined-files.txt 2011-06-23 15:09
.
Pre-Run: 233,867,571,200 bytes free
Post-Run: 233,823,219,712 bytes free
.
- - End Of File - - 1BF59FDE584B93237564BF0AB582EBA4


Last edited by Joey Jiggles on 23rd June 2011, 3:10 pm; edited 3 times in total (Reason for editing : UPDATE / COMBO LOG!!!!)

Hi,

I see a few things. I want to check for something first though.

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

Hey Sneakyone,

I had to go get some help outside of you guys because I needed it right now since it was my work computer. I appreciate your help greatly!

Thanks again.

You're welcome, I'm glad to help. I know the problem and I can fix them if you were to stick with GP.