Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

HELP! Problems getting any virus/trojan/spyware to download and run

This is a discussion on HELP! Problems getting any virus/trojan/spyware to download and run within the Resolved HJT Threads forums, part of the Tech Support Forum category. It ran perfectly and allowed me to update finally. When removing the extra *.exe files such as RootRepeal, can I


 
 
Thread Tools Search this Thread
Old 01-16-2010, 08:23 PM   #21
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



It ran perfectly and allowed me to update finally. When removing the extra *.exe files such as RootRepeal, can I just right click on it on the desktop and delete since I can't find those files under Add/Remove Programs? And, also, what virus/trojan/spyware/adware programs do you suggest that I keep/download?

Here is the Malware file:

Malwarebytes' Anti-Malware 1.44
Database version: 3580
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/16/2010 11:15:14 PM
mbam-log-2010-01-16 (23-15-14).txt

Scan type: Quick Scan
Objects scanned: 114762
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\EvenMoreMegaSwellAdsForYou.DLL (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\FFToolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\FFToolbar\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\anlqrvl.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\vgvluqbu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\vsoq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\2154df11395ea0249c4c54961007ff8a.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\4b6752554c03dd13115a0078de71aa4d.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\loading_bg.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Cache\loading_logo.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\FFToolbar\chrome\DesktopSmileyToolbar.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.4.0.6370\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

__________________
Kmccappin is offline  
Old 01-16-2010, 09:03 PM   #22
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Quote:
When removing the extra *.exe files such as RootRepeal, can I just right click on it on the desktop and delete
Yes, that should be fine.

I like mbam. We know the authors and staff, they are responsive to the needs of the community. We'll still have a bit of work to do, and I'll have more info along those lines before we are done.

I'd like to see another log.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-16-2010, 09:07 PM   #23
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



1500
1500_Help
1500Trb
AC3Filter (remove only)
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AiO_Scan
AiOSoftware
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aspi
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Gigabit Integrated Controller
BufferChm
C-Major Audio
CardBus
CCHelp
CCleaner (remove only)
CCScore
Conexant D480 MDC V.92 Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CR2
CustomerResearchQFolder
Dell Driver Download Manager
Dell Driver Reset Tool
Dell ResourceCD
Dell Wireless WLAN Card
Destinations
DeviceManagementQFolder
DivX Web Player
DocProc
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Driver Diagnostics
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
iTunes
Java(TM) 6 Update 16
Kodak EasyShare software
KSU
LimeWire 5.3.6
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NewCopy
Notifier
NVIDIA Drivers
OTtBP
PCDLNCH
PCI 7510 CardBus Controller with SmartCard and Software
PowerDVD
ProductContext
QuickTime
RCA Detective™ 2.0.0.99
Readme
Rosetta Stone Version 3
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB954155)
SFR
SFR2
SolutionCenter
Sophos Anti-Rootkit 1.5.0
Status
SUPERAntiSpyware Free Edition
TaxACT 2008
TaxACT 2008 Indiana
TaxACT 2008 Ohio
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
ZipItFree 1.95
__________________
Kmccappin is offline  
Old 01-16-2010, 09:30 PM   #24
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



As mentioned in our preposting topic:

http://www.techsupportforum.com/f50/...lp-305963.html

Quote:
3. Uninstall the following via Add or Remove Programs in Control Panel:

  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( LimeWire 5.3.6 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/f50/...ng-305923.html

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Your Java is out of date.

Java(TM) 6 Update 16 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

After the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants. This scan can take quite a while, but is very thorough.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on Settings. Uncheck Mail databases.
  • Next, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 05:19 AM   #25
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 06:03:39
Records in database: 3322471
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 71575
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:22:26


File name / Threat / Threats count
C:\Documents and Settings\James-Dell8600\Application Data\Sun\Java\Deployment\cache\6.0\4\74fa5944-15157d74 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\efbcmkj.exe Infected: Packed.Win32.Krap.ad 1
C:\Qoobox\Quarantine\C\Documents and Settings\James-Dell8600\Application Data\lizkavd.exe.vir Infected: Packed.Win32.Krap.ad 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1
C:\Qoobox\Quarantine\[4]-Submit_2010-01-16_20.43.34.zip Infected: Net-Worm.Win32.Kido.ih 1

Selected area has been scanned.
__________________
Kmccappin is offline  
Old 01-17-2010, 09:10 AM   #26
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Hi -

Did Java's cache get cleared after the new installation, and before the Kaspersky scan?

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/449522-help-problems-getting-any-virus-trojan-spyware-download-run.html#post2545906
    File::
    C:\Documents and Settings\James-Dell8600\Application Data\Sun\Java\Deployment\cache\6.0\4\74fa5944-15157d74
    Collect::
    C:\efbcmkj.exe



    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.

    Please let me know if the file was successfully submitted . Thanks.

    ------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

how is the machine behaving?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 09:57 AM   #27
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



Yes, I had followed the steps concerning Java updates and deleting the cache. And yes, Combofix reported that the report was successfully submitted.

ComboFix 10-01-16.02 - James-Dell8600 01/17/2010 12:44:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.781 [GMT -5:00]
Running from: c:\documents and settings\James-Dell8600\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James-Dell8600\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\James-Dell8600\Application Data\Sun\Java\Deployment\cache\6.0\4\74fa5944-15157d74"

file zipped: C:\efbcmkj.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James-Dell8600\Application Data\Sun\Java\Deployment\cache\6.0\4\74fa5944-15157d74
C:\efbcmkj.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 05:51 . 2010-01-17 05:51 152576 ----a-w- c:\documents and settings\James-Dell8600\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-17 05:50 . 2010-01-17 05:50 79488 ----a-w- c:\documents and settings\James-Dell8600\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-17 04:08 . 2010-01-17 04:08 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 01:56 . 2010-01-10 01:56 -------- d-----w- c:\program files\AC3Filter
2010-01-08 05:11 . 2010-01-08 05:12 34816 ----a-w- c:\windows\system32\drivers\firefox-rore2.com.sys
2010-01-08 04:51 . 2010-01-08 04:51 -------- d-----w- c:\program files\Firefox-g
2010-01-08 02:55 . 2010-01-08 02:55 -------- d-----w- c:\program files\Trend Micro
2010-01-08 02:52 . 2010-01-08 02:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-08 02:52 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 07:03 . 2010-01-06 07:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-06 07:03 . 2010-01-06 07:04 -------- d-----w- c:\documents and settings\Administrator
2010-01-06 06:48 . 2010-01-06 06:48 117760 ----a-w- c:\documents and settings\James-Dell8600\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-06 06:48 . 2010-01-06 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-06 06:47 . 2010-01-08 01:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-06 06:47 . 2010-01-06 06:47 -------- d-----w- c:\documents and settings\James-Dell8600\Application Data\SUPERAntiSpyware.com
2010-01-06 04:24 . 2010-01-06 04:24 -------- d-----w- C:\rsit
2009-12-27 01:04 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-27 01:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-27 01:03 . 2009-12-27 01:03 -------- d-----w- c:\program files\iPod
2009-12-27 01:02 . 2009-12-27 01:02 -------- d-----w- c:\program files\Bonjour
2009-12-26 19:26 . 2009-12-26 19:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-25 02:55 . 2009-12-27 01:04 -------- d-----w- c:\program files\iTunes
2009-12-25 02:55 . 2009-12-25 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 02:54 . 2009-12-25 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-25 02:52 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-25 02:52 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-25 02:52 . 2009-12-27 01:03 -------- d-----w- c:\program files\Common Files\Apple
2009-12-24 09:26 . 2010-01-17 01:11 -------- d--h--w- c:\windows\PIF
2009-12-23 01:05 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\James-Dell8600\Application Data\U3\temp\cleanup.exe
2009-12-22 22:54 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\James-Dell8600\Application Data\U3\temp\Launchpad Removal.exe
2009-12-22 22:54 . 2009-12-23 01:05 -------- d-----w- c:\documents and settings\James-Dell8600\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 05:52 . 2008-10-22 03:01 -------- d-----w- c:\program files\Java
2010-01-17 04:08 . 2010-01-08 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 17:59 . 2008-10-09 05:19 47088 ----a-w- c:\windows\system32\nvModes.dat
2010-01-08 02:16 . 2010-01-08 02:16 -------- d-----w- c:\program files\Sophos
2010-01-08 01:29 . 2010-01-08 01:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-07 21:07 . 2010-01-08 02:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 15:28 . 2009-02-15 23:47 -------- d-----w- c:\documents and settings\James-Dell8600\Application Data\LimeWire
2010-01-06 16:55 . 2009-02-15 23:46 -------- d-----w- c:\program files\LimeWire
2010-01-06 07:05 . 2010-01-06 07:05 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-06 07:04 . 2010-01-06 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-12-31 04:31 . 2009-02-28 04:52 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-26 19:27 . 2009-04-03 02:09 -------- d-----w- c:\program files\DivX
2009-12-26 15:42 . 2009-04-03 21:29 -------- d-----w- c:\program files\Graboid
2009-12-25 03:05 . 2009-04-29 23:58 -------- d-----w- c:\documents and settings\James-Dell8600\Application Data\Apple Computer
2009-12-25 02:54 . 2009-04-04 23:13 -------- d-----w- c:\program files\QuickTime
2009-12-25 02:53 . 2009-04-04 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-17 05:14 . 2009-02-07 17:42 -------- d-----w- c:\documents and settings\James-Dell8600\Application Data\Move Networks
2009-12-07 22:41 . 2005-07-04 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-17_01.13.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-17 17:42 . 2010-01-17 17:42 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2006-02-28 12:00 . 2010-01-17 17:47 71462 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2010-01-17 01:04 71462 c:\windows\system32\perfc009.dat
- 2009-10-14 23:43 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\spcustom.dll
- 2009-10-14 23:43 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\spmsg.dll
- 2009-10-14 23:35 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\spcustom.dll
- 2009-10-14 23:35 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\spmsg.dll
- 2009-10-14 23:43 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\spcustom.dll
- 2009-10-14 23:43 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spmsg.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\spcustom.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spmsg.dll
- 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\sp3qfe\msasn1.dll
- 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\sp3gdr\msasn1.dll
- 2009-10-14 23:30 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\spcustom.dll
- 2009-10-14 23:30 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\spmsg.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\spcustom.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spmsg.dll
- 2009-10-14 23:29 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\spcustom.dll
- 2009-10-14 23:29 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\spmsg.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\spcustom.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spmsg.dll
- 2009-10-15 18:31 . 2008-07-09 07:38 26488 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\spcustom.dll
- 2009-10-15 18:31 . 2008-07-09 07:38 26488 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\spupdsvc.exe
- 2009-10-15 18:31 . 2008-07-09 07:38 17272 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\spmsg.dll
- 2009-10-15 18:31 . 2009-02-06 10:36 35328 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\sc.exe
- 2009-10-15 18:31 . 2009-02-06 10:39 35328 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\sc.exe
- 2009-10-15 18:31 . 2009-02-06 09:54 35328 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\sc.exe
- 2009-10-15 18:31 . 2005-07-26 04:20 60416 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\colbact.dll
- 2009-10-15 18:31 . 2009-02-06 16:54 35328 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\sc.exe
- 2009-10-15 18:31 . 2005-07-26 04:39 60416 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\colbact.dll
- 2006-02-28 12:00 . 2010-01-17 01:04 441692 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-01-17 17:47 441692 c:\windows\system32\perfh009.dat
+ 2010-01-17 05:52 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe
- 2009-10-18 00:42 . 2009-10-18 00:42 149280 c:\windows\system32\javaws.exe
+ 2010-01-17 05:52 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
- 2009-10-18 00:42 . 2009-10-18 00:42 145184 c:\windows\system32\javaw.exe
+ 2010-01-17 05:52 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
- 2009-10-18 00:42 . 2009-10-18 00:42 145184 c:\windows\system32\java.exe
+ 2008-11-22 22:01 . 2009-10-11 09:17 411368 c:\windows\system32\deploytk.dll
- 2008-11-22 22:01 . 2009-10-18 00:42 411368 c:\windows\system32\deploytk.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\updspapi.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe
- 2009-10-14 23:43 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\spuninst.exe
- 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp3qfe\msv1_0.dll
- 2009-09-11 14:18 . 2009-09-11 14:18 136192 c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp3gdr\msv1_0.dll
- 2009-10-14 23:35 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\updspapi.dll
- 2009-10-14 23:35 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe
- 2009-10-14 23:35 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\spuninst.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\updspapi.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe
- 2009-10-14 23:43 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spuninst.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\updspapi.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spuninst.exe
- 2009-10-14 23:30 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\updspapi.dll
- 2009-10-14 23:30 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe
- 2009-10-14 23:30 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\spuninst.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\updspapi.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spuninst.exe
- 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\sp3qfe\strmdll.dll
- 2009-08-26 08:00 . 2009-08-26 08:00 247326 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\sp3gdr\strmdll.dll
- 2009-10-14 23:29 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\updspapi.dll
- 2009-10-14 23:29 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe
- 2009-10-14 23:29 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\spuninst.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\updspapi.dll
- 2009-10-14 23:43 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe
- 2009-10-14 23:43 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spuninst.exe
- 2009-10-15 18:31 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\updspapi.dll
- 2009-10-15 18:31 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe
- 2009-10-15 18:31 . 2008-07-09 07:38 231288 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\spuninst.exe
- 2009-10-15 18:31 . 2009-02-06 10:15 227840 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe
- 2009-10-15 18:31 . 2009-02-09 10:56 453120 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvsd.dll
- 2009-10-15 18:31 . 2009-02-06 11:06 110592 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
- 2009-10-15 18:31 . 2009-02-09 10:56 401408 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
- 2009-10-15 18:31 . 2009-03-06 13:49 284160 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\pdh.dll
- 2009-10-15 18:31 . 2009-02-09 10:56 715264 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntdll.dll
- 2009-10-15 18:31 . 2009-02-09 10:56 729088 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\lsasrv.dll
- 2009-10-15 18:31 . 2009-02-09 10:56 473600 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\fastprox.dll
- 2009-02-10 23:26 . 2009-02-10 23:26 617472 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\advapi32.dll
- 2009-10-15 18:31 . 2009-02-06 10:10 227840 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe
- 2009-10-15 18:31 . 2009-02-09 12:10 453120 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvsd.dll
- 2009-10-15 18:31 . 2009-02-06 11:11 110592 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
- 2009-10-15 18:31 . 2009-02-09 12:10 401408 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
- 2009-10-15 18:31 . 2009-03-06 14:22 284160 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\pdh.dll
- 2009-10-15 18:31 . 2009-02-09 12:10 714752 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntdll.dll
- 2009-10-15 18:31 . 2009-02-09 12:10 729088 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\lsasrv.dll
- 2009-10-15 18:31 . 2009-02-09 12:10 473600 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\fastprox.dll
- 2009-10-15 18:31 . 2009-02-09 12:10 617472 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\advapi32.dll
- 2009-10-15 18:31 . 2009-02-06 09:41 227840 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe
- 2009-02-10 22:31 . 2009-02-10 22:31 453120 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvsd.dll
- 2009-10-15 18:31 . 2009-02-06 10:22 110592 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
- 2009-10-15 18:31 . 2009-02-09 10:01 401408 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
- 2009-10-15 18:31 . 2009-03-06 14:00 284160 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\pdh.dll
- 2009-10-15 18:31 . 2009-02-09 10:01 715264 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntdll.dll
- 2009-10-15 18:31 . 2009-02-09 10:01 728576 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\lsasrv.dll
- 2009-10-15 18:31 . 2009-02-09 10:01 473088 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\fastprox.dll
- 2009-10-15 18:31 . 2009-02-09 10:01 617984 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\advapi32.dll
- 2009-10-15 18:31 . 2009-02-06 16:39 227840 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe
- 2009-10-15 18:31 . 2009-02-09 10:20 453120 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvsd.dll
- 2009-10-15 18:31 . 2009-02-06 17:14 110592 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
- 2009-10-15 18:31 . 2009-02-09 10:20 399360 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
- 2009-10-15 18:31 . 2009-03-06 14:44 283648 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\pdh.dll
- 2009-10-15 18:31 . 2009-02-09 10:20 714752 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntdll.dll
- 2009-10-15 18:31 . 2009-02-09 10:20 723456 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\lsasrv.dll
- 2009-10-15 18:31 . 2009-02-09 10:20 473088 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\fastprox.dll
- 2009-10-15 18:31 . 2009-02-09 10:20 616960 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\advapi32.dll
- 2009-10-14 23:35 . 2009-08-13 13:55 1748992 c:\windows\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\SP3QFE\asms\10\msft\windows\gdiplus\gdiplus.dll
- 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\sp3qfe\query.dll
- 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\sp3gdr\query.dll
- 2009-10-14 23:30 . 2009-08-04 13:56 2189312 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe
- 2009-10-14 23:30 . 2009-08-04 13:17 2023936 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrpamp.exe
- 2009-08-04 22:47 . 2009-08-04 22:47 2066176 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrnlpa.exe
- 2009-10-14 23:30 . 2009-08-04 13:54 2145280 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrnlmp.exe
- 2009-08-05 00:44 . 2009-08-05 00:44 2189184 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe
- 2009-10-14 23:30 . 2009-08-04 14:20 2023936 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrpamp.exe
- 2009-10-14 23:29 . 2009-08-04 14:20 2066048 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrnlpa.exe
- 2009-10-14 23:30 . 2009-08-04 15:13 2145280 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrnlmp.exe
- 2009-10-14 23:30 . 2009-08-04 12:51 2185984 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe
- 2009-10-14 23:30 . 2009-08-04 12:02 2020864 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrpamp.exe
- 2009-10-14 23:29 . 2009-08-04 12:02 2062976 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrnlpa.exe
- 2009-10-14 23:30 . 2009-08-04 12:49 2142720 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrnlmp.exe
- 2009-10-14 23:30 . 2009-08-04 14:00 2180352 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe
- 2009-10-14 23:30 . 2009-08-04 13:13 2015744 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrpamp.exe
- 2009-10-14 23:29 . 2009-08-04 13:13 2057728 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrnlpa.exe
- 2009-10-14 23:30 . 2009-08-04 13:58 2136064 c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrnlmp.exe
- 2009-02-07 23:35 . 2009-02-07 23:35 2189184 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
- 2009-10-15 18:31 . 2009-02-06 10:30 2023936 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrpamp.exe
- 2009-10-15 18:31 . 2009-02-06 10:30 2066176 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
- 2009-10-15 18:31 . 2009-02-06 11:03 2145280 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlmp.exe
- 2009-10-15 18:31 . 2009-02-06 11:08 2189056 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
- 2009-10-15 18:31 . 2009-02-06 10:32 2023936 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrpamp.exe
- 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
- 2009-10-15 18:31 . 2009-02-06 11:06 2145280 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlmp.exe
- 2009-10-15 18:31 . 2009-02-06 10:32 2186112 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
- 2009-10-15 18:31 . 2009-02-06 09:49 2020864 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrpamp.exe
- 2009-10-15 18:31 . 2009-02-06 09:49 2062976 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
- 2009-10-15 18:31 . 2009-02-06 10:29 2142720 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlmp.exe
- 2009-10-15 18:31 . 2009-02-06 17:24 2180480 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
- 2009-10-15 18:31 . 2009-02-06 16:49 2015744 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrpamp.exe
- 2009-10-15 18:31 . 2009-02-06 16:49 2057728 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
- 2009-10-15 18:31 . 2009-02-06 17:22 2136064 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 7118848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\firefox-rore.com.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\firefox-rore2.com.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-07 00:52 7118848 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-07-07 00:52 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 00:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/27/2009 11:52 PM 722416]
S3 firefox-rore.com;firefox-rore.com;\??\c:\windows\system32\drivers\firefox-rore.com.sys --> c:\windows\system32\drivers\firefox-rore.com.sys [?]
S3 firefox-rore2.com;firefox-rore2.com;c:\windows\system32\drivers\firefox-rore2.com.sys [1/8/2010 12:11 AM 34816]
S3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [10/23/2003 5:04 PM 76160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{2BF28BC1-463F-4864-B919-8C2EC24C84BE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: cbs.com\www
Trusted Zone: go.com\abc
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-01-17 12:53:57
ComboFix-quarantined-files.txt 2010-01-17 17:53
ComboFix2.txt 2010-01-17 02:01
ComboFix3.txt 2010-01-17 01:19

Pre-Run: 20,678,623,232 bytes free
Post-Run: 20,733,558,784 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D14974A2CB3EBE1ED0531DCDFCAA76DC
Upload was successful
__________________
Kmccappin is offline  
Old 01-17-2010, 10:14 AM   #28
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Great. We should be just about done. I forgot I'd wanted to delete those renamed RootRepeal drivers. No sense in leaving them behind, nor running ComboFix just for that. Here are the steps...


Go to Start>Run then copy and paste, or type the following, then press Enter:

sc stop firefox-rore.com

A window will open and close quickly; this is normal

Go to Start>Run then copy and paste, or type the following, then press Enter:

sc delete firefox-rore.com

A window will open and close quickly; this is normal

---------------------------------------------------------------------------------------------

Go to Start>Run then copy and paste, or type the following, then press Enter:

sc stop firefox-rore2.com

A window will open and close quickly; this is normal

Go to Start>Run then copy and paste, or type the following, then press Enter:

sc delete firefox-rore2.com

A window will open and close quickly; this is normal

---------------------------------------------------------------------------------------------

Using Windows Explorer, or Windows Search, locate and delete this file (a reboot after the previous steps may be required to allow the deletion):

c:\windows\system32\drivers\firefox-rore2.com.sys


Let me know how that goes...
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 10:27 AM   #29
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



Done, Done and Done.
__________________
Kmccappin is offline  
Old 01-17-2010, 10:28 AM   #30
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Great.

The other items Kaspersky found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below.

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.


Disconnect from the internet and disable your AntiVirus temporarily.

Go to -> Run -> copy/paste in the following single line command & click OK

ComboFix /Uninstall
This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 12:34 PM   #31
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



Sorry for the delayed reply but I am hung up on WOT. It is giving me the message:

"Sorry, we are unable to load the settings page.

If you just installed the add-on, the installation might have failed or the add-on isn't enabled."

I have checked that the add-on is indeed enabled. I have followed all of their suggestions and still can't get to the settings page. Is there something that I am missing? Oh, and I have also tried uninstalling it and reinstalling it after all the recommended changes in Internet Options have been completed.
__________________
Kmccappin is offline  
Old 01-17-2010, 12:36 PM   #32
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



It might be best to ask in their support forum. For now, you may want to simply uninstall it.

http://www.mywot.com/en/forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 04:46 PM   #33
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



Well, I finally got WOT to run (the directions should include that you need to restart) and I have downloaded all of your recommended software. Is it ok that I am running Avast with MBAM?

Thank you so much for being patient with me through all of this!!! My laptop is working GREAT!!!!
__________________
Kmccappin is offline  
Old 01-17-2010, 05:45 PM   #34
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Thanks for the info about WOT.

Quote:
Is it ok that I am running Avast with MBAM?
Absolutely. MBAM's free version is an on-demand scanner. It will be good to keep, update once a week or so, and run a new quick scan after updating.

I'm glad to hear the machine is running well again, and happy to have helped.

If all is well, I'll move this thread to our Resolved topics section.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 01-17-2010, 06:39 PM   #35
Registered Member
 
Join Date: Nov 2004
Posts: 30
OS: XP



Yep, all is well! Thanks again!
__________________
Kmccappin is offline  
Old 01-17-2010, 06:47 PM   #36
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 49,930
OS: XP Pro; XP Home; Win7 x86 & x64



Cheers! You're welcome.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:32 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts