Villianci

Members
  • Content count

    25
  • Joined

  • Last visited

About Villianci

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Thanks a lot Maniac. For your patience and effort.
  2. After running fix.bat, I was able to manually delete the 2 files. After that, did a scan with Eset online scanner and nothing was found.
  3. Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com Restoring boot code at \\.\PhysicalDrive0... OK Press any key to quit...
  4. I have partitions on my harddisk btw.
  5. Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: 3052b732c75e3784ad1b1f06d0fcf12f \\.\D: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Press any key to quit...
  6. Just restart my Laptop, the 2 files reappeared. Based on your knowledge, can this be effective? http://forums.majorgeeks.com/showthread.php?t=217807
  7. C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files To note: the 2 exe files are from Black Internet Inc. Is there anything I can do to tackle it from MBR?
  8. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\System Volume Information\Microsoft\services.exe" deleted successfully. File "C:\System Volume Information\Microsoft\smss.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:09:45, on 03-Jul-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\System Volume Information\Microsoft\services.exe C:\WINDOWS\system32\spoolsv.exe C:\System Volume Information\Microsoft\smss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Windows\system32\TpShocks.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\San\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://web.lead.com.sg/SchoolDNA/Common/saxfile.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX
  9. C:\Documents and Settings\San\desktop\UBCD4WinV350.exe multiple threats deleted - quarantined C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\Cache\1EF26877d01 a variant of Win32/Kryptik.YI trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\services.exe.vir Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\smss.exe.vir Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\_services_.exe.zip Win32/TrojanDownloader.Unruy.BT trojan deleted - quarantined C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\_smss_.exe.zip Win32/TrojanDownloader.Unruy.BT trojan deleted - quarantined C:\System Volume Information\Microsoft\services.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application deleted - quarantined C:\UBCD4Win\plugin\Network\CrossLoop\files\winvnc.exe Win32/RemoteAdmin.WinVNC application cleaned by deleting - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files
  10. ComboFix 10-07-01.02 - San 02-Jul-10 23:12:07.7.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.669 [GMT 8:00] Running from: c:\documents and settings\San\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\San\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 ))))))))))))))))))))))))))))))) . 2010-07-02 07:00 . 2010-07-02 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-07-01 09:33 . 2010-07-01 09:33 -------- d-----w- c:\program files\Compaq 2010-07-01 09:18 . 2010-07-01 09:18 -------- d-----w- C:\DriveKey 2010-07-01 06:52 . 2010-07-01 08:28 -------- d-----w- C:\UBCD4Win 2010-06-19 21:15 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:15 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:09 . 2010-06-30 07:58 -------- d-----w- c:\documents and settings\San\Application Data\QuickScan 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\documents and settings\San\Application Data\StreamTorrent 2010-06-18 09:06 . 2010-06-18 09:06 -------- d-----w- c:\program files\AVG 2010-06-18 09:05 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-18 08:24 . 2010-06-18 08:24 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 08:23 . 2010-06-18 08:23 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14 . 2010-06-18 08:22 -------- d-----w- c:\documents and settings\San\.SunDownloadManager 2010-06-18 07:59 . 2010-06-18 07:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-06-18 06:10 . 2010-06-18 06:10 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48 . 2010-06-17 16:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\program files\Lavasoft 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-17 09:23 . 2010-06-17 09:23 -------- d-----w- c:\program files\Sophos 2010-06-17 05:46 . 2010-06-17 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2010-06-17 04:20 . 2010-06-17 04:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-16 19:30 . 2010-07-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-16 19:30 . 2010-06-17 03:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-06-10 06:46 . 2010-06-10 10:22 -------- d-----w- c:\documents and settings\San\Local Settings\Application Data\Super Internet TV 2010-06-10 04:23 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27 . 2010-06-18 08:43 -------- d-----w- c:\documents and settings\San\Application Data\MechCAD 2010-06-06 04:59 . 2010-06-11 05:16 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 Uprising 2010-06-06 04:22 . 2010-06-06 04:22 -------- d-----w- c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-02 12:02 . 2010-01-22 04:15 -------- d-----w- c:\program files\Ken Ward's Makeup 2010-07-02 11:16 . 2009-10-04 02:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 11:16 . 2009-10-04 02:51 -------- d-----w- c:\program files\SpywareBlaster 2010-07-01 09:18 . 2008-10-19 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 05:45 . 2009-05-09 14:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-01 05:37 . 2009-04-10 22:34 188152 ----a-w- c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\FlashGot.exe 2010-07-01 05:35 . 2010-03-20 04:59 117760 ----a-w- c:\documents and settings\San\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-01 05:19 . 2009-10-04 03:03 -------- d-----w- c:\program files\a-squared Free 2010-06-30 14:42 . 2008-10-19 09:46 -------- d-----w- c:\program files\ESET 2010-06-21 16:28 . 2009-01-14 12:45 2568656 ----a-w- c:\documents and settings\San\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-06-21 16:11 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\San\Application Data\Image Zone Express 2010-06-21 02:01 . 2008-10-19 09:42 -------- d-----w- c:\documents and settings\San\Application Data\Thinstall 2010-06-20 06:19 . 2010-01-02 17:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-18 08:37 . 2010-01-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-18 08:37 . 2010-06-18 08:37 61440 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-sse.dll 2010-06-18 08:37 . 2010-06-18 08:37 12800 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-d3d.dll 2010-06-18 08:36 . 2009-12-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 08:34 . 2010-06-18 08:34 503808 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcp71.dll 2010-06-18 08:34 . 2010-06-18 08:34 499712 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\jmc.dll 2010-06-18 08:34 . 2010-06-18 08:34 348160 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcr71.dll 2010-06-18 04:24 . 2010-03-16 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro 2010-06-18 04:17 . 2010-01-22 04:32 -------- d-----w- c:\program files\Advanced JPEG Compressor 2010-06-17 18:09 . 2010-03-22 03:01 -------- d-----w- c:\program files\Advanced MP3 Renamer 2010-06-17 03:39 . 2009-08-23 10:30 -------- d-----w- c:\program files\Glary Utilities 2010-06-10 06:54 . 2010-05-11 05:47 -------- d-----w- c:\program files\SopCast 2010-06-07 13:23 . 2009-10-13 17:31 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-04 15:30 . 2009-11-11 06:30 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-31 09:33 . 2010-05-31 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-05-27 02:50 . 2009-11-25 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 08:58 . 2008-10-19 06:13 157648 ----a-w- c:\documents and settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 07:41 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\San\Application Data\muvee Technologies 2010-05-24 06:04 . 2009-12-05 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2010-05-24 04:07 . 2009-12-04 13:11 -------- d-----w- c:\program files\MAGIX 2010-05-24 04:01 . 2009-12-04 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX 2010-05-23 13:30 . 2009-10-21 04:17 -------- d-----w- c:\documents and settings\San\Application Data\U3 2010-05-23 06:28 . 2010-05-23 06:28 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-23 00:12 . 2010-05-23 00:12 85504 ----a-w- c:\documents and settings\San\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-05-23 00:12 . 2010-05-23 00:12 -------- d-----w- c:\documents and settings\San\Application Data\SystemRequirementsLab 2010-05-22 18:16 . 2010-05-22 18:16 -------- d-----w- c:\program files\vSoft 2010-05-19 07:01 . 2010-05-19 06:57 -------- d-----w- c:\documents and settings\San\Application Data\Similarity 2010-05-19 05:59 . 2010-05-19 05:59 1006080 ----a-r- c:\documents and settings\San\Application Data\Microsoft\Installer\{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}\Similarity.exe 2010-05-19 05:59 . 2010-05-19 05:59 -------- d-----w- c:\program files\Similarity 2010-05-13 03:54 . 2009-01-13 16:06 -------- d-----w- c:\program files\Google 2010-05-11 06:25 . 2010-05-11 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks 2010-05-11 06:15 . 2008-10-15 16:17 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-10 01:01 . 2010-05-10 01:01 -------- d-----w- c:\program files\Sandboxie 2010-05-06 10:41 . 2008-03-04 11:52 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 15:57 . 2010-05-05 15:50 -------- d-----w- c:\documents and settings\San\Application Data\DiskSpaceFan 2010-05-05 15:50 . 2010-05-05 15:50 -------- d-----w- c:\program files\DiskSpaceFan 2010-05-02 05:22 . 2007-09-20 01:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:46 . 2010-04-28 14:45 59 ----a-w- c:\windows\wpd99.drv 2010-04-28 14:45 . 2010-04-28 14:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45 . 2010-04-28 14:45 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-11-22 22:50 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1040384] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-05-21 4456448] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-06-30 1283984] "TpShocks"="c:\windows\system32\TpShocks.exe" [2008-04-09 181512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "RTHDCPL"="RTHDCPL.EXE" [2008-06-10 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-02-18 08:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [19-Oct-08 1:38 PM 18960] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-Feb-10 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-Feb-10 10:15 AM 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [04-Oct-09 11:03 AM 1872320] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20-Jun-10 5:15 AM 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [19-Oct-08 1:38 PM 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [19-Oct-08 1:38 PM 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [19-Oct-08 1:18 PM 9472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-Jun-10 5:15 AM 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19-Oct-08 1:14 PM 156160] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-May-10 11:52 AM 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-May-10 12:00 PM 1527900] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09-Dec-09 10:21 AM 102656] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [26-Aug-09 4:49 AM 17408] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-Feb-10 10:15 AM 12872] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16-Jun-09 9:46 AM 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [19-Oct-08 1:33 PM 81192] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-Nov-08 11:04 AM 721904] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34] 2010-07-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-08-23 02:01] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003Core.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003UA.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{62C52952-E98C-4041-869E-5C46156D1019}.job - c:\windows\system32\msfeedssync.exe [2008-10-19 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab FF - ProfilePath - c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - plugin: c:\documents and settings\San\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\documents and settings\San\Desktop\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-02 23:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:55,39,98,6a,05,23,f5,ce,5e,a9,a9,88,22,d1,03,13,9c,6b,29,fb,12, 9c,26,13,cd,2d,08,ec,a8,4b,68,e6,65,38,a9,81,85,12,9a,35,66,e1,9b,af,4a,1d,\ "rkeysecu"=hex:31,1d,5f,b7,c5,09,e5,84,7f,b6,8a,d1,23,6b,c9,40 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1140) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(780) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\btncopy.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\TPHDEXLG.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\SOUNDMAN.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Completion time: 2010-07-02 23:26:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-02 15:26 ComboFix2.txt 2010-07-02 13:16 ComboFix3.txt 2010-06-28 08:40 Pre-Run: 10,547,032,064 bytes free Post-Run: 9,479,434,240 bytes free - - End Of File - - 4AF465B0239D0D861BCDADE031BAE7E8
  11. After the end of the scan, I found that System Restore was switched on automatically. Had switched in off again. Once again, I thank you for your patience. ComboFix 10-07-01.02 - San 02-Jul-10 20:52:52.6.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.955.701 [GMT 8:00] Running from: c:\documents and settings\San\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\San\Desktop\CFScript.txt FILE :: "c:\system volume information\Microsoft\services.exe" "c:\system volume information\Microsoft\smss.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\system volume information\Microsoft\services.exe . . . . failed to delete c:\system volume information\Microsoft\smss.exe . . . . failed to delete . ---- Previous Run ------- . c:\system volume information\Microsoft\smss.exe c:\system volume information\Microsoft\services.exe . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VVDSVC -------\Service_vvdsvc ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 ))))))))))))))))))))))))))))))) . 2010-07-02 07:00 . 2010-07-02 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-07-01 09:33 . 2010-07-01 09:33 -------- d-----w- c:\program files\Compaq 2010-07-01 09:18 . 2010-07-01 09:18 -------- d-----w- C:\DriveKey 2010-07-01 06:52 . 2010-07-01 08:28 -------- d-----w- C:\UBCD4Win 2010-06-19 21:15 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:15 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:09 . 2010-06-30 07:58 -------- d-----w- c:\documents and settings\San\Application Data\QuickScan 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\program files\StreamTorrent 1.0 2010-06-19 17:34 . 2010-06-19 17:34 -------- d-----w- c:\documents and settings\San\Application Data\StreamTorrent 2010-06-18 09:06 . 2010-06-18 09:06 -------- d-----w- c:\program files\AVG 2010-06-18 09:05 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-18 08:24 . 2010-06-18 08:24 -------- d-----w- c:\program files\Common Files\Java 2010-06-18 08:23 . 2010-06-18 08:23 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 08:14 . 2010-06-18 08:22 -------- d-----w- c:\documents and settings\San\.SunDownloadManager 2010-06-18 07:59 . 2010-06-18 07:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-06-18 06:10 . 2010-06-18 06:10 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-17 16:48 . 2010-06-17 16:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\program files\Lavasoft 2010-06-17 16:44 . 2010-06-18 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-17 09:23 . 2010-06-17 09:23 -------- d-----w- c:\program files\Sophos 2010-06-17 05:46 . 2010-06-17 05:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2010-06-17 04:20 . 2010-06-17 04:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-16 19:30 . 2010-07-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-16 19:30 . 2010-06-17 03:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-16 14:07 . 2010-06-16 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-06-10 06:46 . 2010-06-10 10:22 -------- d-----w- c:\documents and settings\San\Local Settings\Application Data\Super Internet TV 2010-06-10 04:23 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-06-10 04:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 16:27 . 2010-06-18 08:43 -------- d-----w- c:\documents and settings\San\Application Data\MechCAD 2010-06-06 04:59 . 2010-06-11 05:16 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 Uprising 2010-06-06 04:22 . 2010-06-06 04:22 -------- d-----w- c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-02 12:02 . 2010-01-22 04:15 -------- d-----w- c:\program files\Ken Ward's Makeup 2010-07-02 11:16 . 2009-10-04 02:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 11:16 . 2009-10-04 02:51 -------- d-----w- c:\program files\SpywareBlaster 2010-07-01 09:18 . 2008-10-19 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 05:45 . 2009-05-09 14:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-01 05:37 . 2009-04-10 22:34 188152 ----a-w- c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\FlashGot.exe 2010-07-01 05:35 . 2010-03-20 04:59 117760 ----a-w- c:\documents and settings\San\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-01 05:19 . 2009-10-04 03:03 -------- d-----w- c:\program files\a-squared Free 2010-06-30 14:42 . 2008-10-19 09:46 -------- d-----w- c:\program files\ESET 2010-06-21 16:28 . 2009-01-14 12:45 2568656 ----a-w- c:\documents and settings\San\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-06-21 16:11 . 2009-10-05 19:01 -------- d-----w- c:\documents and settings\San\Application Data\Image Zone Express 2010-06-21 02:01 . 2008-10-19 09:42 -------- d-----w- c:\documents and settings\San\Application Data\Thinstall 2010-06-20 06:19 . 2010-01-02 17:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-18 08:37 . 2010-01-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-18 08:37 . 2010-06-18 08:37 61440 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-sse.dll 2010-06-18 08:37 . 2010-06-18 08:37 12800 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1affcee8-n\decora-d3d.dll 2010-06-18 08:36 . 2009-12-08 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 08:34 . 2010-06-18 08:34 503808 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcp71.dll 2010-06-18 08:34 . 2010-06-18 08:34 499712 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\jmc.dll 2010-06-18 08:34 . 2010-06-18 08:34 348160 ----a-w- c:\documents and settings\San\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62020c4a-n\msvcr71.dll 2010-06-18 04:24 . 2010-03-16 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\X-Setup Pro 2010-06-18 04:17 . 2010-01-22 04:32 -------- d-----w- c:\program files\Advanced JPEG Compressor 2010-06-17 18:09 . 2010-03-22 03:01 -------- d-----w- c:\program files\Advanced MP3 Renamer 2010-06-17 03:39 . 2009-08-23 10:30 -------- d-----w- c:\program files\Glary Utilities 2010-06-10 06:54 . 2010-05-11 05:47 -------- d-----w- c:\program files\SopCast 2010-06-07 13:23 . 2009-10-13 17:31 100620 ---ha-w- c:\windows\system32\mlfcache.dat 2010-06-04 15:30 . 2009-11-11 06:30 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-31 09:33 . 2010-05-31 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-05-27 02:50 . 2009-11-25 12:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 08:58 . 2008-10-19 06:13 157648 ----a-w- c:\documents and settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 07:41 . 2009-12-06 10:44 -------- d-----w- c:\documents and settings\San\Application Data\muvee Technologies 2010-05-24 06:04 . 2009-12-05 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2010-05-24 04:07 . 2009-12-04 13:11 -------- d-----w- c:\program files\MAGIX 2010-05-24 04:01 . 2009-12-04 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX 2010-05-23 13:30 . 2009-10-21 04:17 -------- d-----w- c:\documents and settings\San\Application Data\U3 2010-05-23 06:28 . 2010-05-23 06:28 -------- d-----w- c:\documents and settings\San\Application Data\Red Alert 3 2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\SystemRequirementsLab 2010-05-23 00:12 . 2010-05-23 00:12 85504 ----a-w- c:\documents and settings\San\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-05-23 00:12 . 2010-05-23 00:12 -------- d-----w- c:\documents and settings\San\Application Data\SystemRequirementsLab 2010-05-22 18:16 . 2010-05-22 18:16 -------- d-----w- c:\program files\vSoft 2010-05-19 07:01 . 2010-05-19 06:57 -------- d-----w- c:\documents and settings\San\Application Data\Similarity 2010-05-19 05:59 . 2010-05-19 05:59 1006080 ----a-r- c:\documents and settings\San\Application Data\Microsoft\Installer\{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}\Similarity.exe 2010-05-19 05:59 . 2010-05-19 05:59 -------- d-----w- c:\program files\Similarity 2010-05-13 03:54 . 2009-01-13 16:06 -------- d-----w- c:\program files\Google 2010-05-11 06:25 . 2010-05-11 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks 2010-05-11 06:15 . 2008-10-15 16:17 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-05-10 01:01 . 2010-05-10 01:01 -------- d-----w- c:\program files\Sandboxie 2010-05-06 10:41 . 2008-03-04 11:52 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 15:57 . 2010-05-05 15:50 -------- d-----w- c:\documents and settings\San\Application Data\DiskSpaceFan 2010-05-05 15:50 . 2010-05-05 15:50 -------- d-----w- c:\program files\DiskSpaceFan 2010-05-02 05:22 . 2007-09-20 01:27 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 14:46 . 2010-04-28 14:45 59 ----a-w- c:\windows\wpd99.drv 2010-04-28 14:45 . 2010-04-28 14:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-04-28 14:45 . 2010-04-28 14:45 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-11-22 22:50 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1040384] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080] "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-05-21 4456448] "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-06-30 1283984] "TpShocks"="c:\windows\system32\TpShocks.exe" [2008-04-09 181512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "RTHDCPL"="RTHDCPL.EXE" [2008-06-10 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^San^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-02-18 08:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [19-Oct-08 1:38 PM 18960] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-Feb-10 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-Feb-10 10:15 AM 66632] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [04-Oct-09 11:03 AM 1872320] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20-Jun-10 5:15 AM 304464] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [19-Oct-08 1:38 PM 430080] R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [19-Oct-08 1:38 PM 47680] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [19-Oct-08 1:18 PM 9472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-Jun-10 5:15 AM 20952] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19-Oct-08 1:14 PM 156160] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-May-10 11:52 AM 136176] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-May-10 12:00 PM 1527900] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [09-Dec-09 10:21 AM 102656] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [26-Aug-09 4:49 AM 17408] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-Feb-10 10:15 AM 12872] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16-Jun-09 9:46 AM 79888] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [19-Oct-08 1:33 PM 81192] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-Nov-08 11:04 AM 721904] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34] 2010-07-02 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-08-23 02:01] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:47] 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003Core.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1960408961-725345543-1003UA.job - c:\documents and settings\San\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 17:31] 2010-07-02 c:\windows\Tasks\User_Feed_Synchronization-{62C52952-E98C-4041-869E-5C46156D1019}.job - c:\windows\system32\msfeedssync.exe [2008-10-19 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://web.lead.com.sg/SchoolDNA/Common/saxfile.cab FF - ProfilePath - c:\documents and settings\San\Application Data\Mozilla\Firefox\Profiles\2kkrgtnm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/ig FF - plugin: c:\documents and settings\San\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-02 21:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:55,39,98,6a,05,23,f5,ce,5e,a9,a9,88,22,d1,03,13,9c,6b,29,fb,12, 9c,26,13,cd,2d,08,ec,a8,4b,68,e6,65,38,a9,81,85,12,9a,35,66,e1,9b,af,4a,1d,\ "rkeysecu"=hex:31,1d,5f,b7,c5,09,e5,84,7f,b6,8a,d1,23,6b,c9,40 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1140) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3456) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\btncopy.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\HssWPR\hsssrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\SOUNDMAN.EXE c:\program files\iPod\bin\iPodService.exe c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe . ************************************************************************** . Completion time: 2010-07-02 21:16:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-02 13:16 ComboFix2.txt 2010-06-28 08:40 Pre-Run: 10,546,401,280 bytes free Post-Run: 9,481,588,736 bytes free - - End Of File - - C2ED2E25E557C0314093B237E4E9C435
  12. I cant launch the program or even its alternate versions.
  13. After 2 rounds of scanning using Eset Online scanneron normal mode and Safe mode, The same problem keeps coming up. Smss.exe services.exe have been identified many times as the source(es) of infection. The computer keep trying to connect to 94.75.229.139. And clicking sound can be heard many times.
  14. I swear that System Restore was switched off since the first post on this thread. I will do as follow and update u.
  15. Did the scan and the following was discovered. C:\System Volume Information\Microsoft\services.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined C:\System Volume Information\Microsoft\smss.exe Win32/TrojanDownloader.Unruy.BT trojan cleaned by deleting (after the next restart) - quarantined Operating memory Win32/TrojanDownloader.Unruy.BT trojan contained infected files This trojan had been deleted many times using Avira Antivirus but it keeps popping up again and again.