Log for spider kill

View previous topic View next topic Go down

Log for spider kill

Post by laguera16 on Thu Oct 08, 2009 2:53 am

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 102B-4AED

Directory of C:\Windows\System32\Drivers

10/04/2009 06:24 PM .
10/04/2009 06:24 PM ..
08/10/2004 12:00 PM 53,248 1394bus.sys
08/17/2001 08:52 PM 23,552 ABP480N5.SYS
08/10/2004 12:00 PM 187,776 acpi.sys
08/10/2004 12:00 PM 11,648 acpiec.sys
08/17/2001 09:07 PM 101,888 adpu160m.sys
02/15/2006 12:22 AM 142,464 aec.sys
08/14/2008 02:51 AM 138,368 afd.sys
10/04/2009 10:12 PM 94,432 AGP440.SYS
08/04/2004 06:07 AM 44,928 AGPCPQ.SYS
08/17/2001 08:52 PM 12,800 aha154x.sys
08/17/2001 09:07 PM 55,168 aic78u2.sys
08/17/2001 09:07 PM 56,960 aic78xx.sys
08/17/2001 08:51 PM 5,248 aliide.sys
08/04/2004 06:07 AM 42,752 ALIM1541.SYS
08/04/2004 06:07 AM 43,008 AMDAGP.SYS
08/10/2004 12:00 PM 36,992 amdk6.sys
08/10/2004 12:00 PM 37,376 amdk7.sys
06/18/2006 11:37 PM 36,864 AmdK8.sys
08/17/2001 08:52 PM 12,032 amsint.sys
08/02/2005 04:19 PM 22,784 aracpi.sys
08/02/2005 04:19 PM 19,200 arhidfltr.sys
08/02/2005 04:19 PM 5,376 arkbcfltr.sys
08/02/2005 04:19 PM 4,992 armoucfltr.sys
08/10/2004 12:00 PM 60,800 arp1394.sys
08/02/2005 04:19 PM 10,112 arpolicy.sys
08/17/2001 08:52 PM 26,496 asc.sys
08/17/2001 08:52 PM 22,400 asc3350p.sys
08/17/2001 08:51 PM 14,848 asc3550.sys
08/09/2006 09:13 AM 8,552 asctrm.sys
08/10/2004 12:00 PM 14,336 asyncmac.sys
08/04/2004 05:59 AM 95,360 atapi.sys
08/10/2004 12:00 PM 59,904 atmarpc.sys
08/10/2004 12:00 PM 31,360 atmepvc.sys
08/10/2004 12:00 PM 55,936 atmlane.sys
08/10/2004 12:00 PM 352,256 atmuni.sys
08/17/2001 01:59 PM 3,072 audstub.sys
12/15/2007 06:49 PM AU_Backup
08/17/2001 01:57 PM 14,080 battc.sys
08/10/2004 12:00 PM 4,224 beep.sys
08/10/2004 12:00 PM 71,552 bridge.sys
06/13/2008 06:10 AM 272,128 bthport.sys
08/17/2001 08:52 PM 13,952 cbidf2k.sys
08/04/2004 12:10 AM 17,024 CCDECODE.sys
08/17/2001 08:52 PM 7,680 cd20xrnt.sys
08/10/2004 12:00 PM 18,688 cdaudio.sys
08/10/2004 12:00 PM 63,744 cdfs.sys
02/02/2007 04:00 AM 9,336 cdr4_xp.sys
02/02/2007 04:00 AM 9,464 cdralw2k.sys
08/10/2004 12:00 PM 49,536 cdrom.sys
08/10/2004 12:00 PM 262,528 cinemst2.sys
08/10/2004 12:00 PM 49,664 classpnp.sys
08/03/2004 11:07 PM 14,080 CmBatt.sys
08/17/2001 08:51 PM 6,656 cmdide.sys
08/17/2001 01:58 PM 9,344 compbatt.sys
08/17/2001 08:52 PM 14,976 cpqarray.sys
08/10/2004 12:00 PM 11,776 cpqdap01.sys
08/10/2004 12:00 PM 36,480 crusoe.sys
08/17/2001 08:52 PM 179,584 dac2w2k.sys
08/17/2001 08:52 PM 14,720 dac960nt.sys
06/16/2006 07:26 PM disdn
08/10/2004 12:00 PM 36,352 disk.sys
08/10/2004 12:00 PM 14,208 diskdump.sys
08/10/2004 12:00 PM 799,744 dmboot.sys
08/10/2004 12:00 PM 153,344 dmio.sys
08/10/2004 12:00 PM 5,888 dmload.sys
08/03/2004 11:07 PM 52,864 DMusic.sys
08/17/2001 09:07 PM 20,192 dpti2o.sys
08/03/2004 11:08 PM 60,288 drmk.sys
08/03/2004 11:07 PM 2,944 drmkaud.sys
08/10/2004 12:00 PM 10,496 dxapi.sys
08/10/2004 12:00 PM 71,040 dxg.sys
08/10/2004 12:00 PM 3,328 dxgthk.sys
08/17/2001 01:46 PM 6,400 enum1394.sys
10/04/2009 06:33 PM etc
08/10/2004 12:00 PM 143,360 fastfat.sys
08/10/2004 12:00 PM 27,392 fdc.sys
08/10/2004 12:00 PM 34,944 fips.sys
08/10/2004 12:00 PM 20,480 flpydisk.sys
08/21/2006 02:14 AM 128,896 fltmgr.sys
02/06/2009 06:08 PM 55,152 fssfltr_tdi.sys
08/10/2004 12:00 PM 12,160 fsvga.sys
08/10/2004 12:00 PM 7,936 fs_rec.sys
08/17/2001 08:52 PM 125,056 ftdisk.sys
09/27/2006 05:12 PM 10,664 gan_adapter.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
08/10/2004 12:00 PM 3,440,660 gm.dls
08/10/2004 12:00 PM 646 gmreadme.txt
01/07/2005 05:07 PM 138,752 Hdaudbus.sys
01/07/2005 05:07 PM 145,920 Hdaudio.sys
08/10/2004 12:00 PM 36,224 hidclass.sys
01/11/2006 12:48 AM 19,200 hidir.sys
08/10/2004 12:00 PM 24,960 hidparse.sys
08/04/2004 12:56 AM 21,504 hidserv.dll
08/17/2001 09:02 PM 9,600 hidusb.sys
08/17/2001 09:07 PM 25,952 hpn.sys
01/05/2004 12:30 AM 51,056 hpzid412.sys
01/05/2004 12:30 AM 16,496 HPZipr12.sys
01/05/2004 12:30 AM 21,488 HPZius12.sys
03/17/2005 09:50 AM 221,440 HSFHWBS2.sys
03/16/2005 08:29 PM 133,221 HSFProf.cty
03/17/2005 09:50 AM 705,280 HSF_CNXT.sys
03/17/2005 09:51 AM 1,033,600 HSF_DPV.sys
03/16/2006 05:33 PM 262,784 http.sys
08/04/2004 06:00 AM 8,192 i2omgmt.sys
08/04/2004 06:00 AM 18,560 i2omp.sys
08/10/2004 12:00 PM 52,736 i8042prt.sys
08/10/2004 12:00 PM 41,856 imapi.sys
08/17/2001 08:52 PM 16,000 ini910u.sys
08/04/2004 05:59 AM 5,504 intelide.sys
08/10/2004 12:00 PM 36,096 intelppm.sys
08/10/2004 12:00 PM 29,056 ip6fw.sys
08/10/2004 12:00 PM 32,896 ipfltdrv.sys
08/10/2004 12:00 PM 20,992 ipinip.sys
09/29/2004 03:28 PM 134,912 ipnat.sys
08/10/2004 12:00 PM 74,752 ipsec.sys
01/11/2006 12:48 AM 46,592 irbus.sys
08/10/2004 12:00 PM 11,264 irenum.sys
08/17/2001 08:58 PM 35,840 isapnp.sys
08/04/2004 05:58 AM 24,576 kbdclass.sys
08/04/2004 05:58 AM 14,848 kbdhid.sys
06/14/2006 01:47 AM 172,416 kmixer.sys
08/04/2004 12:15 AM 140,928 ks.sys
06/22/2009 04:35 AM 92,544 ksecdd.sys
06/26/2003 08:05 PM 472,332 lvcm.sys
06/26/2003 08:03 PM 12,112 LVUSBSta.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/10/2004 12:00 PM 7,680 mcd.sys
03/17/2004 12:04 PM 13,059 mdmxsdk.sys
08/10/2004 12:00 PM 63,744 mf.sys
08/10/2004 10:45 AM 11,008 mhndrv.sys
08/10/2004 12:00 PM 4,224 mnmdd.sys
08/10/2004 12:00 PM 30,080 modem.sys
08/04/2004 05:58 AM 23,040 mouclass.sys
08/17/2001 08:48 PM 12,160 mouhid.sys
08/10/2004 12:00 PM 42,240 mountmgr.sys
06/22/2009 04:48 AM 91,776 mqac.sys
08/17/2001 08:52 PM 17,280 mraid35x.sys
12/18/2007 02:51 AM 179,584 mrxdav.sys
10/24/2008 04:10 AM 453,632 mrxsmb.sys
08/10/2004 12:00 PM 19,072 msfs.sys
08/10/2004 12:00 PM 35,072 msgpc.sys
08/03/2004 10:58 PM 7,552 MSKSSRV.sys
08/03/2004 10:58 PM 5,376 MSPCLOCK.sys
08/03/2004 10:58 PM 4,992 MSPQM.sys
08/10/2004 12:00 PM 15,488 mssmbios.sys
08/03/2004 11:58 PM 5,504 MSTEE.sys
08/10/2004 12:00 PM 107,904 mup.sys
08/04/2004 12:10 AM 85,376 NABTSFEC.sys
08/10/2004 12:00 PM 182,912 ndis.sys
08/04/2004 12:10 AM 10,880 NdisIP.sys
08/10/2004 12:00 PM 9,600 ndistapi.sys
06/21/2005 01:52 AM 14,592 ndisuio.sys
08/10/2004 12:00 PM 91,776 ndiswan.sys
08/10/2004 12:00 PM 38,016 ndproxy.sys
08/10/2004 12:00 PM 34,560 netbios.sys
08/10/2004 12:00 PM 162,816 netbt.sys
08/10/2004 12:00 PM 61,824 nic1394.sys
08/10/2004 12:00 PM 12,032 nikedrv.sys
08/10/2004 12:00 PM 40,320 nmnt.sys
08/10/2004 12:00 PM 30,848 npfs.sys
02/09/2007 04:10 AM 574,464 ntfs.sys
06/09/2008 01:12 PM 18,504 nuidfltr.sys
08/10/2004 12:00 PM 2,944 null.sys
09/18/2005 08:32 AM 3,493,984 nv4_mini.sys
07/29/2005 02:11 AM 34,048 NVENETFD.sys
07/29/2005 02:11 AM 12,928 nvnetbus.sys
07/29/2005 02:10 AM 301,312 nvnrm.sys
07/29/2005 02:10 AM 221,824 nvsnpu.sys
07/29/2005 02:10 AM 100,480 nvtcp.sys
08/10/2004 12:00 PM 12,416 nwlnkflt.sys
08/10/2004 12:00 PM 32,512 nwlnkfwd.sys
08/10/2004 12:00 PM 88,448 nwlnkipx.sys
08/10/2004 12:00 PM 63,232 nwlnknb.sys
08/10/2004 12:00 PM 55,936 nwlnkspx.sys
10/13/2006 03:23 AM 163,584 nwrdr.sys
08/10/2004 12:00 PM 61,056 ohci1394.sys
08/10/2004 12:00 PM 3,456 oprghdlr.sys
08/10/2004 12:00 PM 42,496 p3.sys
08/10/2004 12:00 PM 80,128 parport.sys
08/10/2004 12:00 PM 18,688 partmgr.sys
08/10/2004 12:00 PM 6,784 parvdm.sys
08/04/2004 06:07 AM 68,224 pci.sys
08/17/2001 08:51 PM 3,328 pciide.sys
08/04/2004 05:59 AM 25,088 pciidex.sys
08/10/2004 12:00 PM 119,936 pcmcia.sys
08/17/2001 09:07 PM 27,296 perc2.sys
08/17/2001 09:07 PM 5,504 perc2hib.sys
06/10/2008 01:04 PM 31,048 point32.sys
03/16/2004 10:58 AM 136,960 portcls.sys
08/10/2004 12:00 PM 35,328 processr.sys
08/10/2004 12:00 PM 69,120 psched.sys
08/10/2004 12:00 PM 17,792 ptilink.sys
10/26/2005 01:12 PM 20,640 pxhelp20.sys
08/17/2001 08:52 PM 40,320 ql1080.sys
08/17/2001 08:52 PM 33,152 ql10wnt.sys
08/17/2001 08:52 PM 45,312 ql12160.sys
08/17/2001 08:52 PM 40,448 ql1240.sys
08/17/2001 08:52 PM 49,024 ql1280.sys
08/10/2004 12:00 PM 8,832 rasacd.sys
08/10/2004 12:00 PM 51,328 rasl2tp.sys
08/10/2004 12:00 PM 41,472 raspppoe.sys
08/10/2004 12:00 PM 48,384 raspptp.sys
08/10/2004 12:00 PM 16,512 raspti.sys
08/10/2004 12:00 PM 34,432 rawwan.sys
05/05/2006 09:47 AM 174,592 rdbss.sys
08/10/2004 12:00 PM 4,224 rdpcdd.sys
08/04/2004 06:01 AM 196,864 rdpdr.sys
06/10/2005 04:09 AM 139,528 rdpwd.sys
08/03/2004 10:59 PM 57,472 redbook.sys
08/10/2004 12:00 PM 12,032 rio8drv.sys
08/10/2004 12:00 PM 12,032 riodrv.sys
05/08/2008 05:28 AM 202,752 rmcast.sys
08/10/2004 12:00 PM 30,080 rndismp.sys
08/10/2004 12:00 PM 5,888 rootmdm.sys
03/15/2006 10:24 PM 4,249,088 RtkHDAud.Sys
08/10/2004 12:00 PM 96,256 scsiport.sys
08/10/2004 12:00 PM 67,584 sdbus.sys
11/13/2007 03:25 AM 20,480 secdrv.sys
08/10/2004 12:00 PM 15,488 serenum.sys
08/10/2004 12:00 PM 64,896 serial.sys
08/10/2004 12:00 PM 11,136 sffdisk.sys
08/10/2004 12:00 PM 10,240 sffp_sd.sys
08/10/2004 12:00 PM 11,392 sfloppy.sys
08/04/2004 06:07 AM 41,088 SISAGP.SYS
08/04/2004 12:10 AM 11,136 SLIP.sys
08/10/2004 12:00 PM 14,592 smclib.sys
08/10/2004 12:00 PM 25,472 sonydcam.sys
08/17/2001 01:56 PM 7,552 SONYPVU1.SYS
08/17/2001 09:07 PM 19,072 sparrow.sys
06/14/2006 01:47 AM 6,400 splitter.sys
08/10/2004 12:00 PM 73,472 sr.sys
12/11/2008 04:57 AM 333,184 srv.sys
04/21/2009 06:27 PM 29,808 ssfs0bbc.sys
04/21/2009 06:27 PM 23,152 sshrmd.sys
04/21/2009 06:27 PM 176,752 ssidrv.sys
10/01/2007 05:24 PM 23,864 sskbfd.sys
12/18/2004 09:32 PM 38,229 StMp3Rec.sys
08/04/2004 12:08 AM 48,640 stream.sys
08/04/2004 12:10 AM 15,360 StreamIP.sys
08/04/2004 05:58 AM 4,352 swenum.sys
08/17/2001 02:00 PM 54,272 swmidi.sys
08/17/2001 09:07 PM 16,256 symc810.sys
08/17/2001 09:07 PM 32,640 symc8xx.sys
08/17/2001 09:07 PM 28,384 sym_hi.sys
08/17/2001 09:07 PM 30,688 sym_u3.sys
08/03/2004 11:15 PM 60,800 sysaudio.sys
08/10/2004 12:00 PM 14,976 tape.sys
06/20/2008 03:45 AM 360,320 tcpip.sys
06/20/2008 02:52 AM 225,920 tcpip6.sys
08/10/2004 12:00 PM 18,560 tdi.sys
08/10/2004 12:00 PM 12,040 tdpipe.sys
08/10/2004 12:00 PM 21,896 tdtcp.sys
08/04/2004 08:01 AM 40,840 termdd.sys
09/10/2009 11:53 AM 59,920 tmactmon.sys
01/10/2008 11:44 AM 10,533 tmcomm.cat
12/24/2007 05:36 PM 2,487 tmcomm.inf
09/10/2009 11:53 AM 158,224 tmcomm.sys
09/10/2009 11:53 AM 50,704 tmevtmgr.sys
06/01/2009 08:22 AM 9,070 tmfilter.cat
05/22/2009 12:58 AM 287,608 Tmfilter.sys
05/22/2009 01:03 AM 3,444 tmpreflt.inf
09/10/2009 11:53 AM 36,368 tmpreflt.sys
09/10/2009 11:53 AM 89,872 tmtdi.sys
05/22/2009 01:03 AM 2,583 tmxpflt.inf
09/10/2009 11:53 AM 225,808 tmxpflt.sys
08/10/2004 12:00 PM 51,712 tosdvd.sys
08/17/2001 08:51 PM 4,992 toside.sys
08/10/2004 12:00 PM 21,376 tsbvcap.sys
08/10/2004 12:00 PM 12,416 tunmp.sys
08/10/2004 12:00 PM 66,176 udfs.sys
08/17/2001 08:52 PM 36,736 ultra.sys
01/20/2008 02:40 PM UMDF
08/10/2004 12:00 PM 209,408 update.sys
08/10/2004 12:00 PM 12,672 usb8023.sys
06/05/2009 11:42 AM 39,424 usbaapl.sys
08/04/2004 12:07 AM 59,264 USBAUDIO.sys
08/10/2004 12:00 PM 23,808 usbcamd.sys
08/10/2004 12:00 PM 23,936 usbcamd2.sys
08/04/2004 12:08 AM 31,616 usbccgp.sys
08/10/2004 12:00 PM 4,736 usbd.sys
08/10/2004 12:00 PM 26,624 usbehci.sys
08/10/2004 12:00 PM 57,600 usbhub.sys
08/10/2004 12:00 PM 16,000 usbintel.sys
08/03/2004 11:08 PM 17,024 usbohci.sys
08/10/2004 12:00 PM 142,976 usbport.sys
08/04/2004 12:01 AM 25,856 usbprint.sys
08/03/2004 11:58 PM 15,104 usbscan.sys
08/03/2004 11:08 PM 26,496 USBSTOR.SYS
08/10/2004 12:00 PM 20,480 usbuhci.sys
08/10/2004 12:00 PM 58,112 vdmindvd.sys
08/10/2004 12:00 PM 20,992 vga.sys
08/04/2004 06:07 AM 42,240 VIAAGP.SYS
08/04/2004 05:59 AM 5,376 viaide.sys
08/10/2004 12:00 PM 79,744 videoprt.sys
08/10/2004 12:00 PM 52,352 volsnap.sys
05/22/2009 12:46 AM 2,544 vsapint.inf
09/10/2009 11:53 AM 1,223,832 vsapint.sys
08/10/2004 12:00 PM 34,560 wanarp.sys
01/10/2003 02:13 PM 33,588 wanatw4.sys
11/02/2006 08:22 AM 492,000 wdf01000.sys
11/02/2006 08:22 AM 32,224 wdfldr.sys
06/14/2006 02:00 AM 82,944 wdmaud.sys
08/10/2004 12:00 PM 4,352 wmilib.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
08/10/2004 12:00 PM 12,032 ws2ifsl.sys
08/04/2004 12:10 AM 19,328 WSTCODEC.SYS
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
10/04/2009 12:12 PM 61,440 xrvocxr.sys
11/15/2007 10:38 PM 40,832 zumbus.sys
307 File(s) 32,641,252 bytes

Directory of C:\Windows\System32\Drivers\AU_Backup

12/15/2007 06:49 PM .
12/15/2007 06:49 PM ..
12/15/2007 06:48 PM 2
07/19/2009 08:47 AM 1,077 AuBackup.ini
1 File(s) 1,077 bytes

Directory of C:\Windows\System32\Drivers\AU_Backup\2

12/15/2007 06:48 PM .
12/15/2007 06:48 PM ..
07/19/2009 08:47 AM 16
04/18/2008 09:10 AM 553648256
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\AU_Backup\2\16

07/19/2009 08:47 AM .
07/19/2009 08:47 AM ..
12/12/2008 11:49 AM 10,088 backup.006
11/26/2008 06:41 PM 265,688 backup.007
11/26/2008 06:42 PM 3,444 backup.008
11/26/2008 06:42 PM 36,368 backup.009
11/26/2008 06:42 PM 2,583 backup.00a
11/26/2008 06:42 PM 205,328 backup.00b
11/26/2008 06:39 PM 2,544 backup.00c
11/26/2008 06:39 PM 1,195,384 backup.00d
8 File(s) 1,721,427 bytes

Directory of C:\Windows\System32\Drivers\AU_Backup\2\553648256

04/18/2008 09:10 AM .
04/18/2008 09:10 AM ..
01/30/2007 01:37 AM 10,612 backup.003
01/24/2007 02:45 AM 2,454 backup.004
01/24/2007 06:45 PM 102,800 backup.005
3 File(s) 115,866 bytes

Directory of C:\Windows\System32\Drivers\disdn

06/16/2006 07:26 PM .
06/16/2006 07:26 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/04/2009 06:33 PM .
10/04/2009 06:33 PM ..
09/01/2009 07:21 PM 27 hosts
05/11/2008 12:41 PM 734 hosts.msn
08/10/2004 12:00 PM 3,683 lmhosts.sam
08/10/2004 12:00 PM 407 networks
08/10/2004 12:00 PM 799 protocol
08/10/2004 12:00 PM 7,116 services
6 File(s) 12,766 bytes

Directory of C:\Windows\System32\Drivers\UMDF

01/20/2008 02:40 PM .
01/20/2008 02:40 PM ..
01/20/2008 02:38 PM en-US
01/20/2008 02:39 PM es-ES
01/20/2008 02:39 PM fr-FR
10/18/2006 10:47 PM 671,232 wpdmtpdr.dll
11/15/2007 10:52 PM 682,400 ZuneDriver.dll
2 File(s) 1,353,632 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

01/20/2008 02:38 PM .
01/20/2008 02:38 PM ..
11/15/2007 10:47 PM 6,144 ZuneDriver.dll.mui
1 File(s) 6,144 bytes

Directory of C:\Windows\System32\Drivers\UMDF\es-ES

01/20/2008 02:39 PM .
01/20/2008 02:39 PM ..
11/15/2007 10:57 PM 6,144 ZuneDriver.dll.mui
1 File(s) 6,144 bytes

Directory of C:\Windows\System32\Drivers\UMDF\fr-FR

01/20/2008 02:39 PM .
01/20/2008 02:39 PM ..
11/15/2007 10:57 PM 6,144 ZuneDriver.dll.mui
1 File(s) 6,144 bytes

Total Files Listed:
330 File(s) 35,864,452 bytes
32 Dir(s) 183,282,143,232 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 102B-4AED

Directory of C:\Windows\System32\Drivers

01/20/2008 02:39 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
08/30/2009 04:38 PM 0 Msft_Kernel_NuidFltr_01005.Wdf
01/20/2008 02:39 PM 0 Msft_Kernel_zumbus_01005.Wdf
3 File(s) 0 bytes
0 Dir(s) 183,282,155,520 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 652 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 728 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 752 High C:\WINDOWS\system32\winlogon.exe
services.exe 796 Normal C:\WINDOWS\system32\services.exe
lsass.exe 808 Normal C:\WINDOWS\system32\lsass.exe
WRConsumerService.exe 1024 Normal C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
svchost.exe 1052 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1136 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1232 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1276 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1456 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1588 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1724 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1840 Normal C:\WINDOWS\system32\svchost.exe
AppleMobileDeviceService.exe 1908 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
arservice.exe 1920 Normal C:\WINDOWS\arservice.exe
ehRecvr.exe 1996 Above Normal C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe 2020 Normal C:\WINDOWS\eHome\ehSched.exe
jqs.exe 192 Idle C:\Program Files\Java\jre6\bin\jqs.exe
McciCMService.exe 260 Normal C:\Program Files\Common Files\Motive\McciCMService.exe
nvsvc32.exe 472 Normal C:\WINDOWS\system32\nvsvc32.exe
PRISMXL.SYS 524 Normal C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
SeaPort.exe 600 Normal C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SfCtlCom.exe 112 Normal C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe 716 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 772 Normal C:\WINDOWS\system32\svchost.exe
ViewpointService.exe 944 Normal C:\Program Files\Viewpoint\Common\ViewpointService.exe
SpySweeper.exe 1188 Normal C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
YahooAUService.exe 2056 Normal C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
ZuneBusEnum.exe 2132 Normal c:\WINDOWS\system32\ZuneBusEnum.exe
mcrdsvc.exe 2168 Normal C:\WINDOWS\ehome\mcrdsvc.exe
Explorer.EXE 2520 Normal C:\WINDOWS\Explorer.EXE
ehtray.exe 2696 Normal C:\WINDOWS\ehome\ehtray.exe
readericon45G.exe 2728 Idle C:\Program Files\Digital Media Reader\readericon45G.exe
hpcmpmgr.exe 2872 Normal C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
jusched.exe 2880 Normal C:\Program Files\Java\jre6\bin\jusched.exe
McciTrayApp.exe 2888 Normal C:\Program Files\Verizon\McciTrayApp.exe
LogiTray.exe 2916 Normal C:\Program Files\Logitech\Video\LogiTray.exe
realsched.exe 2936 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PicasaMediaDetector.exe 2972 Normal C:\Program Files\Picasa2\PicasaMediaDetector.exe
QTTask.exe 3020 Normal C:\Program Files\QuickTime\QTTask.exe
iTunesHelper.exe 3080 Normal C:\Program Files\iTunes\iTunesHelper.exe
HPWuSchd2.exe 3088 Normal C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
itype.exe 3184 Normal C:\Program Files\Microsoft IntelliType Pro\itype.exe
ipoint.exe 3192 Normal C:\Program Files\Microsoft IntelliPoint\ipoint.exe
UfSeAgnt.exe 3200 Normal C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
SpySweeperUI.exe 3244 Normal C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
ctfmon.exe 3340 Normal C:\WINDOWS\system32\ctfmon.exe
BackWeb-8876480.exe 3384 Normal C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
msnmsgr.exe 3392 Normal C:\Program Files\Windows Live\Messenger\msnmsgr.exe
hpqtra08.exe 3488 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Ding.exe 3516 Normal C:\Program Files\Southwest Airlines\Ding\Ding.exe
LVComS.exe 3776 Normal C:\WINDOWS\system32\LVComS.exe
dllhost.exe 3820 Normal C:\WINDOWS\system32\dllhost.exe
iPodService.exe 1676 Normal C:\Program Files\iPod\bin\iPodService.exe
ehmsas.exe 1776 Normal C:\WINDOWS\eHome\ehmsas.exe
alg.exe 1964 Normal C:\WINDOWS\System32\alg.exe
ymsgr_tray.exe 3480 Normal C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
TmProxy.exe 2684 Normal C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
SSU.EXE 1792 Normal C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
wlcomm.exe 4120 Normal C:\Program Files\Windows Live\Contacts\wlcomm.exe
TMBMSRV.exe 5040 Normal C:\Program Files\Trend Micro\BM\TMBMSRV.exe
firefox.exe 2376 Normal C:\Program Files\Mozilla Firefox\firefox.exe
csrss.exe 5608 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 4724 High C:\WINDOWS\system32\winlogon.exe
Explorer.EXE 4192 Normal C:\WINDOWS\Explorer.EXE
ehtray.exe 5048 Normal C:\WINDOWS\ehome\ehtray.exe
readericon45G.exe 5952 Idle C:\Program Files\Digital Media Reader\readericon45G.exe
ehmsas.exe 1428 Normal C:\WINDOWS\eHome\ehmsas.exe
hpcmpmgr.exe 4700 Normal C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
jusched.exe 1424 Normal C:\Program Files\Java\jre6\bin\jusched.exe
McciTrayApp.exe 4644 Normal C:\Program Files\Verizon\McciTrayApp.exe
ZuneLauncher.exe 4628 Normal C:\Program Files\Zune\ZuneLauncher.exe
LogiTray.exe 688 Normal C:\Program Files\Logitech\Video\LogiTray.exe
realsched.exe 540 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PicasaMediaDetector.exe 3376 Normal C:\Program Files\Picasa2\PicasaMediaDetector.exe
QTTask.exe 1760 Normal C:\Program Files\QuickTime\QTTask.exe
iTunesHelper.exe 5148 Normal C:\Program Files\iTunes\iTunesHelper.exe
HPWuSchd2.exe 5460 Normal C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
itype.exe 3600 Normal C:\Program Files\Microsoft IntelliType Pro\itype.exe
ipoint.exe 2800 Normal C:\Program Files\Microsoft IntelliPoint\ipoint.exe
UfSeAgnt.exe 5744 Normal C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
SpySweeperUI.exe 4184 Normal C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
LVComS.exe 1488 Normal C:\WINDOWS\system32\LVComS.exe
BackWeb-8876480.exe 4312 Normal C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
msmsgs.exe 5640 Normal C:\Program Files\Messenger\msmsgs.exe
SUPERAntiSpyware.exe 4716 Normal C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
ctfmon.exe 500 Normal C:\WINDOWS\system32\ctfmon.exe
hpqtra08.exe 4640 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
ymsgr_tray.exe 896 Normal C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
msn.exe 6080 Normal C:\Program Files\MSN\MSNCoreFiles\msn.exe
msnmsgr.exe 5828 Normal C:\Program Files\Windows Live\Messenger\msnmsgr.exe
wlcomm.exe 3316 Normal C:\Program Files\Windows Live\Contacts\wlcomm.exe
firefox.exe 3764 Normal C:\Program Files\Mozilla Firefox\firefox.exe
cmd.exe 3096 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 496 Normal C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\SpiderKill(2)\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(2520)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Browser UI Library
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
WININET.dll 63000000 937984 C:\WINDOWS\system32\WININET.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 1a400000 1224704 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) OLE32 Extensions for Win32
iertutil.dll 5dca0000 1986560 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Run time utility for Internet Explorer
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.3531 (xpsp_sp2_gdr.090226-1229) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
CtxMenu_1_0_0_10.dll 10000000 249856 C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll 1.0.0.10 CtxMenu DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
msxml3.dll 74980000 1130496 C:\WINDOWS\system32\msxml3.dll 8.100.1048.0 MSXML 3.0 SP10
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.2801 (xpsp.051122-1543) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_qfe.090622-1503) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
wmpband.dll 13420000 106496 C:\PROGRA~1\WINDOW~3\wmpband.dll 11.0.5721.5145 (WMP_11.061018-2006) Windows Media Player Deskband
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
ieframe.dll 1be0000 10981376 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2703 (xpsp.050620-1711) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 2aa0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.3494 (xpsp_sp2_gdr.081216-1254) Windows HTTP Services
cscui.dll 77a20000 344064 C:\WINDOWS\system32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\system32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
McciContextHook_DSR.dll 2f20000 225280 C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll 6,2,4,91 mcci+McciContextHook
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.3319 (xpsp_sp2_gdr.080222-1435) MSCTF Server DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
TempIadHide3.dll 1950000 24576 C:\DOCUME~1\yanette\LOCALS~1\TempIadHide3.dll Version 6.1.4 (Build 36R) IAdHide
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
odbcint.dll a80000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
Module information for 'Explorer.EXE'(4192)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Browser UI Library
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
WININET.dll 63000000 937984 C:\WINDOWS\system32\WININET.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 1a400000 1224704 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) OLE32 Extensions for Win32
iertutil.dll 5dca0000 1986560 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Run time utility for Internet Explorer
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.3531 (xpsp_sp2_gdr.090226-1229) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
CtxMenu_1_0_0_10.dll 10000000 249856 C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll 1.0.0.10 CtxMenu DLL
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
msxml3.dll 74980000 1130496 C:\WINDOWS\system32\msxml3.dll 8.100.1048.0 MSXML 3.0 SP10
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.2801 (xpsp.051122-1543) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_qfe.090622-1503) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
wmpband.dll 13420000 106496 C:\PROGRA~1\WINDOW~3\wmpband.dll 11.0.5721.5145 (WMP_11.061018-2006) Windows Media Player Deskband
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
ieframe.dll 1b80000 10981376 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2703 (xpsp.050620-1711) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 2a20000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 360448 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.3494 (xpsp_sp2_gdr.081216-1254) Windows HTTP Services
cscui.dll 77a20000 344064 C:\WINDOWS\system32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\system32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
McciContextHook_DSR.dll 2e50000 225280 C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll 6,2,4,91 mcci+McciContextHook
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
MSCTF.dll 74720000 307200 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.3319 (xpsp_sp2_gdr.080222-1435) MSCTF Server DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
TempIadHide3.dll 1950000 24576 C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\TempIadHide3.dll Version 6.1.4 (Build 36R) IAdHide
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
browselc.dll a80000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302) Microsoft GDI+
printui.dll 74b80000 573440 C:\WINDOWS\system32\printui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Print UI DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
SASSEH.DLL d00000 81920 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 1, 0, 0, 1012 ShellExecuteHook
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
msv1_0.dll 77c70000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.3592 (xpsp_sp2_qfe.090622-1503) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cryptography Manager
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
MSVCR80.dll 78130000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
PDFShell.dll 41f0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 8.1.0.0 PDF Shell Extension
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
SASCTXMN.DLL de0000 61440 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 1, 0, 0, 1004 SUPERAntiSpyware Context Menu Extension
YMMAPI.dll 64000000 294912 C:\Program Files\Yahoo!\Common\YMMAPI.dll 2005, 1, 1, 12 Yahoo! Mail
Tmdshell.dll 51400000 225280 C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll 17.50.0.1366 Tmdshell Dynamic Link Library
SfPx1732.dll 520b0000 65536 C:\Program Files\Trend Micro\Internet Security\SfPx1732.dll 17.50.0.1366 SfCtlCom Dynamic Link Library
SSCtxMnu.dll 3c40000 512000 C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll 6,1,0,128 Spy Sweeper Client Executable
mscoree.dll 79000000 286720 C:\WINDOWS\system32\mscoree.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Runtime Execution Engine
mscorwks.dll 79e70000 5832704 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Common Language Runtime - WorkStation
mscorlib.ni.dll 790c0000 11497472 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft Common Language Runtime Class Library
mscorsec.dll 27c0000 77824 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Security module
cryptnet.dll 75e60000 77824 C:\WINDOWS\system32\cryptnet.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto Network Related API
SOSClientApi.dll 11000000 40960 C:\Program Files\Webroot\Spy Sweeper\Backup\SOSClientApi.dll 4.3.17.3 SOS Client API
mscorjit.dll 79060000 372736 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Just-In-Time Compiler
SOSTools.dll 66e0000 131072 C:\Program Files\Webroot\Spy Sweeper\Backup\SOSTools.dll 4.3.17.3 SOS Online Backup
System.Xml.dll 637a0000 2064384 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll 2.0.50727.3082 (QFE.050727-3000) .NET Framework
System.ni.dll 7a440000 7884800 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll 2.0.50727.3053 (netfxsp.050727-3000) .NET Framework
mbamext.dll 69c0000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
AcroIEHelper.dll 6b40000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
asfsipc.dll 41f00000 28672 C:\WINDOWS\system32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\system32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Fri Oct 09, 2009 12:15 am

Waiting for a response

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Fri Oct 09, 2009 1:47 am

Hi

Sorry for the delay...

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Sat Oct 10, 2009 12:37 am

here is the logfile
Malwarebytes' Anti-Malware 1.41
Database version: 2933
Windows 5.1.2600 Service Pack 2

10/9/2009 5:37:19 PM
mbam-log-2009-10-09 (17-37-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 318021
Time elapsed: 1 hour(s), 33 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\yanette\My Documents\setup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Sat Oct 10, 2009 6:07 am

Hi

Please run the [You must be registered and logged in to see this link.]

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Tue Oct 13, 2009 4:19 am

Im currently not on my computer that has the problem but by tomorrow i will do this

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Tue Oct 13, 2009 4:59 am

I cant seem to find the program to download i have downloaded somehting but i have to remove it since its not that one.i have no clue what to download. a bit help please

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Tue Oct 13, 2009 8:10 am

F-Secure online scan is on the website, should be no need for download.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Tue Oct 13, 2009 7:26 pm

Scanning Report
Tuesday, October 13, 2009 10:46:37 - 12:22:40

Computer name: YOUR-DC3E0B8F38
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
13 malware found
TrackingCookie.2o7 (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

Rootkit.Kobcka.Patched (spyware)

* System (Disinfected)

Gen:Trojan.Heur.TDSS (spyware)

* System (Disinfected)

TrackingCookie.Admeta (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Statcounter (spyware)

* System (Disinfected)

Gen:Trojan.Heur.TDSS.cu4@i4JfvCfi (virus)

* C:\WINDOWS\SYSTEM32\BULAWASI.DLL (Renamed & Submitted)

Gen:Trojan.Heur.TDSS.cu4@i8ZXyeci (virus)

* C:\WINDOWS\SYSTEM32\VUSEHEHE.DLL (Renamed & Submitted)

Rootkit.Kobcka.Patched.Gen (virus)

* C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS (Disinfected & Submitted)

Rootkit.Kobcka.Patched.Gen (virus)

* C:\WINDOWS\SYSTEM32\DLLCACHE\AGP440.SYS (Not cleaned)

Backdoor.Generic.95440 (virus)

* C:\DOCUMENTS AND SETTINGS\YANETTE\APPLICATION DATA\MOVE NETWORKS\MOVEMEDIAPLAYER_07076007.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 79171
* System: 6420
* Not scanned: 14

Actions:

* Disinfected: 9
* Renamed: 3
* Deleted: 0
* Not cleaned: 1
* Submitted: 4

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\SSIEFR.EXE
* C:\WINDOWS\SYSTEM32\WRLZMA.DLL
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\E1BEF2599C4FCE43B281\MRTSTUB.EXE
* C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-DC3E0B8F38\LOCAL SETTINGS\TEMP\ETILQS_PU0CEA07HXMPGVP8LMBI
* C:\56DDBA25B9BA7096A70228325FF1F1\IEAKMMC.CHM
* C:\56DDBA25B9BA7096A70228325FF1F1\IEEULA.CHM
* C:\56DDBA25B9BA7096A70228325FF1F1\IESUPP.CHM
* C:\56DDBA25B9BA7096A70228325FF1F1\IEXPLORE.CHM

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Wed Oct 14, 2009 12:15 am

Backdoor.Generic.95440 (virus)

* C:\DOCUMENTS AND SETTINGS\YANETTE\APPLICATION DATA\MOVE NETWORKS\MOVEMEDIAPLAYER_07076007.EXE (Renamed & Submitted)
^^^ THIS is a false positive. It has been submitted already.

==========

Please download: [You must be registered and logged in to see this link.] to your Desktop.
  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile.
  • Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Wed Oct 14, 2009 12:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:39 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\fsonlinescanner.exe
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [6572362506] "C:\WINDOWS\system32\config\systemprofile\Application Data\6572362506\6572362506.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open in new background tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Open in new foreground tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: c:\windows\system32\dezunano.dll zewewegi.dll c:\windows\system32\lakumuso.dll c:\windows\system32\rurirovi.dll c:\windows\system32\doyapera.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: sizutudup - {af7ee5b3-3093-4f00-8f2b-4c6a94d75202} - (no file)
O21 - SSODL: magudirem - {74fccf3d-5f4f-4b60-a8b1-33c98d356660} - (no file)
O21 - SSODL: nuravujas - {d64885c3-952c-40d7-afc7-1beacf63613c} - (no file)
O21 - SSODL: nenudusus - {c8c00d52-8ae6-4857-b4d1-7dd6a8f7c042} - (no file)
O21 - SSODL: bugewisag - {70122716-1ed0-4871-9255-7aa2cd22c256} - (no file)
O21 - SSODL: zojurozog - {176fac2b-cd8e-4b7a-b607-056dd04dbf5e} - (no file)
O21 - SSODL: gefakezut - {848c4a4c-4a8d-404f-bfbf-65e335621c18} - (no file)
O21 - SSODL: kuvazumog - {3460ed8d-1a87-4a36-a339-162161b84438} - (no file)
O21 - SSODL: sipujizor - {4a6deb87-dfc5-4e86-89d9-1659260ac7a5} - (no file)
O21 - SSODL: vifijukis - {166faa1e-4182-45d6-b7df-96448ed90e7e} - (no file)
O21 - SSODL: vimuhemut - {c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)
O22 - SharedTaskScheduler: gahurihor - {af7ee5b3-3093-4f00-8f2b-4c6a94d75202} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {74fccf3d-5f4f-4b60-a8b1-33c98d356660} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {d64885c3-952c-40d7-afc7-1beacf63613c} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {c8c00d52-8ae6-4857-b4d1-7dd6a8f7c042} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {70122716-1ed0-4871-9255-7aa2cd22c256} - (no file)
O22 - SharedTaskScheduler: jugezatag - {176fac2b-cd8e-4b7a-b607-056dd04dbf5e} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {848c4a4c-4a8d-404f-bfbf-65e335621c18} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {3460ed8d-1a87-4a36-a339-162161b84438} - (no file)
O22 - SharedTaskScheduler: gahurihor - {4a6deb87-dfc5-4e86-89d9-1659260ac7a5} - (no file)
O22 - SharedTaskScheduler: gahurihor - {166faa1e-4182-45d6-b7df-96448ed90e7e} - (no file)
O22 - SharedTaskScheduler: gahurihor - {c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: F-Secure Installer restarter (FSIHS) - F-Secure Corp. - C:\DOCUME~1\yanette\LOCALS~1\Temp\Installer\00000003\bootstrap\fsihs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19161 bytes

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Wed Oct 14, 2009 12:55 am

Hi

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [6572362506] "C:\WINDOWS\system32\config\systemprofile\Application Data\6572362506\6572362506.exe"
O21 - SSODL: sizutudup - {af7ee5b3-3093-4f00-8f2b-4c6a94d75202} - (no file)
O21 - SSODL: magudirem - {74fccf3d-5f4f-4b60-a8b1-33c98d356660} - (no file)
O21 - SSODL: nuravujas - {d64885c3-952c-40d7-afc7-1beacf63613c} - (no file)
O21 - SSODL: nenudusus - {c8c00d52-8ae6-4857-b4d1-7dd6a8f7c042} - (no file)
O21 - SSODL: bugewisag - {70122716-1ed0-4871-9255-7aa2cd22c256} - (no file)
O21 - SSODL: zojurozog - {176fac2b-cd8e-4b7a-b607-056dd04dbf5e} - (no file)
O21 - SSODL: gefakezut - {848c4a4c-4a8d-404f-bfbf-65e335621c18} - (no file)
O21 - SSODL: kuvazumog - {3460ed8d-1a87-4a36-a339-162161b84438} - (no file)
O21 - SSODL: sipujizor - {4a6deb87-dfc5-4e86-89d9-1659260ac7a5} - (no file)
O21 - SSODL: vifijukis - {166faa1e-4182-45d6-b7df-96448ed90e7e} - (no file)
O21 - SSODL: vimuhemut - {c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)
O22 - SharedTaskScheduler: gahurihor - {af7ee5b3-3093-4f00-8f2b-4c6a94d75202} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {74fccf3d-5f4f-4b60-a8b1-33c98d356660} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {d64885c3-952c-40d7-afc7-1beacf63613c} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {c8c00d52-8ae6-4857-b4d1-7dd6a8f7c042} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {70122716-1ed0-4871-9255-7aa2cd22c256} - (no file)
O22 - SharedTaskScheduler: jugezatag - {176fac2b-cd8e-4b7a-b607-056dd04dbf5e} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {848c4a4c-4a8d-404f-bfbf-65e335621c18} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {3460ed8d-1a87-4a36-a339-162161b84438} - (no file)
O22 - SharedTaskScheduler: gahurihor - {4a6deb87-dfc5-4e86-89d9-1659260ac7a5} - (no file)
O22 - SharedTaskScheduler: gahurihor - {166faa1e-4182-45d6-b7df-96448ed90e7e} - (no file)
O22 - SharedTaskScheduler: gahurihor - {c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\WINDOWS\system32\config\systemprofile\Application Data\6572362506

Please reboot your computer, and post a new HijackThis log here in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Wed Oct 14, 2009 1:15 am

i have found the viewpoint media player and uninstalled it but i didn't find that folder it wasn't present on my computer. Here is my log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:15 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open in new background tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Open in new foreground tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: c:\windows\system32\dezunano.dll zewewegi.dll c:\windows\system32\lakumuso.dll c:\windows\system32\rurirovi.dll c:\windows\system32\doyapera.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: vimuhemut - {c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16612 bytes

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Wed Oct 14, 2009 3:07 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Thu Oct 15, 2009 8:08 pm

logfile for security check
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
OneCare Advisor (Windows Live Toolbar)
Trend Micro AntiVirus
Trend Micro AntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Spy Sweeper
Spy Sweeper Core
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Free Windows Registry Cleaner 2.0
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro BM TMBMSRV.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Thu Oct 15, 2009 8:39 pm

logfile for malwarebytes
Malwarebytes' Anti-Malware 1.41
Database version: 2933
Windows 5.1.2600 Service Pack 2

10/15/2009 1:32:25 PM
mbam-log-2009-10-15 (13-32-25).txt

Scan type: Quick Scan
Objects scanned: 170214
Time elapsed: 27 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Fri Oct 16, 2009 1:09 am

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
    programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Fri Oct 16, 2009 2:12 am

ComboFix 09-10-15.04 - Owner 10/15/2009 18:38.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1108 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.YOUR-DC3E0B8F38\My Documents\Backup.reg
c:\windows\system32\Drivers\xrvocxr.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-13 04:55 . 2009-10-13 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-10-13 04:50 . 2009-10-13 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-10-04 16:22 . 2009-10-05 00:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\6572362506
2009-09-30 04:21 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-30 04:21 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-25 23:28 . 2009-09-25 23:29 -------- d-----w- c:\program files\Free Windows Registry Cleaner
2009-09-24 17:25 . 2009-09-24 17:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-24 17:25 . 2009-09-24 17:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-09-23 17:24 . 2009-10-07 01:52 -------- d-----w- c:\windows\system32\Service
2009-09-19 02:21 . 2009-09-19 02:21 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Uniblue
2009-09-19 02:21 . 2009-09-19 02:21 -------- d-----w- c:\program files\Uniblue
2009-09-19 02:02 . 2009-09-19 02:06 -------- d-----w- c:\program files\RegCleaner
2009-09-19 00:49 . 2009-09-19 01:21 -------- d-----w- c:\program files\RegistryPatrol3.0
2009-09-16 02:12 . 2009-09-16 02:12 -------- d-----w- c:\program files\Citrix
2009-09-16 02:11 . 2009-09-16 02:11 60744 ----a-w- c:\documents and settings\yanette\g2mdlhlpx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 20:54 . 2006-12-09 20:51 28982 ----a-w- c:\windows\hpoins03.dat
2009-10-15 20:52 . 2007-01-18 00:58 -------- d-----w- c:\program files\Java
2009-10-15 05:49 . 2006-12-07 00:43 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\MSN6
2009-10-14 02:24 . 2006-12-07 00:37 -------- d-----w- c:\documents and settings\yanette\Application Data\MSN6
2009-10-13 19:22 . 2007-04-04 22:08 -------- d--h--w- c:\documents and settings\yanette\Application Data\Move Networks
2009-10-13 19:21 . 2006-06-21 09:33 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-10-11 18:52 . 2006-12-09 19:29 -------- d-----w- c:\documents and settings\Omar\Application Data\MSN6
2009-10-08 03:11 . 2006-12-06 01:00 -------- d-----w- c:\program files\verizon
2009-10-08 02:15 . 2007-01-07 06:16 4378 -c--a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2009-10-05 01:24 . 2009-03-07 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 19:12 . 2009-10-04 19:12 3512 ----a-w- c:\program files\mmzke.txt
2009-09-22 04:47 . 2008-11-06 05:11 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks
2009-09-10 21:54 . 2009-03-07 01:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-07 01:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 19:01 . 2006-12-04 01:04 -------- d-----w- c:\program files\Trend Micro
2009-09-10 18:53 . 2009-09-10 19:02 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-09-10 18:53 . 2009-09-10 19:02 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-09-10 18:53 . 2009-09-10 18:53 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-09-10 18:53 . 2009-09-10 18:53 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-09-10 18:53 . 2009-09-10 18:53 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-09-10 18:53 . 2009-09-10 18:53 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-09-10 18:53 . 2007-12-15 06:40 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-10 17:55 . 2007-12-15 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-09-04 18:13 . 2009-09-04 18:13 -------- d-----w- c:\documents and settings\yanette\Application Data\Southwest Airlines
2009-09-04 18:13 . 2009-09-04 18:13 -------- d-----w- c:\program files\Southwest Airlines
2009-09-04 18:12 . 2008-06-09 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-02 02:37 . 2006-06-19 04:25 62160 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 01:18 . 2008-12-25 20:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-30 23:38 . 2009-08-30 23:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-30 23:30 . 2009-08-30 23:29 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-08-30 23:28 . 2009-08-30 23:26 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-08-30 19:36 . 2006-08-09 16:12 -------- d-----w- c:\program files\Common Files\AOL
2009-08-30 17:29 . 2009-01-23 04:15 -------- d-----w- c:\program files\American Airlines DealFinder
2009-08-05 09:11 . 2006-06-17 09:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 12:23 . 2008-12-18 03:44 411368 ----a-w- c:\windows\system32\deploytk.dll
.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Fri Oct 16, 2009 2:12 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-23 16384]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-09-10 1020248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

c:\documents and settings\yanette\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\Lizette\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-2-23 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-12 15:02 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\verizon\\McciTrayApp.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 4:36 PM 55152]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/10/2009 11:53 AM 36368]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [5/25/2009 11:51 AM 1205760]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/10/2009 12:02 PM 50704]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/10/2009 12:03 PM 689416]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-10-13 c:\windows\Tasks\wrSpySweeper_L9FF30FE67AA3478A9320F832C5650F97.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]

2009-10-13 c:\windows\Tasks\wrSpySweeper_L9FF30FE67AA3478A9320F832C5650F97.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\documents and settings\yanette\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SSODL-vimuhemut-{c9f103d8-1a81-45a3-9b9a-473cbc71bc69} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-15 18:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,0b,14,b2,d1,94,cf,42,82,cb,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
@DACL=(02 0000)
@="{571715D7-3395-4DF0-B43C-784836209E60}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1400)
c:\docume~1\OWNER~1.YOU\LOCALS~1\TempIadHide3.dll
c:\program files\Common Files\Motive\McciContextHook_DSR.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Fri Oct 16, 2009 2:13 am

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\LVComS.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
.
**************************************************************************
.
Completion time: 2009-10-16 19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 02:10
ComboFix2.txt 2009-09-02 02:29

Pre-Run: 181,248,663,552 bytes free
Post-Run: 181,392,343,040 bytes free

Current=3 Default=3 Failed=6 LastKnownGood=7 Sets=1,2,3,4,5,6,7
285

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Fri Oct 16, 2009 7:14 am

Hi

I see you are running a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: [You must be registered and logged in to see this link.]

NEXT

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: [You must be registered and logged in to see this link.]

NEXT

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\Free Windows Registry Cleaner

    DirLook::
    c:\windows\system32\config\systemprofile\Application Data\6572362506
    c:\windows\system32\Service
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Sat Oct 17, 2009 12:16 am

ComboFix 09-10-16.06 - Owner 10/16/2009 17:08.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1216 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Free Windows Registry Cleaner
c:\program files\Free Windows Registry Cleaner\FreeWinRegCleaner.exe
c:\program files\Free Windows Registry Cleaner\HKCR.reg
c:\program files\Free Windows Registry Cleaner\unins000.dat
c:\program files\Free Windows Registry Cleaner\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-16 02:04 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-13 04:55 . 2009-10-13 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-10-13 04:50 . 2009-10-13 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-10-04 16:22 . 2009-10-05 00:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\6572362506
2009-09-30 04:21 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-30 04:21 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-24 17:25 . 2009-09-24 17:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-24 17:25 . 2009-09-24 17:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-09-23 17:24 . 2009-10-07 01:52 -------- d-----w- c:\windows\system32\Service
2009-09-19 02:21 . 2009-09-19 02:21 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Uniblue
2009-09-19 02:21 . 2009-09-19 02:21 -------- d-----w- c:\program files\Uniblue
2009-09-19 02:02 . 2009-09-19 02:06 -------- d-----w- c:\program files\RegCleaner
2009-09-19 00:49 . 2009-09-19 01:21 -------- d-----w- c:\program files\RegistryPatrol3.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 23:49 . 2006-12-09 20:51 28982 ----a-w- c:\windows\hpoins03.dat
2009-10-16 04:59 . 2006-12-07 00:43 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\MSN6
2009-10-15 20:52 . 2007-01-18 00:58 -------- d-----w- c:\program files\Java
2009-10-14 02:24 . 2006-12-07 00:37 -------- d-----w- c:\documents and settings\yanette\Application Data\MSN6
2009-10-13 19:22 . 2007-04-04 22:08 -------- d--h--w- c:\documents and settings\yanette\Application Data\Move Networks
2009-10-13 19:21 . 2006-06-21 09:33 42368 ------w- c:\windows\system32\drivers\AGP440.SYS
2009-10-11 18:52 . 2006-12-09 19:29 -------- d-----w- c:\documents and settings\Omar\Application Data\MSN6
2009-10-08 03:11 . 2006-12-06 01:00 -------- d-----w- c:\program files\verizon
2009-10-08 02:15 . 2007-01-07 06:16 4378 -c--a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2009-10-05 01:24 . 2009-03-07 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 19:12 . 2009-10-04 19:12 3512 ----a-w- c:\program files\mmzke.txt
2009-09-22 04:47 . 2008-11-06 05:11 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks
2009-09-16 02:12 . 2009-09-16 02:12 -------- d-----w- c:\program files\Citrix
2009-09-16 02:11 . 2009-09-16 02:11 60744 ----a-w- c:\documents and settings\yanette\g2mdlhlpx.exe
2009-09-11 14:03 . 2006-06-17 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:54 . 2009-03-07 01:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-07 01:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 19:01 . 2006-12-04 01:04 -------- d-----w- c:\program files\Trend Micro
2009-09-10 18:53 . 2009-09-10 19:02 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-09-10 18:53 . 2009-09-10 19:02 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-09-10 18:53 . 2009-09-10 18:53 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-09-10 18:53 . 2009-09-10 18:53 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-09-10 18:53 . 2009-09-10 18:53 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-09-10 18:53 . 2009-09-10 18:53 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-09-10 18:53 . 2007-12-15 06:40 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-10 17:55 . 2007-12-15 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-09-04 20:45 . 2006-06-17 09:23 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 18:13 . 2009-09-04 18:13 -------- d-----w- c:\documents and settings\yanette\Application Data\Southwest Airlines
2009-09-04 18:13 . 2009-09-04 18:13 -------- d-----w- c:\program files\Southwest Airlines
2009-09-04 18:12 . 2008-06-09 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-02 02:37 . 2006-06-19 04:25 62160 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 01:18 . 2008-12-25 20:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-30 23:38 . 2009-08-30 23:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-30 23:30 . 2009-08-30 23:29 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-08-30 23:28 . 2009-08-30 23:26 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-08-30 19:36 . 2006-08-09 16:12 -------- d-----w- c:\program files\Common Files\AOL
2009-08-30 17:29 . 2009-01-23 04:15 -------- d-----w- c:\program files\American Airlines DealFinder
2009-08-26 08:16 . 2006-06-17 09:24 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:11 . 2006-06-17 09:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2006-06-17 09:23 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-04 05:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 12:23 . 2008-12-18 03:44 411368 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\config\systemprofile\Application Data\6572362506 ----

2009-10-04 16:22 . 2009-10-04 16:22 302 ----a-w- c:\windows\system32\config\systemprofile\Application Data\6572362506\6572362506.bat
2009-10-04 16:22 . 2009-10-04 16:22 1689 ----a-w- c:\windows\system32\config\systemprofile\Application Data\6572362506\6572362506.cfg

---- Directory of c:\windows\system32\Service ----

2009-10-07 01:52 . 2009-10-07 01:52 928 ----a-w- c:\windows\system32\Service\06102009_TIS17_SfFniAU.log
2009-09-23 17:24 . 2009-09-23 17:24 928 ----a-w- c:\windows\system32\Service\23092009_TIS17_SfFniAU.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-23 16384]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-09-10 1020248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

c:\documents and settings\yanette\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by laguera16 on Sat Oct 17, 2009 12:16 am

c:\documents and settings\Lizette\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-2-23 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-12 15:02 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\verizon\\McciTrayApp.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 4:36 PM 55152]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/10/2009 11:53 AM 36368]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [5/25/2009 11:51 AM 1205760]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/10/2009 12:02 PM 50704]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/10/2009 12:03 PM 689416]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHSCHED

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\documents and settings\yanette\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-{40C1F0EE-FDF7-4974-9761-169D7BA738DE}_is1 - c:\program files\Free Windows Registry Cleaner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-16 17:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,0b,14,b2,d1,94,cf,42,82,cb,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
@DACL=(02 0000)
@="{571715D7-3395-4DF0-B43C-784836209E60}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-10-17 17:14
ComboFix-quarantined-files.txt 2009-10-17 00:14
ComboFix2.txt 2009-10-17 00:01
ComboFix3.txt 2009-10-16 02:10
ComboFix4.txt 2009-09-02 02:29

Pre-Run: 180,818,501,632 bytes free
Post-Run: 180,663,345,152 bytes free

Current=3 Default=3 Failed=6 LastKnownGood=7 Sets=1,2,3,4,5,6,7
263 --- E O F --- 2009-10-16 05:49

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28659
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Log for spider kill

Post by Dr Jay on Sat Oct 17, 2009 1:30 am

Hopefully one last malware scan...

Please run [You must be registered and logged in to see this link.] online scan.

  • Click Scan now.
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13719
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302143
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum