WinSpywareProtect

View previous topic View next topic Go down

Re: WinSpywareProtect

Post by Paperhouse on Mon Apr 13, 2009 10:13 pm

ComboFix 09-04-13.03 - HP_Owner 2009-04-13 14:56.12 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.299 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt.lnk
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-14 03:03 . 2009-04-13 10:09 0 ----a-w c:\windows\Ttufesepefoqesod.bin
2009-04-14 03:03 . 2009-04-13 20:23 408 ----a-w c:\windows\Opitecer.dat
2009-04-13 21:55 . 2006-03-03 07:42 73728 ----a-w C:\pv.exe
2009-04-09 11:54 . 2009-04-09 11:54 -------- d-----w c:\documents and settings\HP_Owner\Application Data\rbizaono
2009-04-09 11:24 . 2009-04-09 11:24 -------- d-----w c:\documents and settings\NetworkService\Application Data\rbizaono
2009-04-09 08:15 . 2009-04-09 08:15 -------- d-----w c:\program files\SoulseekNS
2009-04-08 01:39 . 2009-04-08 01:45 -------- d-----w c:\documents and settings\HP_Owner\uspy
2009-04-08 01:38 . 2009-04-10 01:36 -------- d-----w c:\program files\Between the Worlds
2009-04-06 06:05 . 2009-03-26 23:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 06:05 . 2009-03-26 23:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 06:05 . 2009-04-06 06:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 03:13 . 2009-04-06 03:13 -------- d-----w c:\documents and settings\All Users\Application Data\Black Blob Studios
2009-04-06 00:07 . 2009-04-06 00:07 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Deckadance
2009-04-05 09:41 . 2009-04-09 10:06 -------- d-----w c:\program files\VstPlugins
2009-04-05 09:41 . 2006-06-20 08:56 225280 ----a-w c:\windows\system32\rewire.dll
2009-04-05 09:40 . 2002-07-07 22:14 1294336 ----a-w c:\windows\system32\vorbis.acm
2009-04-05 09:40 . 2009-04-05 09:40 -------- d-----w c:\program files\Outsim
2009-04-05 09:36 . 2009-04-09 10:24 -------- d-----w c:\program files\Image-Line
2009-04-02 09:55 . 2009-04-02 09:56 -------- d-----w c:\program files\support.com
2009-04-02 09:55 . 2009-04-02 09:55 -------- d-----w c:\program files\Common Files\SupportSoft
2009-04-01 01:01 . 2009-04-03 03:34 -------- d-----w c:\program files\Echo - Secret of the Lost Cavern
2009-03-30 19:50 . 2009-03-30 19:50 -------- d-----w c:\program files\Foxit Software
2009-03-30 19:50 . 2009-03-30 19:50 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Foxit
2009-03-29 08:50 . 2009-03-29 09:23 -------- d-----w c:\program files\Flip Words 2
2009-03-29 01:17 . 2009-03-29 01:17 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Pogo Games
2009-03-28 04:14 . 2009-03-28 04:14 -------- d-----w c:\program files\ReflexiveArcade
2009-03-28 00:57 . 2009-03-28 00:57 -------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2009-03-25 07:56 . 2009-03-25 11:03 -------- d-----w c:\program files\MSN Games
2009-03-25 07:56 . 2009-03-25 07:56 -------- d-----w c:\program files\Oberon Media
2009-03-25 06:54 . 2009-03-25 06:54 -------- d-----w c:\documents and settings\All Users\Application Data\Shockwave
2009-03-25 04:04 . 2009-03-25 04:04 -------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-03-25 01:22 . 2009-03-25 01:22 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Dreamsdwell Stories
2009-03-23 20:00 . 2009-03-23 20:08 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Nero
2009-03-23 08:48 . 2009-03-23 08:48 4767 ----a-w c:\windows\Irremote.ini
2009-03-23 08:43 . 2009-03-23 08:43 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 08:11 . 2009-03-23 08:46 -------- d-----w c:\program files\Nero
2009-03-23 08:10 . 2009-03-23 08:30 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-23 08:10 . 2009-03-23 09:13 -------- d-----w c:\program files\Common Files\Nero
2009-03-22 05:50 . 2009-03-22 07:49 -------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2009-03-21 20:25 . 2009-03-21 20:31 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Burdaloo
2009-03-18 02:03 . 2009-03-21 03:55 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Lost in the City
2009-03-14 22:57 . 2009-03-14 22:57 -------- d-----w c:\documents and settings\HP_Owner\Saved Games
2009-03-14 22:57 . 2009-03-14 22:57 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Flood Light Games
2009-03-14 22:57 . 2009-03-14 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 19:01 . 2004-08-12 02:36 -------- d-----w c:\program files\Java
2009-04-10 01:36 . 2008-12-09 01:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 06:58 . 2008-08-30 02:53 34 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-04-06 06:32 . 2009-03-01 00:05 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 02:58 . 2008-12-09 01:18 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-04 13:06 . 2009-04-03 01:02 0 ----a-w C:\look.txt
2009-04-03 01:03 . 2009-04-03 01:03 966 ----a-w C:\look1.txt
2009-04-01 10:13 . 2009-03-02 10:21 -------- d-----w c:\program files\Trend Micro
2009-03-28 11:48 . 2004-08-12 03:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 08:52 . 2008-10-11 16:01 -------- d-----w c:\program files\MySpace
2009-03-25 01:11 . 2008-12-09 01:29 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PlayFirst
2009-03-25 01:11 . 2008-12-09 01:29 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-03-23 08:33 . 2008-10-25 18:02 -------- d-----w c:\program files\WarRock
2009-03-19 08:49 . 2008-10-05 22:01 -------- d-----w c:\program files\Diablo II
2009-03-16 04:13 . 2008-07-26 03:28 -------- d--h--w c:\documents and settings\HP_Owner\Application Data\ijjigame
2009-03-12 14:22 . 2009-02-03 23:01 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-12 14:22 . 2009-02-03 23:01 -------- d-----w c:\program files\NOS
2009-03-12 12:48 . 2004-12-31 21:04 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 02:43 . 2009-03-11 02:43 -------- d-----w c:\documents and settings\HP_Owner\Application Data\SerpentOfIsis
2009-03-10 02:39 . 2009-03-10 02:39 -------- d-----w c:\documents and settings\HP_Owner\Application Data\ZEMNOTT
2009-03-10 02:39 . 2009-03-10 02:39 -------- d-----w c:\documents and settings\All Users\Application Data\ZEMNOTT
2009-03-09 12:19 . 2008-12-22 15:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-05 04:14 . 2009-03-05 04:14 -------- d-----w c:\documents and settings\HP_Owner\Application Data\BrandX Games
2009-03-04 21:34 . 2009-03-02 03:41 -------- d-----w c:\program files\Lavasoft
2009-03-04 21:34 . 2009-03-02 03:41 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-04 15:10 . 2009-03-02 05:02 2742 ----a-w C:\aaw7boot.log
2009-03-03 06:35 . 2004-08-12 03:52 -------- d-----w c:\program files\Common Files\Real
2009-03-03 06:16 . 2009-03-03 01:22 -------- d-----w c:\program files\Google
2009-03-03 01:26 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-02 04:40 . 2009-03-01 00:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-01 01:20 . 2008-10-17 00:17 -------- d-----w c:\program files\SpacialAudio
2009-03-01 00:59 . 2009-03-01 00:59 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-01 00:43 . 2009-03-01 00:43 -------- d-----w c:\program files\UBISOFT
2009-02-26 03:45 . 2009-02-13 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2009-02-25 03:28 . 2008-12-12 03:06 -------- d-----w c:\program files\Mystery Case Files - Return to Ravenhearst
2009-02-19 02:01 . 2009-02-19 02:01 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Dragon Altar Games
2009-02-18 19:30 . 2004-08-12 04:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-13 07:13 . 2009-02-13 07:13 -------- d-----w c:\program files\AviSynth 2.5
2009-02-13 07:13 . 2009-02-13 07:13 -------- d-----w c:\program files\Red Kawa
2009-02-13 03:29 . 2009-02-13 03:24 -------- d-----w c:\program files\Art of Murder - FBI Confidential
2009-02-09 11:13 . 2004-09-20 02:21 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-24 11:30 . 2009-01-24 11:30 2560 ----a-w c:\windows\_MSRSTRT.EXE
2005-12-16 16:11 . 2005-12-16 16:11 996968 ----a-w c:\program files\aolsetup.exe
.

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Paperhouse on Mon Apr 13, 2009 10:14 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 22:03 . 2009-04-13 22:03 16384 c:\windows\temp\Perflib_Perfdata_5e4.dat
+ 2004-09-20 02:21 . 2008-04-14 00:12 156160 c:\windows\uqifukinemeroko.dll
+ 2009-04-13 22:01 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-13 19:16 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\hp\drivers\keyboard\PS2.EXE" [2002-10-16 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Lpecelehizuqazaq"="c:\windows\uqifukinemeroko.dll" [2008-04-13 156160]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli wnprt580.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 16:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2003-12-17 23:31 118784 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R2 gupdate1c99b9e8f903320;Google Update Service (gupdate1c99b9e8f903320);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R3 BCM42U;USB HPNA 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\BCM42U.SYS [2001-08-17 66557]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\RTL8180.SYS [2004-03-18 185216]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]

.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rwwrgi5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-13 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(580)
c:\windows\wnprt580.dll

- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\wnprt580.dll
c:\windows\uqifukinemeroko.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-13 15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 22:09
ComboFix2.txt 2009-04-13 13:57
ComboFix3.txt 2009-04-14 02:52
ComboFix4.txt 2009-04-13 19:25

Pre-Run: 13,463,724,032 bytes free
Post-Run: 13,448,646,656 bytes free

242 --- E O F --- 2009-04-07 11:16

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Belahzur on Mon Apr 13, 2009 10:19 pm

Hello.
It didn't work right that time because you made a .ink extension, it was a shortcut to a file and not the actual .txt file:

CFScript.txt.lnk

It needs to be named CFScript.txt without the .ink.

Re-run the script in this post:
[You must be registered and logged in to see this link.]

Make sure it's a proper text file this time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Paperhouse on Mon Apr 13, 2009 11:07 pm

ComboFix 09-04-13.03 - HP_Owner 2009-04-13 15:51.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.234 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\Opitecer.dat
c:\windows\Ttufesepefoqesod.bin
c:\windows\uqifukinemeroko.dll
c:\windows\wnprt580.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Opitecer.dat
c:\windows\Ttufesepefoqesod.bin
c:\windows\uqifukinemeroko.dll
c:\windows\wnprt580.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-09 11:54 . 2009-04-09 11:54 -------- d-----w c:\documents and settings\HP_Owner\Application Data\rbizaono
2009-04-09 11:24 . 2009-04-09 11:24 -------- d-----w c:\documents and settings\NetworkService\Application Data\rbizaono
2009-04-09 08:15 . 2009-04-09 08:15 -------- d-----w c:\program files\SoulseekNS
2009-04-08 01:39 . 2009-04-08 01:45 -------- d-----w c:\documents and settings\HP_Owner\uspy
2009-04-08 01:38 . 2009-04-10 01:36 -------- d-----w c:\program files\Between the Worlds
2009-04-06 06:05 . 2009-03-26 23:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 06:05 . 2009-03-26 23:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 06:05 . 2009-04-06 06:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 03:13 . 2009-04-06 03:13 -------- d-----w c:\documents and settings\All Users\Application Data\Black Blob Studios
2009-04-06 00:07 . 2009-04-06 00:07 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Deckadance
2009-04-05 09:41 . 2009-04-09 10:06 -------- d-----w c:\program files\VstPlugins
2009-04-05 09:41 . 2006-06-20 08:56 225280 ----a-w c:\windows\system32\rewire.dll
2009-04-05 09:40 . 2002-07-07 22:14 1294336 ----a-w c:\windows\system32\vorbis.acm
2009-04-05 09:40 . 2009-04-05 09:40 -------- d-----w c:\program files\Outsim
2009-04-05 09:36 . 2009-04-09 10:24 -------- d-----w c:\program files\Image-Line
2009-04-02 09:55 . 2009-04-02 09:56 -------- d-----w c:\program files\support.com
2009-04-02 09:55 . 2009-04-02 09:55 -------- d-----w c:\program files\Common Files\SupportSoft
2009-04-01 01:01 . 2009-04-03 03:34 -------- d-----w c:\program files\Echo - Secret of the Lost Cavern
2009-03-30 19:50 . 2009-03-30 19:50 -------- d-----w c:\program files\Foxit Software
2009-03-30 19:50 . 2009-03-30 19:50 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Foxit
2009-03-29 08:50 . 2009-03-29 09:23 -------- d-----w c:\program files\Flip Words 2
2009-03-29 01:17 . 2009-03-29 01:17 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Pogo Games
2009-03-28 04:14 . 2009-03-28 04:14 -------- d-----w c:\program files\ReflexiveArcade
2009-03-28 00:57 . 2009-03-28 00:57 -------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2009-03-25 07:56 . 2009-03-25 11:03 -------- d-----w c:\program files\MSN Games
2009-03-25 07:56 . 2009-03-25 07:56 -------- d-----w c:\program files\Oberon Media
2009-03-25 06:54 . 2009-03-25 06:54 -------- d-----w c:\documents and settings\All Users\Application Data\Shockwave
2009-03-25 04:04 . 2009-03-25 04:04 -------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-03-25 01:22 . 2009-03-25 01:22 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Dreamsdwell Stories
2009-03-23 20:00 . 2009-03-23 20:08 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Nero
2009-03-23 08:48 . 2009-03-23 08:48 4767 ----a-w c:\windows\Irremote.ini
2009-03-23 08:43 . 2009-03-23 08:43 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 08:11 . 2009-03-23 08:46 -------- d-----w c:\program files\Nero
2009-03-23 08:10 . 2009-03-23 08:30 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-23 08:10 . 2009-03-23 09:13 -------- d-----w c:\program files\Common Files\Nero
2009-03-22 05:50 . 2009-03-22 07:49 -------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2009-03-21 20:25 . 2009-03-21 20:31 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Burdaloo
2009-03-18 02:03 . 2009-03-21 03:55 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Lost in the City

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 19:01 . 2004-08-12 02:36 -------- d-----w c:\program files\Java
2009-04-10 01:36 . 2008-12-09 01:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 06:58 . 2008-08-30 02:53 34 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-04-06 06:32 . 2009-03-01 00:05 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 02:58 . 2008-12-09 01:18 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-04 13:06 . 2009-04-03 01:02 0 ----a-w C:\look.txt
2009-04-03 01:03 . 2009-04-03 01:03 966 ----a-w C:\look1.txt
2009-04-01 10:13 . 2009-03-02 10:21 -------- d-----w c:\program files\Trend Micro
2009-03-28 11:48 . 2004-08-12 03:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 08:52 . 2008-10-11 16:01 -------- d-----w c:\program files\MySpace
2009-03-25 01:11 . 2008-12-09 01:29 -------- d-----w c:\documents and settings\HP_Owner\Application Data\PlayFirst
2009-03-25 01:11 . 2008-12-09 01:29 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-03-23 08:33 . 2008-10-25 18:02 -------- d-----w c:\program files\WarRock
2009-03-19 08:49 . 2008-10-05 22:01 -------- d-----w c:\program files\Diablo II
2009-03-16 04:13 . 2008-07-26 03:28 -------- d--h--w c:\documents and settings\HP_Owner\Application Data\ijjigame
2009-03-14 22:57 . 2009-03-14 22:57 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Flood Light Games
2009-03-14 22:57 . 2009-03-14 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2009-03-12 14:22 . 2009-02-03 23:01 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-12 14:22 . 2009-02-03 23:01 -------- d-----w c:\program files\NOS
2009-03-12 12:48 . 2004-12-31 21:04 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 02:43 . 2009-03-11 02:43 -------- d-----w c:\documents and settings\HP_Owner\Application Data\SerpentOfIsis
2009-03-10 02:39 . 2009-03-10 02:39 -------- d-----w c:\documents and settings\HP_Owner\Application Data\ZEMNOTT
2009-03-10 02:39 . 2009-03-10 02:39 -------- d-----w c:\documents and settings\All Users\Application Data\ZEMNOTT
2009-03-09 12:19 . 2008-12-22 15:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-05 04:14 . 2009-03-05 04:14 -------- d-----w c:\documents and settings\HP_Owner\Application Data\BrandX Games
2009-03-04 21:34 . 2009-03-02 03:41 -------- d-----w c:\program files\Lavasoft
2009-03-04 21:34 . 2009-03-02 03:41 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-04 15:10 . 2009-03-02 05:02 2742 ----a-w C:\aaw7boot.log
2009-03-03 06:35 . 2004-08-12 03:52 -------- d-----w c:\program files\Common Files\Real
2009-03-03 06:16 . 2009-03-03 01:22 -------- d-----w c:\program files\Google
2009-03-03 01:26 . 2003-08-13 01:17 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-02 04:40 . 2009-03-01 00:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-01 01:20 . 2008-10-17 00:17 -------- d-----w c:\program files\SpacialAudio
2009-03-01 00:59 . 2009-03-01 00:59 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-01 00:43 . 2009-03-01 00:43 -------- d-----w c:\program files\UBISOFT
2009-02-26 03:45 . 2009-02-13 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2009-02-25 03:28 . 2008-12-12 03:06 -------- d-----w c:\program files\Mystery Case Files - Return to Ravenhearst
2009-02-19 02:01 . 2009-02-19 02:01 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Dragon Altar Games
2009-02-18 19:30 . 2004-08-12 04:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-13 07:13 . 2009-02-13 07:13 -------- d-----w c:\program files\AviSynth 2.5
2009-02-13 07:13 . 2009-02-13 07:13 -------- d-----w c:\program files\Red Kawa
2009-02-13 03:29 . 2009-02-13 03:24 -------- d-----w c:\program files\Art of Murder - FBI Confidential
2009-02-09 11:13 . 2004-09-20 02:21 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-24 11:30 . 2009-01-24 11:30 2560 ----a-w c:\windows\_MSRSTRT.EXE
2005-12-16 16:11 . 2005-12-16 16:11 996968 ----a-w c:\program files\aolsetup.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\HP_Owner\Application Data\rbizaono ----

2009-04-09 04:56 65536 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\cert8.db
2009-04-09 04:56 2048 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\cookies.sqlite
2009-04-09 04:55 8651 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\pluginreg.dat
2009-04-09 04:55 569 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\localstore.rdf
2009-04-09 04:55 4096 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\formhistory.sqlite
2009-04-09 04:55 367 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\prefs.js
2009-04-09 04:55 2048 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\webappsstore.sqlite
2009-04-09 04:55 2048 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\permissions.sqlite
2009-04-09 04:55 16384 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\secmod.db
2009-04-09 04:55 16384 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\key3.db
2009-04-09 04:55 131072 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\places.sqlite
2009-04-09 04:55 127820 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\compreg.dat
2009-04-09 04:55 0 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\places.sqlite-journal
2009-04-09 04:54 96173 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\xpti.dat
2009-04-09 04:54 207 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\Profiles\gms08uuz.default\compatibility.ini
2009-04-09 04:54 111 --a------ c:\documents and settings\HP_Owner\Application Data\rbizaono\profiles.ini

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Paperhouse on Mon Apr 13, 2009 11:07 pm

---- Directory of c:\documents and settings\NetworkService\Application Data\rbizaono ----

2009-04-09 04:43 698 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\prefs.js
2009-04-09 04:43 65536 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\cert8.db
2009-04-09 04:43 2048 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\cookies.sqlite
2009-04-09 04:43 16384 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\key3.db
2009-04-09 04:43 131072 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\places.sqlite
2009-04-09 04:25 569 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\localstore.rdf
2009-04-09 04:24 96173 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\xpti.dat
2009-04-09 04:24 8651 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\pluginreg.dat
2009-04-09 04:24 4096 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\formhistory.sqlite
2009-04-09 04:24 207 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\compatibility.ini
2009-04-09 04:24 2048 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\webappsstore.sqlite
2009-04-09 04:24 2048 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\permissions.sqlite
2009-04-09 04:24 16384 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\secmod.db
2009-04-09 04:24 127820 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\Profiles\0naozty3.default\compreg.dat
2009-04-09 04:24 111 --a------ c:\documents and settings\NetworkService\Application Data\rbizaono\profiles.ini


((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 22:57 . 2009-04-13 22:57 16384 c:\windows\temp\Perflib_Perfdata_5e4.dat
+ 2009-04-13 22:55 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-13 19:16 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\hp\drivers\keyboard\PS2.EXE" [2002-10-16 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-04 235936]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 16:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2003-12-17 23:31 118784 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R2 gupdate1c99b9e8f903320;Google Update Service (gupdate1c99b9e8f903320);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R3 BCM42U;USB HPNA 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\BCM42U.SYS [2001-08-17 66557]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\RTL8180.SYS [2004-03-18 185216]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]

.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\6rwwrgi5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-13 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-13 16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 23:03
ComboFix2.txt 2009-04-13 22:09
ComboFix3.txt 2009-04-13 13:57
ComboFix4.txt 2009-04-14 02:52
ComboFix5.txt 2009-04-13 22:51

Pre-Run: 13,435,412,480 bytes free
Post-Run: 13,419,974,656 bytes free

277 --- E O F --- 2009-04-07 11:16

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Belahzur on Mon Apr 13, 2009 11:43 pm

Hello.

Finally, it's gone.
Stupid file hooking itself into lsass.exe.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.
==============

Please run Gooredfix option 2 now. Smile
Post the new Gooredfix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Paperhouse on Tue Apr 14, 2009 1:30 am

GooredFix v1.92 by jpshortstuff
Log created at 18:30 on 13/04/2009 running Option #2 (HP_Owner)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3851221E-BE15-430A-9639-1C051BAAA5F9}"="C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{3851221E-BE15-430A-9639-1C051BAAA5F9}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{3851221E-BE15-430A-9639-1C051BAAA5F9}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Belahzur on Tue Apr 14, 2009 4:08 pm

Hello.
How is it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Paperhouse on Tue Apr 14, 2009 6:51 pm

Perfect.

Paperhouse
Intermediate
Intermediate

Posts Posts : 142
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : Windows 10 Home
Protection Protection : Advanced SystemCare Pro
Points Points : 29477
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinSpywareProtect

Post by Belahzur on Tue Apr 14, 2009 6:59 pm

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
note the space between " /
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum