Jump to content


yiren1

Member Since 25 Sep 2008
Offline Last Active Nov 14 2011 05:43 AM

Posts I've Made

In Topic: Pls Help!! Suspect Malware attacks

23 February 2011 - 11:40 PM

Thanks alot, lance_yien for the information that you had given..

*Is there any alternative software for it? Glary Utilities or?

In Topic: Pls Help!! Suspect Malware attacks

23 February 2011 - 03:28 AM

Had follow all the things you had told me to do.. Yes, it run normal now.. Can i ask why is it not safe to have "IObit-Advanced SystemCare 3" installed? Is there any alternative software for it? Glary Utilities or?

In Topic: Pls Help!! Suspect Malware attacks

23 February 2011 - 01:15 AM

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/20/2011 at 02:43 PM

Application Version : 4.48.1000

Core Rules Database Version : 6435
Trace Rules Database Version: 4247

Scan type : Complete Scan
Total Scan Time : 01:25:07

Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 10733
Registry threats detected : 1
File items scanned : 138281
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Yiren\AppData\Roaming\Microsoft\Windows\Cookies\yiren@statcounter[1].txt

Disabled.FolderOption
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL#CHECKEDVALUE



DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Yiren at 14:13:12.57 on Wed 23/02/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.2046.1482 [GMT 8:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Yiren\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.sg.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.sg.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\yiren\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 74.208.10.249 gs.apple.com

============= SERVICES / DRIVERS ===============

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2010-11-20 5504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-19 294608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade live\acer playmovie\000.fcl [2010-11-19 39408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-19 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-19 51280]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-13 208896]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-20 21504]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-19 5376]
S3 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-10 269448]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-4-7 39896]
S3 IntelDHSvcConf;IntelDHSvcConf;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2007-4-7 36312]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-4-7 158168]
S3 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-4-7 313816]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-4-7 272856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-23 05:59:33 -------- d-----w- c:\users\yiren\appdata\local\temp
2011-02-23 05:58:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-23 05:46:45 98816 ----a-w- c:\windows\sed.exe
2011-02-23 05:46:45 89088 ----a-w- c:\windows\MBR.exe
2011-02-23 05:46:45 256512 ----a-w- c:\windows\PEV.exe
2011-02-23 05:46:45 161792 ----a-w- c:\windows\SWREG.exe
2011-02-20 09:21:48 -------- d-----w- c:\program files\common files\ATI Technologies
2011-02-20 07:10:34 -------- d-----w- c:\program files\common files\Symantec Shared
2011-02-20 07:02:45 -------- d-----w- c:\progra~2\Symantec
2011-02-20 07:02:41 -------- d-----w- c:\progra~2\Norton
2011-02-20 07:02:40 -------- d-----w- c:\progra~2\NortonInstaller
2011-02-19 07:49:38 -------- d-----w- c:\program files\Aiseesoft Studio
2011-02-19 07:49:38 -------- d-----w- c:\progra~2\Aiseesoft Total Media Converter
2011-02-18 17:37:26 -------- d-----w- c:\users\yiren\appdata\roaming\SUPERAntiSpyware.com
2011-02-18 17:37:26 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-18 17:37:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-18 17:32:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 16:45:56 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8321c947-55a3-4d4e-bac2-646b5b4769ce}\mpengine.dll
2011-02-14 05:30:47 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-02-14 05:30:46 729088 ----a-w- c:\windows\system32\Ati2evxx.exe
2011-02-14 05:30:46 348160 ----a-w- c:\windows\system32\atipdlxx.dll
2011-02-14 05:30:46 286720 ----a-w- c:\windows\system32\Ati2evxx.dll
2011-02-14 05:30:44 4905472 ----a-w- c:\windows\system32\atiumdva.dll
2011-02-14 05:30:44 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-02-14 05:30:43 3903488 ----a-w- c:\windows\system32\atiumdag.dll
2011-02-13 11:28:48 -------- d-----w- c:\program files\iPod
2011-02-09 18:11:05 -------- d-----w- c:\users\yiren\appdata\local\Jaksta_Technologies_Pty_L
2011-02-09 18:08:53 -------- d-----w- c:\users\yiren\appdata\roaming\Replay Media Catcher 4
2011-02-09 18:08:28 -------- d-----w- c:\program files\Applian Technologies
2011-02-09 09:38:07 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 09:37:41 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 09:37:41 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 09:37:39 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 09:37:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-09 09:33:59 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-02-09 09:33:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-09 09:33:57 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-02-09 09:31:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 09:31:04 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 06:50:21 -------- d-----w- C:\BlackShot

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-12 03:27:59 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 14:23:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 09:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 14:14:03.90 ===============

In Topic: Pls Help!! Suspect Malware attacks

23 February 2011 - 01:12 AM

Hi lance_yien, thanks for the help! For your info, i had uninstalled some of the programs while waiting for reply..

Here's the log file that you had requested..

ComboFix's Logfile:

ComboFix 11-02-22.03 - Yiren 23/02/2011 13:48:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.2046.1123 [GMT 8:00]
Running from: c:\users\Yiren\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-20 09:21 . 2011-02-20 09:21 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-02-20 07:10 . 2011-02-20 07:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-02-20 07:02 . 2011-02-20 09:35 -------- d-----w- c:\programdata\Symantec
2011-02-20 07:02 . 2011-02-20 09:35 -------- d-----w- c:\programdata\Norton
2011-02-19 07:49 . 2011-02-19 07:49 -------- d-----w- c:\programdata\Aiseesoft Total Media Converter
2011-02-19 07:49 . 2011-02-19 07:49 -------- d-----w- c:\program files\Aiseesoft Studio
2011-02-18 17:37 . 2011-02-18 17:37 -------- d-----w- c:\users\Yiren\AppData\Roaming\SUPERAntiSpyware.com
2011-02-18 17:37 . 2011-02-18 17:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-18 17:37 . 2011-02-18 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-18 17:32 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 16:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8321C947-55A3-4D4E-BAC2-646B5B4769CE}\mpengine.dll
2011-02-14 05:30 . 2009-02-03 21:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-02-14 05:30 . 2009-02-03 21:00 348160 ----a-w- c:\windows\system32\atipdlxx.dll
2011-02-14 05:30 . 2009-02-03 20:59 286720 ----a-w- c:\windows\system32\Ati2evxx.dll
2011-02-14 05:30 . 2009-02-03 20:58 729088 ----a-w- c:\windows\system32\Ati2evxx.exe
2011-02-14 05:30 . 2009-02-03 21:00 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-02-14 05:30 . 2009-02-03 20:22 4905472 ----a-w- c:\windows\system32\atiumdva.dll
2011-02-14 05:30 . 2009-02-03 20:43 3903488 ----a-w- c:\windows\system32\atiumdag.dll
2011-02-13 11:28 . 2011-02-13 11:28 -------- d-----w- c:\program files\iPod
2011-02-09 18:11 . 2011-02-09 18:11 -------- d-----w- c:\users\Yiren\AppData\Local\Jaksta_Technologies_Pty_L
2011-02-09 18:08 . 2011-02-15 16:21 -------- d-----w- c:\users\Yiren\AppData\Roaming\Replay Media Catcher 4
2011-02-09 18:08 . 2011-02-15 16:21 -------- d-----w- c:\program files\Applian Technologies
2011-02-09 09:38 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 09:37 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 09:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 09:37 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 09:37 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 09:33 . 2010-12-18 06:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-09 09:33 . 2010-12-18 06:22 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-02-09 09:33 . 2010-12-18 06:28 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-09 09:31 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 09:31 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 06:50 . 2011-01-30 06:53 -------- d-----w- C:\BlackShot
2011-01-24 07:31 . 2011-01-24 07:31 -------- d-----w- c:\users\Yiren\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-19 13:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-19 13:38 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-19 13:38 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-11-19 13:38 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-19 13:38 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-11-19 13:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-12 03:27 . 2010-09-10 15:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-31 20:06 . 2010-11-19 13:37 38848 ----a-w- c:\windows\avastSS.scr
2010-12-28 15:55 . 2011-01-12 11:09 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 14:23 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 10:08 . 2010-11-19 12:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 11:09 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 09:38 . 2010-11-29 09:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 09:38 . 2010-11-29 09:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Google Update"="c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 IntelDHSvcConf;IntelDHSvcConf;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-04-06 36312]
R3 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-11 3641832]
R3 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2010-11-19 5504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-383276559-3988843324-3469146653-1001Core.job
- c:\users\Yiren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 11:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.sg.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.sg.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 13:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-383276559-3988843324-3469146653-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5879491-2C6C-B793-BC8A-7D3A9F8F6A08}*]
"japganamgojidjiaagkn"=hex:62,61,69,6a,00,00
"iapleiobbbbfinejnc"=hex:6b,61,61,6e,6a,66,6d,6c,66,61,6b,70,6f,6d,6d,6d,6d,6f,
6c,69,67,70,00,01

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-23 13:59:31
ComboFix-quarantined-files.txt 2011-02-23 05:59
ComboFix2.txt 2010-12-19 05:22

Pre-Run: 70,809,862,144 bytes free
Post-Run: 70,776,184,832 bytes free

- - End Of File - - 3882BCA000EF2133D7F2028BCBC63607

Security Check:
Results of screen317's Security Check version 0.99.8
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 23
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

In Topic: Causes Blue Screen?

24 December 2010 - 11:22 PM

Thanks for the info.. :) Panda USB Vaccine is running smooth on my computer...

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!