My HijackThis Log

mustardgas · May 29, 2010

Hello again,

This is the third time I've contracted the same breed of virus (it's that virus that disguises itself as antivirus software, takes over your whole computer, and insists you purchase its full version). However, unlike the previous two times, I was able to (in safe mode) update malwarebytes and run a scan. The scan found five infections, all of which I removed. Upon rebooting my computer in normal mode, the virus seemed to be gone, but internet explorer wouldn't (and still won't) work. Below is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:09 AM, on 5/29/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6198 bytes

And my Malwarebytes Log (if at all relevant):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

5/29/2010 3:54:31 AM
mbam-log-2010-05-29 (03-54-31).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 305350
Time elapsed: 50 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\occofhba (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\filmmaker\AppData\Local\jgembnhgl\gegvxketssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\filmmaker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCJUPBJP\n008106201318r0409J10000601W923622f4X8e2f9abcYc22ff9dcZ0100f0700[1] (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\filmmaker\AppData\Local\temp\hPBL.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Please Help!

Thanks.
-Mgas

johnb35 · May 29, 2010

Lets see if you have anything hidden.

You'll need a usb flash drive to transfer this over to the computer with no internet.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

mustardgas · May 30, 2010

ComboFix Log Part I

ComboFix Log (first part):

ComboFix 10-05-29.03 - filmmaker 05/29/2010 19:13:34.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2130 [GMT -5:00]
Running from: H:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\filmmaker\GoToAssistDownloadHelper.exe
c:\windows\system32\st326017.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 00:21 . 2010-05-30 00:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 00:21 . 2010-05-30 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-29 07:44 . 2010-05-29 08:54 -------- d-----w- c:\users\filmmaker\AppData\Local\jgembnhgl
2010-05-29 00:41 . 2010-05-15 21:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-05-29 00:41 . 2010-05-29 00:41 -------- d-----w- c:\program files\Zone Labs
2010-05-29 00:39 . 2010-05-29 00:39 -------- d-----w- c:\programdata\CheckPoint
2010-05-29 00:39 . 2010-05-30 00:13 -------- d-----w- c:\windows\Internet Logs
2010-05-28 21:28 . 2010-05-28 21:28 -------- d-----w- c:\program files\Sunbelt Software
2010-05-26 18:39 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-17 04:12 . 2010-05-17 04:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-12 18:53 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 08:01 . 2010-03-18 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 00:42 . 2010-05-29 00:41 421442 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-29 00:42 . 2010-05-29 00:42 -------- d-----w- c:\users\filmmaker\AppData\Roaming\CheckPoint
2010-05-29 00:42 . 2010-05-29 00:42 -------- d-----w- c:\program files\Conduit
2010-05-29 00:42 . 2010-05-29 00:42 -------- d-----w- c:\program files\ZoneAlarm
2010-05-29 00:42 . 2010-05-29 00:42 -------- d-----w- c:\program files\CheckPoint
2010-05-28 23:57 . 2009-02-17 08:19 3753991547 ----a-w- c:\windows\DUMP6e5b.tmp
2010-05-28 21:30 . 2009-03-07 01:56 8242 ----a-w- c:\users\filmmaker\AppData\Roaming\wklnhst.dat
2010-05-26 18:03 . 2010-05-29 00:42 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 18:03 . 2010-05-29 00:42 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 18:03 . 2010-05-29 00:42 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-17 04:12 . 2009-02-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-10 02:57 . 2009-04-16 22:45 -------- d-----w- c:\programdata\FLEXnet
2010-05-08 06:39 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-08 06:39 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-02 08:59 . 2010-01-22 01:01 1 ----a-w- c:\users\filmmaker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-30 08:16 . 2009-04-14 22:47 -------- d-----w- c:\users\filmmaker\AppData\Roaming\uTorrent
2010-04-29 21:23 . 2010-04-29 21:23 -------- d-----w- c:\program files\Adobe Media Player
2010-04-29 20:39 . 2010-03-18 10:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-03-18 10:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 15:22 . 2010-04-24 15:22 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 03:05 . 2010-04-23 03:05 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-22 17:27 . 2010-04-22 17:12 179467 ----a-w- c:\windows\hpwins14.dat
2010-04-22 17:26 . 2010-04-22 17:26 -------- d-----w- c:\programdata\Hewlett-Packard
2010-04-22 17:24 . 2010-04-22 17:24 -------- d-----w- c:\program files\Common Files\HP
2010-04-22 17:24 . 2010-04-22 17:24 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-22 17:24 . 2010-04-22 17:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-22 17:23 . 2010-04-22 17:23 -------- d-----w- c:\program files\HP
2010-04-22 17:12 . 2010-04-22 17:12 -------- d-----w- c:\programdata\HP
2010-04-07 11:19 . 2010-04-07 11:19 -------- d-----w- c:\users\filmmaker\AppData\Roaming\IrfanView
2010-04-07 11:19 . 2010-04-07 11:19 -------- d-----w- c:\program files\IrfanView
2010-04-07 03:56 . 2010-04-07 03:56 -------- d-----w- c:\users\filmmaker\AppData\Roaming\KompoZer
2010-04-03 06:44 . 2009-04-19 18:08 -------- d-----w- c:\users\filmmaker\AppData\Roaming\WTablet
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\Trend Micro
2010-04-02 04:06 . 2009-03-04 00:39 70488 ----a-w- c:\users\filmmaker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 03:43 . 2010-03-22 23:56 -------- d-----w- c:\programdata\COMODO
2010-04-02 03:18 . 2010-04-02 02:55 -------- d-----w- c:\programdata\NOS
2010-04-02 02:57 . 2009-09-14 22:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-02 02:55 . 2010-04-02 02:55 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-04-01 19:09 . 2010-04-01 19:09 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 19:09 . 2010-04-01 19:09 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 19:09 . 2010-04-01 19:09 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 19:09 . 2010-04-01 19:09 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 19:09 . 2010-04-01 19:09 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 19:09 . 2010-04-01 19:09 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 19:09 . 2010-04-01 19:09 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 19:09 . 2010-04-01 19:09 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-01 19:09 . 2010-04-01 19:09 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 19:09 . 2010-04-01 19:09 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 19:09 . 2010-04-01 19:09 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 19:09 . 2010-04-01 19:09 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 19:08 . 2010-04-01 19:08 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 19:08 . 2010-04-01 19:08 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-01 00:03 . 2009-03-08 14:53 55857 ----a-w- c:\programdata\nvModes.dat
2010-03-26 05:19 . 2010-03-26 05:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-18 09:34 . 2009-03-17 02:15 8268 ----a-w- c:\users\filmmaker\AppData\Local\d3d9caps.dat
2010-03-13 19:26 . 2010-03-13 19:26 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-13 19:26 . 2010-03-13 19:26 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-13 19:26 . 2010-03-13 19:26 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-13 19:26 . 2010-03-05 03:14 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:26 . 2010-03-13 19:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:26 . 2010-03-05 03:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 19:25 . 2010-03-05 03:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:28 . 2010-03-30 20:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 20:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 20:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-05 15:13 . 2008-07-31 15:16 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-05 03:14 . 2010-03-05 16:49 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-03-05 03:14 . 2010-03-13 19:24 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-03-05 03:14 . 2010-03-13 19:24 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-03-04 18:54 . 2010-04-15 18:39 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-17 07:15 . 2009-02-17 07:15 75 --sh--r- c:\windows\CT4CET.bin
2009-02-17 08:34 . 2009-02-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-04-04_09.06.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-17 04:10 . 2010-05-17 04:10 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf\mfcm90u.dll
+ 2010-05-17 04:10 . 2010-05-17 04:10 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf\mfcm90.dll
+ 2010-04-24 15:22 . 2010-04-24 15:22 91656 c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
+ 2010-05-29 00:42 . 2008-02-23 02:41 22528 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\netiougc.exe
+ 2010-05-29 00:42 . 2008-02-23 04:37 49664 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\netiomig.dll
+ 2010-05-29 00:42 . 2008-02-23 02:40 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\netiougc.exe
+ 2010-05-29 00:42 . 2008-02-23 04:35 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\netiomig.dll
+ 2010-05-29 00:42 . 2008-02-23 02:39 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\FWPKCLNT.SYS
+ 2010-05-12 18:53 . 2010-01-29 13:49 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\INETRES.dll
+ 2010-05-12 18:53 . 2010-01-29 13:56 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\INETRES.dll
+ 2010-05-26 18:39 . 2010-04-23 14:23 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzupd.exe
+ 2010-05-26 18:39 . 2010-04-23 14:02 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzupd.exe
+ 2010-05-29 00:42 . 2010-05-26 18:03 99328 c:\windows\System32\ZoneLabs\zlquarantine.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 70656 c:\windows\System32\ZoneLabs\zatray.exe
+ 2010-05-29 00:41 . 2008-11-29 14:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe
+ 2010-05-29 00:42 . 2010-05-26 18:03 21504 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 14336 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 45568 c:\windows\System32\ZoneLabs\lib\zfde.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 85504 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 37376 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 12800 c:\windows\System32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 12800 c:\windows\System32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 12800 c:\windows\System32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 20992 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 12800 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 10240 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 11264 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 14336 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 12288 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 11264 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 29184 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 13312 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 35840 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 38912 c:\windows\System32\ZoneLabs\featuremap.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 75776 c:\windows\System32\ZoneLabs\camupd.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 43008 c:\windows\System32\vswmi.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 58368 c:\windows\System32\vsregexp.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 22528 c:\windows\System32\netiougc.exe
+ 2010-05-29 00:42 . 2008-02-23 02:41 22528 c:\windows\System32\netiougc.exe
+ 2010-05-29 00:42 . 2008-02-23 04:37 49664 c:\windows\System32\migration\netiomig.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 49664 c:\windows\System32\migration\netiomig.dll
+ 2010-05-29 09:08 . 2010-05-29 08:57 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-29 09:08 . 2010-05-29 08:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-05-29 09:08 . 2010-05-29 08:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-04-29 21:23 . 2010-04-29 21:23 23552 c:\windows\Installer\94533c.msi
+ 2010-05-17 04:10 . 2010-05-17 04:10 22528 c:\windows\Installer\7484bce.msi
+ 2010-04-24 17:08 . 2010-04-24 17:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-05-17 04:09 . 2010-05-17 04:09 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2010-05-17 04:09 . 2010-05-17 04:09 10134 c:\windows\Installer\{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}\ARPPRODUCTICON.exe
+ 2010-05-17 04:10 . 2010-05-17 04:10 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2010-04-24 15:22 . 2010-04-24 15:22 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2010-05-17 04:10 . 2010-05-17 04:10 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
+ 2010-05-17 04:09 . 2010-05-17 04:09 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-05-17 04:10 . 2010-05-17 04:10 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2010-05-26 18:39 . 2010-04-23 14:23 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzres.dll
+ 2010-05-26 18:39 . 2010-04-23 14:13 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzres.dll
+ 2010-05-26 18:39 . 2010-04-23 14:02 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzres.dll
+ 2010-05-26 18:39 . 2010-04-23 13:55 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzres.dll
+ 2010-04-28 19:11 . 2010-04-28 19:11 9560 c:\windows\System32\networklist\icons\{5E9EC3E9-35F7-449B-AF7D-3AF6AA872B17}_48.bin
+ 2010-04-28 19:11 . 2010-04-28 19:11 4280 c:\windows\System32\networklist\icons\{5E9EC3E9-35F7-449B-AF7D-3AF6AA872B17}_32.bin
+ 2010-04-28 19:11 . 2010-04-28 19:11 2456 c:\windows\System32\networklist\icons\{5E9EC3E9-35F7-449B-AF7D-3AF6AA872B17}_24.bin
+ 2010-05-29 15:58 . 2010-05-29 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-03 21:49 . 2010-04-03 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-29 15:58 . 2010-05-29 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-03 21:49 . 2010-04-03 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-17 04:09 . 2010-05-17 04:09 653120 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca\msvcr90.dll
+ 2010-05-17 04:09 . 2010-05-17 04:09 569664 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca\msvcp90.dll
+ 2010-05-17 04:09 . 2010-05-17 04:09 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca\msvcm90.dll
+ 2010-05-17 04:10 . 2010-05-17 04:10 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_51c97d20bbe8350e\ATL90.dll
+ 2010-05-29 00:42 . 2008-02-23 04:38 170496 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\tcpipcfg.dll
+ 2010-05-29 00:42 . 2008-02-23 04:36 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\tcpipcfg.dll
+ 2010-05-29 00:42 . 2008-02-23 02:41 806400 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\tcpip.sys
+ 2010-05-29 00:42 . 2008-02-23 04:41 890936 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22121_none_b3930f8f7f9331f9\tcpip.sys
+ 2010-05-29 00:42 . 2008-02-23 04:34 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\IKEEXT.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:34 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\FWPUCLNT.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:41 101432 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\FWPKCLNT.SYS
+ 2010-05-29 00:42 . 2008-02-23 04:32 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\BFE.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:34 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\IKEEXT.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:33 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\FWPUCLNT.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:33 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\BFE.DLL
+ 2010-05-29 00:42 . 2008-02-23 04:41 223288 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22121_none_57106a12ce7a7862\netio.sys
+ 2010-05-29 00:42 . 2008-02-23 04:39 217144 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20778_none_54fb1dd6d1762487\netio.sys
+ 2010-05-12 18:53 . 2010-01-29 16:07 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\inetcomm.dll
+ 2010-05-12 18:53 . 2010-01-29 15:40 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\inetcomm.dll
+ 2010-05-12 18:53 . 2010-01-29 16:08 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\inetcomm.dll
+ 2010-05-12 18:53 . 2010-01-29 16:21 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\inetcomm.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 141824 c:\windows\System32\ZoneLabs\zlupdate.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 173056 c:\windows\System32\ZoneLabs\vsvault.dll
+ 2010-05-29 00:39 . 2010-05-26 18:03 211456 c:\windows\System32\ZoneLabs\vsdb.dll
+ 2010-05-29 00:41 . 2010-05-15 21:30 457304 c:\windows\System32\ZoneLabs\vsdatant.sys
+ 2010-05-29 00:42 . 2007-10-11 21:51 832984 c:\windows\System32\ZoneLabs\updating.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 434688 c:\windows\System32\ZoneLabs\ssleay32.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 135680 c:\windows\System32\ZoneLabs\scheduler.dll
+ 2010-05-29 00:42 . 2009-07-14 04:58 722392 c:\windows\System32\ZoneLabs\qrbase.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 126976 c:\windows\System32\ZoneLabs\lib\zui.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 279040 c:\windows\System32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 220672 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 368640 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 184832 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 376320 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-05-29 00:39 . 2010-02-08 13:41 595432 c:\windows\System32\ZoneLabs\icslta.dll
+ 2010-05-29 00:42 . 2010-05-04 19:04 284136 c:\windows\System32\ZoneLabs\ffapi.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 169984 c:\windows\System32\ZoneLabs\fbl.dll
+ 2010-05-29 00:42 . 2008-03-17 21:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 110080 c:\windows\System32\vsxml.dll
+ 2010-05-29 00:39 . 2010-05-26 18:03 712192 c:\windows\System32\vsutil.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 302592 c:\windows\System32\vspubapi.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 107520 c:\windows\System32\vsmonapi.dll

mustardgas · May 30, 2010

ComboFix Log Part II

ComboFix Log (continued):

+ 2010-05-29 00:39 . 2010-05-26 18:03 228352 c:\windows\System32\vsinit.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 112128 c:\windows\System32\vsdata.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 170496 c:\windows\System32\tcpipcfg.dll
+ 2010-05-29 00:42 . 2008-02-23 04:38 170496 c:\windows\System32\tcpipcfg.dll
+ 2010-04-22 17:26 . 2008-07-01 17:00 274944 c:\windows\System32\spool\prtprocs\w32x86\hpzpp5jy.dll
+ 2010-05-29 00:41 . 2010-05-15 21:30 457304 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_e9b8aed6\vsdatant.sys
+ 2010-04-22 17:24 . 2010-04-22 17:24 425472 c:\windows\Installer\789b78.msi
+ 2010-04-22 17:24 . 2010-04-22 17:24 519680 c:\windows\Installer\789b72.msi
+ 2010-04-22 17:24 . 2010-04-22 17:24 454144 c:\windows\Installer\789b6c.msi
+ 2010-04-22 17:24 . 2010-04-22 17:24 317952 c:\windows\Installer\789b66.msi
+ 2010-04-22 17:24 . 2010-04-22 17:24 326144 c:\windows\Installer\789b60.msi
+ 2010-04-22 17:24 . 2010-04-22 17:24 501248 c:\windows\Installer\789b5a.msi
+ 2010-05-17 04:10 . 2010-05-17 04:10 315392 c:\windows\Installer\7484bc8.msi
+ 2010-05-17 04:10 . 2010-05-17 04:10 316928 c:\windows\Installer\7484bc2.msi
+ 2010-05-17 04:10 . 2010-05-17 04:10 356864 c:\windows\Installer\7484bbc.msi
+ 2010-05-17 04:09 . 2010-05-17 04:09 359424 c:\windows\Installer\7484bb6.msi
+ 2010-05-17 04:09 . 2010-05-17 04:09 339456 c:\windows\Installer\7484bb0.msi
+ 2010-05-17 04:09 . 2010-05-17 04:09 316416 c:\windows\Installer\7484baa.msi
+ 2010-04-24 17:08 . 2010-04-24 17:08 429568 c:\windows\Installer\656639.msi
+ 2010-04-24 15:22 . 2010-04-24 15:22 432640 c:\windows\Installer\42e08.msi
+ 2010-05-17 04:10 . 2010-05-17 04:10 3780416 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf\mfc90u.dll
+ 2010-05-17 04:10 . 2010-05-17 04:10 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf\mfc90.dll
+ 2010-04-24 17:08 . 2010-04-24 17:08 1348432 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5\msxml4.dll
+ 2010-04-24 15:22 . 2010-04-24 15:22 1286152 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2010-05-12 18:53 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22386_none_f4a7b4b181f9b16a\OESpamFilter.dat
+ 2010-05-12 18:53 . 2010-04-01 11:57 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18245_none_f448574c68bc8885\OESpamFilter.dat
+ 2010-05-12 18:53 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22673_none_f2c911d784cdf450\OESpamFilter.dat
+ 2010-05-12 18:53 . 2010-04-01 13:20 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18462_none_f24942c86ba92217\OESpamFilter.dat
+ 2010-05-12 18:53 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
+ 2010-05-12 18:53 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
+ 2010-05-12 18:53 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
+ 2010-05-12 18:53 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
+ 2010-05-12 18:53 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
+ 2010-05-12 18:53 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
+ 2010-05-29 00:42 . 2010-05-26 18:03 1789952 c:\windows\System32\ZoneLabs\vsruledb.dll
+ 2010-05-29 00:42 . 2010-05-26 18:05 2437176 c:\windows\System32\ZoneLabs\vsmon.exe
+ 2010-05-29 00:42 . 2010-05-26 18:03 1536512 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll
+ 2010-04-29 21:24 . 2010-04-29 21:24 4057088 c:\windows\Installer\945343.msi
+ 2010-04-29 21:22 . 2010-04-29 21:22 3285504 c:\windows\Installer\94532e.msi
+ 2010-04-29 21:22 . 2010-04-29 21:22 3178496 c:\windows\Installer\945328.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3075072 c:\windows\Installer\945322.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3089408 c:\windows\Installer\94531c.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3078656 c:\windows\Installer\945316.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3146240 c:\windows\Installer\945310.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3083776 c:\windows\Installer\94530a.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3076096 c:\windows\Installer\9452fe.msi
+ 2010-04-29 21:21 . 2010-04-29 21:21 3079680 c:\windows\Installer\9452f8.msi
+ 2010-04-29 21:20 . 2010-04-29 21:20 3087360 c:\windows\Installer\9452f2.msi
+ 2010-04-29 21:20 . 2010-04-29 21:20 3094016 c:\windows\Installer\9452a6.msi
+ 2010-04-29 21:20 . 2010-04-29 21:20 3831808 c:\windows\Installer\9452a0.msi
+ 2010-04-29 21:20 . 2010-04-29 21:20 3073024 c:\windows\Installer\945299.msi
+ 2010-04-29 21:20 . 2010-04-29 21:20 3110912 c:\windows\Installer\94528c.msi
+ 2010-04-29 21:19 . 2010-04-29 21:19 3150848 c:\windows\Installer\94527c.msi
+ 2010-04-29 21:19 . 2010-04-29 21:19 3273216 c:\windows\Installer\945273.msi
+ 2010-04-29 21:19 . 2010-04-29 21:19 3186176 c:\windows\Installer\94526d.msi
+ 2010-04-29 21:18 . 2010-04-29 21:18 3228160 c:\windows\Installer\945267.msi
+ 2010-04-29 21:18 . 2010-04-29 21:18 3070976 c:\windows\Installer\945261.msi
+ 2010-04-29 21:16 . 2010-04-29 21:16 3174400 c:\windows\Installer\94525b.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 16:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-17 07:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^filmmaker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\filmmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-27 09:54 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-04-09 22:29 1762032 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 19:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-18 12:20 13548064 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-08-18 12:20 96800 ----a-w- c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-08-18 12:20 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-04-18 10:08 36864 ----a-w- c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 16:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-22 00:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-24 06:09 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-12-04 09:05 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-12-04 73728]
R4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-27 2789672]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-24 183808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 19:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-05-29 19:24:24
ComboFix-quarantined-files.txt 2010-05-30 00:24
ComboFix2.txt 2010-04-04 09:09
ComboFix3.txt 2010-04-03 21:41
ComboFix4.txt 2010-04-03 01:27

Pre-Run: 92,617,621,504 bytes free
Post-Run: 92,606,836,736 bytes free

- - End Of File - - BC94CC14067F58F0EB37D7EE3876A042

mustardgas · May 30, 2010

HijackThis Log

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:56 PM, on 5/29/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6098 bytes

mustardgas · May 30, 2010

My computer seems to have returned to normal. Internet explorer is back up and running. So, Thanks again, johnb35. Or do you think there's still more to go?

johnb35 · May 30, 2010

Does the internet work now?

johnb35 · May 30, 2010

mustardgas said:
My computer seems to have returned to normal. Internet explorer is back up and running. So, Thanks again, johnb35. Or do you think there's still more to go?

Nope, your good to go. And your welcome.

My HijackThis Log

mustardgas

New Member

johnb35

Administrator

mustardgas

New Member

mustardgas

New Member

mustardgas

New Member

mustardgas

New Member

johnb35

Administrator

johnb35

Administrator