 infected with trojan proxy agent nci, redirected by the team at virus removal |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 15 2009, 01:28 PM
Post
#31
|
|
|
Member  Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068  |
Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-05-15 19:27:13 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 111 GB (75%) free of 149 GB Total RAM: 2558 MB (83% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:18, on 15/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\trend micro\HijackThis\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing) -- End of file - 6267 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-17 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-03-08 921600] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-08-21 487424] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-18 148888] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-07-26 86016] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-05-10 15:43:53 ----SHD---- C:\RECYCLER 2009-05-10 15:25:12 ----D---- C:\WINDOWS\temp 2009-05-10 15:25:11 ----A---- C:\ComboFix.txt 2009-05-10 15:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-10 15:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-10 15:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-05-10 15:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-10 15:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-05-10 15:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-10 15:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-05-10 15:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-10 15:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-05-10 15:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2009-05-10 15:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-05-10 14:32:32 ----D---- C:\xpcd 2009-05-10 12:50:30 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\zip.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\vFind.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\SWREG.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\sed.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\grep.exe 2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWSC.exe 2009-05-01 19:07:19 ----D---- C:\WINDOWS\ERDNT 2009-05-01 19:06:32 ----D---- C:\Qoobox 2009-04-30 19:37:57 ----D---- C:\rsit 2009-04-30 19:37:57 ----D---- C:\Program Files\trend micro 2009-04-20 20:29:40 ----A---- C:\WINDOWS\imsins.BAK 2009-04-20 19:17:56 ----D---- C:\Documents and Settings\Owner\Application Data\DivX 2009-04-19 20:27:56 ----D---- C:\Program Files\microsoft money 2005 2009-04-19 20:09:18 ----D---- C:\Program Files\WinAVIVideoConverter 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-04-19 20:04:33 ----D---- C:\Program Files\Common Files\DivX Shared 2009-04-18 09:59:07 ----D---- C:\Program Files\JavaFX 2009-04-18 09:58:23 ----D---- C:\Program Files\Sun 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-18 09:58:10 ----A---- C:\WINDOWS\system32\java.exe 2009-04-18 09:55:44 ----D---- C:\Documents and Settings\Owner\Application Data\Sun ======List of files/folders modified in the last 1 months====== 2009-05-15 19:27:18 ----D---- C:\WINDOWS\Prefetch 2009-05-15 19:26:22 ----D---- C:\Program Files\Mozilla Firefox 2009-05-14 23:55:19 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-14 07:22:22 ----D---- C:\WINDOWS 2009-05-13 21:06:52 ----HD---- C:\WINDOWS\inf 2009-05-13 21:06:49 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-13 20:57:03 ----SHD---- C:\WINDOWS\Installer 2009-05-11 20:19:53 ----A---- C:\WINDOWS\win.ini 2009-05-10 17:01:25 ----D---- C:\WINDOWS\AppPatch 2009-05-10 17:00:20 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-10 17:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$ 2009-05-10 16:58:42 ----D---- C:\2c2594450c9c67bac7dc565487 2009-05-10 15:30:00 ----D---- C:\WINDOWS\system32 2009-05-10 15:29:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-10 15:23:03 ----A---- C:\WINDOWS\system.ini 2009-05-10 15:23:00 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-10 15:21:19 ----D---- C:\WINDOWS\system32\drivers 2009-05-10 15:21:11 ----D---- C:\Program Files\Common Files 2009-05-10 15:10:02 ----D---- C:\WINDOWS\system32\wbem 2009-05-10 15:05:53 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-10 15:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-05-10 15:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-05-10 15:01:02 ----D---- C:\Program Files\Internet Explorer 2009-05-10 12:56:23 ----D---- C:\WINDOWS\security 2009-05-10 12:56:05 ----D---- C:\WINDOWS\system32\config 2009-05-05 21:37:34 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-04 21:49:22 ----D---- C:\WINDOWS\SoftwareDistribution 2009-05-04 21:46:32 ----SHD---- C:\System Volume Information 2009-05-04 21:46:32 ----D---- C:\WINDOWS\system32\Restore 2009-05-04 21:10:15 ----RASH---- C:\boot.ini 2009-05-04 20:57:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-05-01 19:39:58 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-01 19:39:33 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-05-01 15:31:07 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-04-30 19:37:57 ----RD---- C:\Program Files 2009-04-29 21:59:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-04-20 19:45:51 ----D---- C:\Documents and Settings 2009-04-19 20:05:26 ----D---- C:\Program Files\DivX 2009-04-19 19:52:40 ----D---- C:\Program Files\Xvid 2009-04-18 12:33:02 ----RSD---- C:\WINDOWS\Fonts 2009-04-18 09:56:26 ----D---- C:\Program Files\Java 2009-04-18 09:31:27 ----A---- C:\avenger.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-07 17801] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\BACS\BASFND.sys [] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2006-05-11 156160] R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-07-26 6097536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360] R3 portio;TPM Service; C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys [2004-05-19 13757] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\System32\DRIVERS\psadd.sys [2009-03-07 30144] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxbrxowbitudotpogkoltmxvnklyapqqji.sys [] S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096] S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys [] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BPowMon;Broadcom Power monitoring service; C:\Program Files\Broadcom\BACS\BPowMon.exe [2005-04-13 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-03-08 507904] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-07-26 159812] R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-08-21 1155072] S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-12 17408] -----------------EOF----------------- |
 |
 
|
|
May 16 2009, 12:55 PM
Post
#32
|
|
 Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
We would like you to download another Anti-virus because the Nod32 that is on your system is a cracked version. There are a lot of problems which can arise with these versions of programs and it could possibly part of the problem with the RC not installing properly. Just hard to tell but you would be better off with one of the free versions anyway. You of course don't have to do this but it would be highly advisable in light of what we know about them.
The order of how you carry this out is important so what we would like you to do is to download the anti-virus of your choice but do not install it yet. When you have done so move on to the instructions below the anti-virus list. For a free anti-virus please follow these instructions: Click on this link: AVG
Avira Avast(Mouse over Free Software in the upper right corner) After you have downloaded one of the anti-virus from the list then disconnect from the Internet(this is very important). Once disconnected follow the instructions below for removing your Nod32. When that is completed go ahead with the installation of your new anti-virus then reconnect to the Internet and immediately update it. Click "start" on the taskbar and then click on the "Control Panel" icon. Please doubleclick the "Add or Remove Programs" icon A list of programs installed will be "populated" this may take a bit of time. If they exist, uninstall the following by clicking on the following entries and selecting "remove": NOD32 antivirus system NOD32 FiX v2.1 Additional instructions can be found here if needed When you have completed this please let us know and we will continue. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
 All donations go directly to the helper  Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 16 2009, 01:50 PM
Post
#33
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
right done everything you said and it went well. a couple of things i should tell you, a warning came up saying "local machine installed succesfully warning action failed for regitery key hkcu\software\avg (ADMINISTRATER) creating registery key error 0x80070005,
the exact same message but for avg8 followed by internal error registery handle has not been opened. there is also a threat detected warning coming up for windows\system32\winlogon.exe trojan horse win32/pepatchao hope this helps, do you want me to now run a scan? |
|
|
|
|
May 16 2009, 02:36 PM
Post
#34
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
I'm glad you were able to get that accomplished and I'll check out the errors.
Hang on before you do another scan. I need to talk to my coach again and I might not get an answer back today -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 17 2009, 06:02 PM
Post
#35
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Now that is accomplished we want to try once again for the Recovery Console install so this is basically a repeat of what I wrote in post #17. However the difference is even if you fail to install the RC go ahead with the ComboFix run in Safe Mode once again.
We are going to try to install the Recovery Console again through a manual install. Please go HERE and follow the instructions on Manual installation. When you get to the part I have quoted below which comes from the instructions do not click on "Yes" Choose "No" instead. QUOTE Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button and continue reading the tutorial from here. After doing the above I want you to restart your computer in Safe Mode and then run ComboFix from there and post the log it produces in your next reply. If you encounter any problems please let me know. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 18 2009, 04:14 AM
Post
#36
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
still getting the application failed to initialise error and the avg scanner is still active even though i closed it. really sorry for all this hassle and appreciate all your help. As i said earlier would uninstalling service pack 2 and installing the rc from my original xp disk help in any way. do you still want me to run a combofix in safe mode
|
|
|
|
|
May 18 2009, 08:19 AM
Post
#37
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
It's no hassle, that's what we're here for.
 I do want you to go ahead with the ComboFix run in Safe Mode but I don't think it would be a good idea to uninstall a service pack you already have on the machine. Could leave it open to more problems. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 18 2009, 03:12 PM
Post
#38
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
ComboFix 09-05-17.08 - Owner 18/05/2009 20:33.7 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2299 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Essentials Codec Pack c:\program files\Essentials Codec Pack\ac3filter.ax c:\program files\Essentials Codec Pack\AviSplitter.ax c:\program files\Essentials Codec Pack\cddareader.ax c:\program files\Essentials Codec Pack\cdxareader.ax c:\program files\Essentials Codec Pack\CLVSD.AX c:\program files\Essentials Codec Pack\CoreAAC.ax c:\program files\Essentials Codec Pack\CoreFLACDecoder.ax c:\program files\Essentials Codec Pack\CoreVorbis.ax c:\program files\Essentials Codec Pack\FLVSplitter.ax c:\program files\Essentials Codec Pack\iccvid.dll c:\program files\Essentials Codec Pack\l3codecp.acm c:\program files\Essentials Codec Pack\l3codecx.ax c:\program files\Essentials Codec Pack\lame.ax c:\program files\Essentials Codec Pack\MatroskaSplitter.ax c:\program files\Essentials Codec Pack\MonkeySource.ax c:\program files\Essentials Codec Pack\MP4Splitter.ax c:\program files\Essentials Codec Pack\MpaSplitter.ax c:\program files\Essentials Codec Pack\Mpeg2DecFilter.ax c:\program files\Essentials Codec Pack\MpegSplitter.ax c:\program files\Essentials Codec Pack\mplayerc.exe c:\program files\Essentials Codec Pack\OggSplitter.ax c:\program files\Essentials Codec Pack\RealMediaSplitter.ax c:\program files\Essentials Codec Pack\RLMPCDec.ax c:\program files\Essentials Codec Pack\RLOFRDec.ax c:\program files\Essentials Codec Pack\shoutcastsource.ax c:\program files\Essentials Codec Pack\uninst.exe c:\program files\Essentials Codec Pack\update.exe c:\program files\Essentials Codec Pack\vorbis.acm c:\program files\Essentials Codec Pack\VSFilter.dll c:\program files\Essentials Codec Pack\WavPackDSDecoder.ax c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax c:\program files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url c:\program files\Essentials Codec Pack\xvid.ax c:\program files\Essentials Codec Pack\xvidcore.dll c:\program files\Essentials Codec Pack\xvidvfw.dll . ((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 ))))))))))))))))))))))))))))))) . 2009-05-18 19:17 . 2009-05-18 19:27 -------- d-----w C:\ComboFix 2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 18:17 . 2009-05-18 08:44 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd 2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll 2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll 2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit 2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6 2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX 2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005 2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter 2009-04-19 19:05 . 2009-04-15 20:25 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-04-19 19:05 . 2009-04-15 20:25 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-04-19 19:05 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll 2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset 2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX 2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid 2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX 2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun 2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java 2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll 2009-04-12 15:21 . 2002-08-29 12:00 506368 ----a-w c:\windows\system32\winlogon.exe 2009-04-12 15:21 . 2002-08-29 12:00 17408 ----a-w c:\windows\system32\svchost.exe 2009-04-12 14:45 . 2002-08-29 12:00 1034752 ----a-w c:\windows\explorer.exe 2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner 2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat 2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES 2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs 2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO 2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5 2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt 2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp 2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp 2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che 2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead 2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero 2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat 2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat 2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys 2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-02-20 08:30 . 2009-03-10 12:41 81920 ------w c:\windows\system32\ieencode.dll 2009-02-20 08:30 . 2002-08-29 12:00 659456 ----a-w c:\windows\system32\wininet.dll 2001-06-20 16:21 . 2008-01-13 13:09 1536 ----a-w c:\program files\boot.bin 2001-06-20 16:21 . 2008-01-13 13:08 22507 ----a-w c:\program files\bmgr.exe 2001-06-20 16:21 . 2008-01-13 13:09 168 ----a-w c:\program files\bmgr.scr 1998-05-11 20:01 . 2008-01-13 13:10 18967 ----a-w c:\program files\SYS.COM 1998-05-11 20:01 . 2008-01-13 13:10 7 ----a-w c:\program files\MSDOS.SYS 1998-05-11 20:01 . 2008-01-13 13:09 93880 ----a-w c:\program files\command.com 1998-05-11 20:01 . 2008-01-13 13:09 222390 ----a-w c:\program files\io.sys 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe [-] 2009-04-12 15:21 17408 F9304809C3CA8F45153674A253DC670C c:\windows\system32\svchost.exe [-] 2004-08-04 00:56 502272 50DF290E01181F57562BCFC2E93E79BE c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe [-] 2009-04-12 15:21 506368 1386A976BE507C9CBAFFA6D3F39CBF1E c:\windows\system32\winlogon.exe [7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys [-] 2004-08-03 23:00 29056 ACA96CF6F78D2CAAAAF847F2EE0BEB14 c:\windows\system32\drivers\ip6fw.sys [-] 2009-04-12 14:45 1034752 E52221CA17B56885CD8BBF32BE7DF49E c:\windows\explorer.exe [7] 2004-08-04 00:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe [-] 2008-04-14 00:12 1033728 ACE75FE76B8D34235430B954CEA5621F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe [7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe [-] 2004-08-04 00:56 14336 110FB3121C028E5AAEDF3307223787CD c:\windows\system32\lsass.exe [7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe [-] 2005-06-10 23:53 58368 3513A57EC257DF60F641D20031ACB383 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552] S0 cfyr;cfyr;c:\windows\system32\drivers\noxlg.sys --> c:\windows\system32\drivers\noxlg.sys [?] S0 guiw;guiw;c:\windows\system32\drivers\nfpwyx.sys --> c:\windows\system32\drivers\nfpwyx.sys [?] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536] S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-18 20:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-05-18 20:38 ComboFix-quarantined-files.txt 2009-05-18 19:38 ComboFix2.txt 2009-05-18 19:13 ComboFix3.txt 2009-05-10 14:25 ComboFix4.txt 2009-05-10 12:01 ComboFix5.txt 2009-05-18 19:17 Pre-Run: 116,338,073,600 bytes free Post-Run: 116,336,304,128 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,3,4,5,6 238 --- E O F --- 2009-05-10 14:08 |
|
|
|
|
May 20 2009, 09:42 AM
Post
#39
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Sorry, we are not forgetting you there is just a lot of behind-the-scenes stuff we are talking about in relation to this thread.
The version of ComboFix you are using is out of date so I need for you to delete it and the install a new version from one of the links below. Save it to your Desktop but do not run it yet. Link 1 Link 2 Link 3  After doing this please continue with the instructions below: This is our next step. Don't worry if you can't disable your AVG. Go ahead with the script anyway. Special ComboFix script made for this computer only 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KILLALL:: FixCSet:: DEQUARANTINE:: C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\ac3filter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\AviSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\cddareader.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\cdxareader.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\CLVSD.AX C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\CoreAAC.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\CoreFLACDecoder.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\CoreVorbis.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\FLVSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\iccvid.dll C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\l3codecp.acm C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\l3codecx.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\lame.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\MatroskaSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\MonkeySource.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\MP4Splitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\MpaSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\Mpeg2DecFilter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\MpegSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\mplayerc.exe C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\OggSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\RealMediaSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\RLMPCDec.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\RLOFRDec.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\shoutcastsource.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\uninst.exe C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\update.exe C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\vorbis.acm C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\VSFilter.dll C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\WavPackDSDecoder.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\WavPackDSSplitter.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\xvid.ax C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\xvidcore.dll C:\Qoobox\Quarantine\c:\program files\Essentials Codec Pack\xvidvfw.dll FCopy:: c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\$NtServicePackUninstall$\winlogon.exe c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe c:\windows\ServicePackFiles\i386\ip6fw.sys | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys c:\windows\ServicePackFiles\i386\ip6fw.sys | c:\windows\system32\drivers\ip6fw.sys c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\system32\lsass.exe c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\system32\spoolsv.exe File:: c:\program files\boot.bin c:\program files\bmgr.exe c:\program files\bmgr.scr c:\program files\SYS.COM c:\program files\MSDOS.SYS c:\program files\command.com c:\program files\io.sys c:\windows\system32\drivers\noxlg.sys c:\windows\system32\drivers\nfpwyx.sys Driver:: cfyr guiw Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe This should produce two logs for you I would like you to have check some suspicious files for me: Go to http://virusscan.jotti.org Copy the following line into the white textbox: c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT Click Submit. Please post the results of this scan to this thread. Do the same for both of these c:\windows\001008_.tmp c:\windows\003325_.tmp Alternate site if Jottis' doesn't work or is too busy Go to http://www.virustotal.com/en/indexf.html Copy the following line into the white textbox: c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT Click Send. Please post the results of this scan to this thread. Do the same for both of these c:\windows\001008_.tmp c:\windows\003325_.tmp There will be two logs produced by the running of ComboFix which will be named DeQuarantine_log.txt and ComboFix.txt. Please post both of those plus the results of the file scans. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 20 2009, 03:25 PM
Post
#40
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
only one log was produced here it is. also wasnt sure how to save jotis logs but
c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT result said 20 scanners found nothing and the other 2 said file is empty 0 bytes ComboFix 09-05-20.01 - Owner 20/05/2009 20:39.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2121 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\program files\bmgr.exe c:\program files\bmgr.scr c:\program files\boot.bin c:\program files\command.com c:\program files\io.sys c:\program files\MSDOS.SYS c:\program files\SYS.COM c:\windows\system32\drivers\nfpwyx.sys c:\windows\system32\drivers\noxlg.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\bmgr.exe c:\program files\bmgr.scr c:\program files\boot.bin c:\program files\command.com c:\program files\io.sys c:\program files\MSDOS.SYS c:\program files\SYS.COM . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\$NtServicePackUninstall$\winlogon.exe c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\system32\lsass.exe c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_cfyr -------\Service_guiw ((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 ))))))))))))))))))))))))))))))) . 2009-05-18 19:32 . 2009-05-18 19:38 -------- d-----w C:\Combo-Fix 2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 18:17 . 2009-05-20 08:46 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd 2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll 2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll 2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit 2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset 2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005 2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter 2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX 2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid 2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX 2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun 2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java 2009-04-15 20:25 . 2009-04-19 19:05 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-04-15 20:25 . 2009-04-19 19:05 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-04-15 20:25 . 2009-04-19 19:05 129784 ------w c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2009-04-19 19:05 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2009-04-19 19:05 118520 ------w c:\windows\system32\pxinsi64.exe 2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll 2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner 2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat 2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES 2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs 2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO 2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5 2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt 2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp 2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp 2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che 2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead 2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat 2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat 2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat 2009-03-09 20:42 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys 2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip 2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip 2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-02-20 08:30 . 2009-03-10 12:41 81920 ------w c:\windows\system32\ieencode.dll 2009-02-20 08:30 . 2002-08-29 12:00 659456 ----a-w c:\windows\system32\wininet.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot_2009-05-18_19.08.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-20 19:43 . 2009-05-20 19:43 16384 c:\windows\temp\Perflib_Perfdata_124.dat + 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\dllcache\svchost.exe + 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\dllcache\spoolsv.exe + 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\dllcache\lsass.exe + 2009-03-10 12:41 . 2004-08-03 23:00 29056 c:\windows\system32\dllcache\ip6fw.sys + 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\dllcache\winlogon.exe + 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\system32\dllcache\explorer.exe + 2009-03-07 15:51 . 2009-05-06 23:16 24699336 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776] R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-20 20:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1656) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-05-20 20:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-20 19:46 ComboFix2.txt 2009-05-18 19:38 ComboFix3.txt 2009-05-18 19:13 ComboFix4.txt 2009-05-10 14:25 ComboFix5.txt 2009-05-20 19:38 Pre-Run: 116,472,795,136 bytes free Post-Run: 116,472,791,040 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe 247 --- E O F --- 2009-05-20 19:25 |
|
|
|
|
May 20 2009, 03:55 PM
Post
#41
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
You did fine. Are you seeing any improvement in the running of your machine? Can you tell me briefly of any problems which are still occurring?
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 21 2009, 04:40 AM
Post
#42
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
yes, seems to be running quicker and no probs with the web browser, still getting a few application failed to initialise when opening some progs. but yes seems a lot better although not been on it for any length of time just to follow your instructions mostly. anything else you would like me to do.
|
|
|
|
|
May 21 2009, 08:20 AM
Post
#43
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
I'm looking over it now and will get back to you. I needed to know how we were coming along.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 22 2009, 09:25 AM
Post
#44
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,447 Joined: 19-June 07 From: Florida Member No.: 137,685 |
We still have a little bit to do although things are definitely looking better:
Special ComboFix script made for this computer only 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: c:\windows\system32\drivers c:\windows\001008_.tmp c:\windows\003325_.tmp Driver:: amd64si Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Along with the ComboFix log please run HJT and post the log it produces. I also need any information on what programs are failing to initialize and exactly what the message says if possible. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 22 2009, 04:53 PM
Post
#45
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
all the programmes i tried seem to be opening now if i come across any that wont i will let you no, here are the two logs you asked for
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:28:32, on 22/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\trend micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing) -- End of file - 6694 bytes ComboFix 09-05-22.04 - Owner 22/05/2009 22:32.10 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2141 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\001008_.tmp c:\windows\003325_.tmp c:\windows\system32\drivers :#: . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\001008_.tmp c:\windows\003325_.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AMD64SI -------\Service_amd64si ((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 ))))))))))))))))))))))))))))))) . 2009-05-20 08:45 . 2009-05-16 18:17 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-20 08:45 . 2009-05-16 18:17 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-05-20 08:45 . 2009-05-16 18:17 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-18 19:32 . 2009-05-18 19:38 -------- d-----w C:\Combo-Fix 2009-05-16 18:17 . 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-16 18:17 . 2009-05-16 18:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-16 18:17 . 2009-05-16 18:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-16 18:17 . 2009-05-16 18:17 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-16 18:17 . 2009-05-22 12:33 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-16 18:17 . 2009-05-17 11:41 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\program files\AVG 2009-05-16 18:17 . 2009-05-16 18:17 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-10 13:32 . 2009-05-10 13:33 -------- d-----w C:\xpcd 2009-05-01 18:24 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-01 18:23 . 2008-04-11 18:50 683520 -c----w c:\windows\system32\dllcache\inetcomm.dll 2009-05-01 18:21 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll 2009-05-01 18:19 . 2008-10-03 10:15 247326 -c----w c:\windows\system32\dllcache\strmdll.dll 2009-05-01 18:17 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit 2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 09:32 . 2009-03-07 08:04 -------- d-----w c:\documents and settings\Owner\Application Data\Vso 2009-05-16 18:34 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset 2009-05-13 19:57 . 2009-03-07 07:45 1272 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-05-10 12:31 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX 2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005 2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter 2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX 2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid 2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX 2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun 2009-04-18 08:57 . 2009-04-18 08:58 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java 2009-04-15 20:25 . 2009-04-19 19:05 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-04-15 20:25 . 2009-04-19 19:05 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-04-15 20:25 . 2009-04-19 19:05 129784 ------w c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2009-04-19 19:05 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2009-04-19 19:05 118520 ------w c:\windows\system32\pxinsi64.exe 2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll 2009-04-11 22:57 . 2009-04-11 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\vsosdk 2009-04-11 21:26 . 2009-03-26 21:28 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-11 20:45 . 2009-03-07 13:32 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr 2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner 2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-04-10 17:35 . 2009-04-10 17:35 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes 2009-04-07 09:04 . 2009-04-07 08:52 28725 ------w c:\windows\hpoins03.dat 2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES 2009-04-06 09:21 . 2009-04-06 09:15 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs 2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster 2009-04-02 19:47 . 2009-03-26 21:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO 2009-03-26 21:13 . 2009-03-22 15:19 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead 2009-03-26 20:59 . 2009-03-22 15:18 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5 2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat 2009-03-12 21:18 . 2009-03-12 21:18 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe 2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat 2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat 2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys 2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip 2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip 2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot_2009-05-18_19.08.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-22 21:35 . 2009-05-22 21:35 16384 c:\windows\temp\Perflib_Perfdata_68c.dat + 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\svchost.exe + 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\spoolsv.exe + 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\lsass.exe + 2002-08-29 12:00 . 2004-08-04 00:56 14336 c:\windows\system32\dllcache\svchost.exe + 2002-08-29 12:00 . 2005-06-11 00:17 57856 c:\windows\system32\dllcache\spoolsv.exe + 2002-08-29 12:00 . 2004-08-04 00:56 13312 c:\windows\system32\dllcache\lsass.exe + 2009-03-10 12:41 . 2004-08-03 23:00 29056 c:\windows\system32\dllcache\ip6fw.sys - 2009-05-01 18:39 . 2008-04-14 00:12 14336 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe - 2009-05-01 18:39 . 2008-04-14 00:12 57856 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe - 2009-05-01 18:38 . 2008-04-14 00:12 13312 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe + 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\winlogon.exe + 2002-08-29 12:00 . 2004-08-04 00:56 502272 c:\windows\system32\dllcache\winlogon.exe + 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\system32\dllcache\explorer.exe + 2002-08-29 12:00 . 2004-08-04 00:56 1032192 c:\windows\explorer.exe + 2009-03-07 15:51 . 2009-05-06 23:16 24699336 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-16 18:17 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2009 19:17 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2009 19:17 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/05/2009 19:17 298776] R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536] S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-22 22:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3956) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Lenovo\System Update\SUService.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-05-22 22:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-22 21:39 ComboFix2.txt 2009-05-20 20:08 ComboFix3.txt 2009-05-20 19:46 ComboFix4.txt 2009-05-18 19:38 ComboFix5.txt 2009-05-22 21:30 Pre-Run: 116,363,186,176 bytes free Post-Run: 116,330,893,312 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe 235 --- E O F --- 2009-05-20 19:25 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 15th March 2010 - 08:31 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.