 infected with trojan proxy agent nci, redirected by the team at virus removal |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 19 2009, 11:49 AM
Post
#1
|
|
|
Member  Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068  |
http://www.bleepingcomputer.com/forums/topic218125.html here is the log they asked me to post DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 15:59:47.34 on 19/04/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2162 [GMT 1:00] AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Outdated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Eset\nod32kui.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL LSP: c:\windows\system32\imon.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab TCP: NameServer = 85.255.112.111,85.255.112.200 TCP: {BD77DADD-6D0C-47D4-9946-C7137DDE8243} = 85.255.112.111,85.255.112.200 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: KvbDEo - {4C434CC7-E6E9-E66D-D168-893E6FB7A935} - LSA: Notification Packages = :\windows\syste scecli scecli ============= SERVICES / DRIVERS =============== R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bacs\BPowMon.exe [2005-4-13 65536] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-3-8 507904] S0 cfyr;cfyr;c:\windows\system32\drivers\noxlg.sys --> c:\windows\system32\drivers\noxlg.sys [?] S0 guiw;guiw;c:\windows\system32\drivers\nfpwyx.sys --> c:\windows\system32\drivers\nfpwyx.sys [?] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?] S2 VMwareService;VMwareService;"c:\windows\system\vmwareservice.exe" --> c:\windows\system\VMwareService.exe [?] =============== Created Last 30 ================ 2009-04-18 09:59 <DIR> --d----- c:\program files\JavaFX 2009-04-18 09:58 <DIR> --d----- c:\program files\Sun 2009-04-18 09:58 410,984 a------- c:\windows\system32\deploytk.dll 2009-04-18 09:58 73,728 a------- c:\windows\system32\javacpl.cpl 2009-04-13 14:56 477 a------- C:\Shortcut to Shared Documents.lnk 2009-04-12 15:43 <DIR> --d----- c:\documents and settings\owner\DoctorWeb 2009-04-11 23:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk 2009-04-11 19:03 <DIR> --d----- c:\program files\CCleaner 2009-04-10 18:35 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes 2009-04-07 09:52 28,725 a------- c:\windows\hpoins03.dat 2009-04-07 09:52 34,480 -------- c:\windows\hpomdl03.dat 2009-04-07 09:41 278,528 a------- c:\windows\system32\hpdjaio 2009-04-07 09:27 <DIR> --d----- c:\program files\SonicWallES 2009-04-06 10:15 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-04-06 10:08 713,216 -c------ c:\windows\system32\dllcache\sxs.dll 2009-04-06 10:08 <DIR> --d----- c:\program files\Zone Labs 2009-04-06 10:08 <DIR> --d----- c:\windows\Internet Logs 2009-03-29 17:20 1,184,984 a------- c:\windows\system32\wvc1dmod.dll 2009-03-29 17:20 626,688 a------- c:\windows\system32\vp7vfw.dll 2009-03-26 22:24 <DIR> --d----- c:\program files\SpywareBlaster 2009-03-23 21:40 151 a------- c:\windows\PhotoSnapViewer.INI 2009-03-23 21:28 34,480 -------- c:\windows\hpomdl03.dat.temp 2009-03-23 21:28 28,726 -------- c:\windows\hpoins03.dat.temp 2009-03-22 22:05 225,664 -c------ c:\windows\system32\dllcache\tcpip6.sys 2009-03-22 22:05 100,352 -c------ c:\windows\system32\dllcache\6to4svc.dll 2009-03-22 22:05 8,453,632 -c------ c:\windows\system32\dllcache\shell32.dll 2009-03-22 22:05 617,472 -c------ c:\windows\system32\dllcache\comctl32.dll 2009-03-22 22:05 359,808 -c------ c:\windows\system32\dllcache\tcpip.sys 2009-03-22 22:05 453,120 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-03-22 22:05 174,592 -c------ c:\windows\system32\dllcache\rdbss.sys 2009-03-22 22:05 332,928 -c------ c:\windows\system32\dllcache\srv.sys 2009-03-22 22:05 1,494,016 -c------ c:\windows\system32\dllcache\shdocvw.dll 2009-03-22 22:05 111,616 -c------ c:\windows\system32\dllcache\dhcpcsvc.dll 2009-03-22 22:05 94,720 -c------ c:\windows\system32\dllcache\iphlpapi.dll 2009-03-22 22:04 332,288 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-03-22 22:04 148,480 -c------ c:\windows\system32\dllcache\dnsapi.dll 2009-03-22 22:04 8,192 -c------ c:\windows\system32\dllcache\rasadhlp.dll 2009-03-22 22:04 181,248 -c------ c:\windows\system32\dllcache\rasmans.dll 2009-03-22 22:04 1,435,648 -c------ c:\windows\system32\dllcache\query.dll 2009-03-22 22:04 69,120 -c------ c:\windows\system32\dllcache\ciodm.dll 2009-03-22 22:04 984,064 -c------ c:\windows\system32\dllcache\kernel32.dll 2009-03-22 22:04 546,304 -c------ c:\windows\system32\dllcache\hhctrl.ocx 2009-03-22 20:33 <DIR> --d----- c:\docume~1\owner\applic~1\GrabIt 2009-03-22 20:32 <DIR> --d----- c:\program files\GrabIt 2009-03-22 20:15 39,936 a------- c:\windows\system32\drivers\gaopdxbrxowbitudotpogkoltmxvnklyapqqji.sys 2009-03-22 20:15 4 a------- c:\windows\system32\gaopdxcounter 2009-03-22 17:51 69 a------- c:\windows\NeroDigital.ini 2009-03-22 17:46 0 a------t c:\windows\001008_.tmp 2009-03-22 16:56 526,848 a------- c:\windows\system32\p2psvc.dll 2009-03-22 16:56 49,152 a------- c:\windows\system32\powercfg.exe 2009-03-22 16:56 48,640 a------- c:\windows\system32\pnrpnsp.dll 2009-03-22 16:53 0 a------t c:\windows\003325_.tmp 2009-03-22 16:42 152,848 a------- c:\windows\system32\comdlg32.OCX 2009-03-22 16:42 124,688 a------- c:\windows\system32\mswinsck.ocx 2009-03-22 16:42 <DIR> --d----- c:\program files\Bit Che 2009-03-22 16:42 <DIR> --d----- c:\docume~1\owner\applic~1\Convivea 2009-03-22 16:08 12,288 a------- c:\windows\system32\ksolay.ax 2009-03-22 16:08 80,896 a------- c:\windows\system32\dxdllreg.exe 2009-03-22 15:52 46,352 a------- c:\windows\setdebug.exe 2009-03-22 15:52 139,536 a------- c:\windows\system32\javaee.dll 2009-03-21 20:04 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue 2009-03-21 19:27 <DIR> --d----- c:\program files\Nero 2009-03-21 17:55 11,886 a------- c:\windows\system32\drivers\kbfilter.sys 2009-03-20 21:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero 2009-03-20 20:43 3,495,784 a------- c:\windows\system32\d3dx9_33.dll 2009-03-20 20:41 <DIR> --d-h--- c:\windows\msdownld.tmp ==================== Find3M ==================== 2009-04-17 09:33 300 a------- c:\docume~1\owner\applic~1\wklnhst.dat 2009-04-12 16:21 506,368 a------- c:\windows\system32\winlogon.exe 2009-04-12 16:21 17,408 a------- c:\windows\system32\svchost.exe 2009-04-12 16:21 110,592 a------- c:\windows\system32\services.exe 2009-04-12 15:45 1,034,752 a------- c:\windows\explorer.exe 2009-04-11 11:58 563 a------- c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-03-29 17:20 87,608 a------- c:\docume~1\owner\applic~1\inst.exe 2009-03-29 17:20 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-03-29 17:20 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys 2009-03-22 17:57 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-03-22 15:52 2,678 a------- c:\windows\java\packages\data\tbdbj5r3.dat 2009-03-22 15:52 2,678 a------- c:\windows\java\packages\data\zfdb7h79.dat 2009-03-22 15:52 2,678 a------- c:\windows\java\packages\data\xjjnv1fd.dat 2009-03-22 15:52 2,678 a------- c:\windows\java\packages\data\gz9rlvd7.dat 2009-03-22 15:52 2,678 a------- c:\windows\java\packages\data\bpzvlflf.dat 2009-03-09 21:41 23,388 a------- c:\windows\system32\emptyregdb.dat 2009-03-08 16:30 274,432 a------- c:\windows\system32\imon.dll 2009-03-08 16:30 502,368 a------- c:\windows\system32\drivers\amon.sys 2009-03-07 20:30 17,801 a------- c:\windows\system32\drivers\AegisP.sys 2009-03-07 14:18 30,144 a------- c:\windows\system32\drivers\psadd.sys 2009-03-07 05:40 558,142 a------- c:\windows\java\packages\8db9jvpz.zip 2009-03-07 05:40 155,995 a------- c:\windows\java\packages\lv1fdz33.zip 2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll 2009-03-06 00:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys 2007-02-12 20:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE 2001-06-20 17:21 22,507 a------- c:\program files\bmgr.exe 2001-06-20 17:21 1,536 a------- c:\program files\boot.bin 2001-06-20 17:21 168 a------- c:\program files\bmgr.scr 1998-05-11 21:01 222,390 a------- c:\program files\io.sys 1998-05-11 21:01 93,880 a------- c:\program files\command.com 1998-05-11 21:01 18,967 a------- c:\program files\SYS.COM 1998-05-11 21:01 7 a------- c:\program files\MSDOS.SYS ============= FINISH: 16:00:06.67 =============== This post has been edited by Orange Blossom: Apr 19 2009, 01:25 PM
Reason for edit: Fix link. ~ OB
Attached File(s)
|
 |
 
|
|
Apr 29 2009, 02:06 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Hello gclubo
 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. Please perform the following: Do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Scan Mail Bases
When completed please post both both logs fromRSIT as well as the one from Kaspersky. Thanks, thewall -------------------- If I have helped you then please consider donating so I can continue the fight against malware
 All donations go directly to the helper  Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Apr 29 2009, 05:08 PM
Post
#3
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
hi, thewall. thank you for helping me with this problem, followed your instructions as above but kaspersky database wont update and get the message update has failed, failed to connect to update source.This is whats been happening it wont let me download or run any antispyware at all. the only one that will run is nod 32 that is already installed on the p c. I have tried mbam. superantispywere, spybot, ad aware and avast but they either wont let me download or even go to there webpage,or they will download but not run, failed to connect to database message appears,hope this can assist you,
|
|
|
|
|
Apr 29 2009, 06:13 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
You're welcome.
 What about RSIT, did you try to run it -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Apr 30 2009, 01:43 PM
Post
#5
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
managed to run RSIT, HERES THE LOGS
info.txt logfile of random's system information tool 1.06 2009-04-30 19:38:16 ======Uninstall list====== -->C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Bit Che-->"C:\Program Files\Bit Che\unins000.exe" blueyonder Instant Support Tool-->C:\WINDOWS\Motive\blueyonder\MCCUninst.exe Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE} Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD} Broadcom Management Programs-->MsiExec.exe /X{FB64BF25-3593-4E4E-AA85-84AEF1D1475F} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" ConvertXtoDVD 3.5.2.137-->"C:\Program Files\VSO\ConvertX\3\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe" HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF} Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38} Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java™ SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130} JavaFX™ 1.1 SDK-->MsiExec.exe /X{7396F7C8-EDD8-4473-BF6A-2CE4996716E1} Lenovo System Toolbox-->C:\Program Files\PCDR5\uninst.exe Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA} Message Center Plus-->MsiExec.exe /X{3CE38F12-0D0E-43E1-867A-E1C0B78D089E} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft AutoRoute 2005-->MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689} Microsoft Encarta Encyclopedia Standard 2005-->MsiExec.exe /I{055A0044-64A6-4248-A026-9745C1E9E159} Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Photo Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works 2005 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\ Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5} Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe" NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX v2.1-->"C:\Program Files\Eset\unins001.exe" NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins001.exe" ======Security center information====== AV: Eset NOD32 antivirus system 2.51 ======System event log====== Computer Name: GERARDE123 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 3598 Source Name: Service Control Manager Time Written: 20090407094421.000000+060 Event Type: error User: Computer Name: GERARDE123 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 3595 Source Name: Service Control Manager Time Written: 20090407094421.000000+060 Event Type: error User: Computer Name: GERARDE123 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 3592 Source Name: Service Control Manager Time Written: 20090407094420.000000+060 Event Type: error User: Computer Name: GERARDE123 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 3588 Source Name: Service Control Manager Time Written: 20090407094420.000000+060 Event Type: error User: Computer Name: GERARDE123 Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 3585 Source Name: Service Control Manager Time Written: 20090407094420.000000+060 Event Type: error User: =====Application event log===== Computer Name: GERARDE123 Event Code: 1000 Message: Record Number: 1809 Source Name: Windows Live Messenger Time Written: 20090318214210.000000+000 Event Type: error User: Computer Name: GERARDE123 Event Code: 1000 Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0012bd68. Record Number: 1770 Source Name: Application Error Time Written: 20090318200401.000000+000 Event Type: error User: Computer Name: GERARDE123 Event Code: 1000 Message: Record Number: 1760 Source Name: Windows Live Messenger Time Written: 20090318190518.000000+000 Event Type: error User: Computer Name: GERARDE123 Event Code: 1000 Message: Record Number: 1721 Source Name: Windows Live Messenger Time Written: 20090318172417.000000+000 Event Type: error User: Computer Name: GERARDE123 Event Code: 12001 Message: Record Number: 1715 Source Name: usnjsvc Time Written: 20090318172406.000000+000 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\JavaFX\javafx-sdk1.1\bin;C:\Program Files\JavaFX\javafx-sdk1.1\emulator\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Lenovo;C:\Program Files\Common Files\DivX Shared\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "TVT"=C:\Program Files\Lenovo "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-04-30 19:37:57 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 102 GB (68%) free of 149 GB Total RAM: 2558 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:38:11, on 30/04/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\trend micro\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BD77DADD-6D0C-47D4-9946-C7137DDE8243}: NameServer = 85.255.112.111,85.255.112.200 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O21 - SSODL: KvbDEo - {4C434CC7-E6E9-E66D-D168-893E6FB7A935} - (no file) O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing) -- End of file - 5596 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-17 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-03-08 921600] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetChk] C:\DOCUME~1\Owner\LOCALS~1\Temp\ms1238343003.exe work [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll [2008-07-26 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Owner] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-18 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-08-21 487424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] KvbDEo - {4C434CC7-E6E9-E66D-D168-893E6FB7A935} UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\syste scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE" "C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d76db29-0a8b-11de-8563-806d6172696f}] shell\AutoRun\command - D:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ef8d02-268c-11de-abf4-000d60dd7435}] shell\AutoRun\command - E:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2009-04-30 19:37:57 ----D---- C:\rsit 2009-04-30 19:37:57 ----D---- C:\Program Files\trend micro 2009-04-20 20:29:40 ----A---- C:\WINDOWS\imsins.BAK 2009-04-20 19:17:56 ----D---- C:\Documents and Settings\Owner\Application Data\DivX 2009-04-19 20:27:56 ----D---- C:\Program Files\microsoft money 2005 2009-04-19 20:09:18 ----D---- C:\Program Files\WinAVIVideoConverter 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-04-19 20:04:33 ----D---- C:\Program Files\Common Files\DivX Shared 2009-04-18 09:59:07 ----D---- C:\Program Files\JavaFX 2009-04-18 09:58:23 ----D---- C:\Program Files\Sun 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-18 09:58:10 ----A---- C:\WINDOWS\system32\java.exe 2009-04-18 09:55:44 ----D---- C:\Documents and Settings\Owner\Application Data\Sun 2009-04-15 21:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\DivX.dll 2009-04-12 15:41:43 ----A---- C:\WINDOWS\ntbtlog.txt 2009-04-12 14:59:54 ----D---- C:\Avenger 2009-04-11 23:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk 2009-04-11 19:03:15 ----D---- C:\Program Files\CCleaner 2009-04-11 12:23:41 ----A---- C:\avenger.txt 2009-04-10 18:35:22 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2009-04-08 09:38:05 ----D---- C:\Program Files\Registry Mechanic 2009-04-07 09:27:42 ----D---- C:\Program Files\SonicWallES 2009-04-06 10:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$ 2009-04-06 10:08:49 ----D---- C:\Program Files\Zone Labs 2009-04-06 10:08:32 ----D---- C:\WINDOWS\Internet Logs 2009-04-06 09:58:43 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla ======List of files/folders modified in the last 1 months====== 2009-04-30 19:38:03 ----D---- C:\WINDOWS\Prefetch 2009-04-30 19:37:57 ----RD---- C:\Program Files 2009-04-30 19:37:54 ----D---- C:\WINDOWS\Temp 2009-04-30 19:36:16 ----D---- C:\Program Files\Mozilla Firefox 2009-04-30 17:38:58 ----D---- C:\WINDOWS 2009-04-30 00:02:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-29 23:09:21 ----SHD---- C:\WINDOWS\Installer 2009-04-29 22:24:22 ----A---- C:\WINDOWS\NeroDigital.ini 2009-04-29 22:19:57 ----HD---- C:\WINDOWS\inf 2009-04-29 22:17:17 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-29 22:17:11 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-29 21:59:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-04-28 21:05:46 ----RASH---- C:\boot.ini 2009-04-28 21:05:46 ----A---- C:\WINDOWS\win.ini 2009-04-28 21:05:46 ----A---- C:\WINDOWS\system.ini 2009-04-28 20:46:10 ----D---- C:\WINDOWS\system32\drivers 2009-04-20 21:19:36 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-04-20 21:10:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-04-20 21:10:44 ----D---- C:\WINDOWS\system32 2009-04-20 21:10:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-20 21:10:42 ----D---- C:\WINDOWS\security 2009-04-20 19:45:51 ----D---- C:\Documents and Settings 2009-04-19 20:05:26 ----D---- C:\Program Files\DivX 2009-04-19 20:04:33 ----D---- C:\Program Files\Common Files 2009-04-19 19:52:40 ----D---- C:\Program Files\Xvid 2009-04-18 12:33:02 ----RSD---- C:\WINDOWS\Fonts 2009-04-18 09:56:26 ----D---- C:\Program Files\Java 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\VXBLOCK.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxWave.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxSFS.DLL 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxMas.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\Px.dll 2009-04-12 16:21:32 ----A---- C:\WINDOWS\system32\winlogon.exe 2009-04-12 16:21:26 ----A---- C:\WINDOWS\system32\svchost.exe 2009-04-12 16:21:24 ----A---- C:\WINDOWS\system32\services.exe 2009-04-12 15:45:20 ----A---- C:\WINDOWS\explorer.exe 2009-04-11 22:56:29 ----D---- C:\Program Files\Essentials Codec Pack 2009-04-11 22:52:06 ----D---- C:\2c2594450c9c67bac7dc565487 2009-04-11 22:26:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-04-11 21:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr 2009-04-11 19:08:38 ----SHD---- C:\RECYCLER 2009-04-11 19:04:49 ----D---- C:\WINDOWS\Debug 2009-04-08 22:00:00 ----D---- C:\WINDOWS\system32\config 2009-04-07 10:11:53 ----D---- C:\WINDOWS\pss 2009-04-07 10:03:10 ----RSD---- C:\WINDOWS\assembly 2009-04-07 09:55:16 ----D---- C:\WINDOWS\twain_32 2009-04-07 09:42:48 ----D---- C:\WINDOWS\system32\NtmsData 2009-04-06 10:08:36 ----D---- C:\WINDOWS\WinSxS 2009-04-02 20:48:04 ----D---- C:\Program Files\SpywareBlaster 2009-04-02 20:47:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-04-02 20:47:31 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-31 21:31:09 ----D---- C:\Documents and Settings\Owner\Application Data\Vso ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-07 17801] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\BACS\BASFND.sys [] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2006-05-11 156160] R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-07-26 6097536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360] R3 portio;TPM Service; C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys [2004-05-19 13757] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\System32\DRIVERS\psadd.sys [2009-03-07 30144] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096] S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys [] S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys [] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BPowMon;Broadcom Power monitoring service; C:\Program Files\Broadcom\BACS\BPowMon.exe [2005-04-13 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-03-08 507904] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-07-26 159812] R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-08-21 1155072] S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-12 17408] -----------------EOF----------------- |
|
|
|
|
Apr 30 2009, 03:31 PM
Post
#6
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Ok, I will go over all of the info you gave me. The way it works since I am a Senior Trainee is I put together a fix for what I see and it then has to be approved by one of our coaches. This is to protect both the poster and to aid our training. Since we are really busy it may take a day or so. Don't think I have abandoned you though and I will get back just as soon as possible.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 1 2009, 07:38 AM
Post
#7
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
OK let's do the following:
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3   -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 1 2009, 01:26 PM
Post
#8
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
hope this is what you are looking for
ComboFix 09-05-01.1 - Owner 01/05/2009 19:09.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2086 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\combo-fix.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\inst.exe c:\windows\system32\drivers\gaopdxbrxowbitudotpogkoltmxvnklyapqqji.sys c:\windows\system32\gaopdxcounter . ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w c:\program files\trend micro 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit 2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6 2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX 2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005 2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter 2009-04-19 19:05 . 2009-04-15 20:25 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-04-19 19:05 . 2009-04-15 20:25 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-04-19 19:05 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll 2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX 2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun 2009-04-18 08:58 . 2009-04-18 08:57 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-04-12 14:43 . 2009-04-12 14:43 -------- d-----w c:\documents and settings\Owner\DoctorWeb 2009-04-11 22:57 . 2009-04-11 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\vsosdk 2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner 2009-04-10 17:35 . 2009-04-10 17:35 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes 2009-04-07 08:52 . 2009-04-07 09:04 28725 ------w c:\windows\hpoins03.dat 2009-04-07 08:52 . 2003-08-11 10:44 34480 ------w c:\windows\hpomdl03.dat 2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES 2009-04-06 09:15 . 2009-04-06 09:21 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-06 09:08 . 2008-01-17 17:59 713216 -c----w c:\windows\system32\dllcache\sxs.dll 2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs 2009-04-06 09:08 . 2009-04-11 21:32 -------- d-----w c:\windows\Internet Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-30 19:40 . 2009-03-07 07:45 1136 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX 2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid 2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java 2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-04-12 15:21 . 2002-08-29 12:00 506368 ----a-w c:\windows\system32\winlogon.exe 2009-04-12 15:21 . 2002-08-29 12:00 17408 ----a-w c:\windows\system32\svchost.exe 2009-04-12 15:21 . 2002-08-29 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-04-12 14:45 . 2002-08-29 12:00 1034752 ----a-w c:\windows\explorer.exe 2009-04-11 22:55 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-11 21:56 . 2008-01-25 13:01 -------- d-----w c:\program files\Essentials Codec Pack 2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO 2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5 2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt 2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp 2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp 2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che 2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead 2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat 2009-03-18 23:07 . 2008-02-17 16:25 -------- d-----w c:\program files\QuickTime 2009-03-18 23:05 . 2009-02-22 17:47 -------- d-----w c:\program files\Apple Software Update 2009-03-18 13:08 . 2009-03-18 13:08 -------- d-----w c:\program files\PowerISO 2009-03-12 21:50 . 2009-03-12 21:50 -------- d-----w c:\program files\Adobe Type Manager 2009-03-12 21:49 . 2009-03-12 21:48 -------- d-----w c:\program files\PhotoDeluxe 2.0 2009-03-12 20:37 . 2008-06-29 18:24 -------- d-----w c:\program files\Common Files\Nero 2009-03-11 21:27 . 2008-02-14 20:20 -------- d-----w c:\program files\DVD Shrink 2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat 2009-03-11 19:18 . 2009-03-11 19:18 -------- d-----w c:\program files\MSN Messenger 2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat 2009-03-10 21:28 . 2008-01-08 20:35 -------- d-----w c:\program files\Microsoft AutoRoute 2009-03-10 21:22 . 2008-01-08 20:28 -------- d-----w c:\program files\Picture It! Premium 10 2009-03-10 21:17 . 2008-01-08 20:22 -------- d-----w c:\program files\Microsoft Works 2009-03-10 21:04 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset 2009-03-09 22:01 . 2009-03-09 22:01 -------- d-----w c:\program files\NETGEAR 2009-03-09 22:01 . 2008-01-17 21:26 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 20:42 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-08 15:30 . 2009-03-08 15:31 274432 ----a-w c:\windows\system32\imon.dll 2009-03-08 15:30 . 2009-03-08 15:31 502368 ----a-w c:\windows\system32\drivers\amon.sys 2009-03-07 20:05 . 2009-03-07 19:39 -------- d-----w c:\program files\Broadcom 2009-03-07 19:48 . 2008-01-10 20:44 -------- d-----w c:\program files\blueyonder IST 2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-07 16:11 . 2008-01-22 21:26 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-07 13:52 . 2009-03-07 13:46 -------- d-----w c:\program files\Analog Devices 2009-03-07 13:46 . 2008-01-17 21:26 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-07 13:31 . 2008-01-24 22:32 -------- d-----w c:\program files\Common Files\SureThing Shared 2009-03-07 13:18 . 2008-01-24 21:18 -------- d-----w c:\program files\Common Files\Lenovo 2009-03-07 13:18 . 2008-01-24 21:18 -------- d-----w c:\program files\Lenovo 2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys 2009-03-07 12:35 . 2008-01-25 13:06 -------- d-----w c:\program files\Google 2009-03-07 06:53 . 2008-01-31 10:43 -------- d-----w c:\program files\Common Files\Adobe 2009-03-07 04:50 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip 2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip 2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2001-06-20 16:21 . 2008-01-13 13:09 1536 ----a-w c:\program files\boot.bin 2001-06-20 16:21 . 2008-01-13 13:08 22507 ----a-w c:\program files\bmgr.exe 2001-06-20 16:21 . 2008-01-13 13:09 168 ----a-w c:\program files\bmgr.scr 1998-05-11 20:01 . 2008-01-13 13:10 18967 ----a-w c:\program files\SYS.COM 1998-05-11 20:01 . 2008-01-13 13:10 7 ----a-w c:\program files\MSDOS.SYS 1998-05-11 20:01 . 2008-01-13 13:09 93880 ----a-w c:\program files\command.com 1998-05-11 20:01 . 2008-01-13 13:09 222390 ----a-w c:\program files\io.sys 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2009-04-12 15:21 17408 F9304809C3CA8F45153674A253DC670C c:\windows\system32\svchost.exe [-] 2004-08-04 00:56 502272 50DF290E01181F57562BCFC2E93E79BE c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2009-04-12 15:21 506368 1386A976BE507C9CBAFFA6D3F39CBF1E c:\windows\system32\winlogon.exe [7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2004-08-03 23:00 29056 ACA96CF6F78D2CAAAAF847F2EE0BEB14 c:\windows\system32\drivers\ip6fw.sys [-] 2009-04-12 14:45 1034752 E52221CA17B56885CD8BBF32BE7DF49E c:\windows\explorer.exe [7] 2004-08-04 00:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2004-08-04 00:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\ServicePackFiles\i386\services.exe [-] 2009-04-12 15:21 110592 3A7225391E3029AE511362F899B32223 c:\windows\system32\services.exe [7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2004-08-04 00:56 14336 110FB3121C028E5AAEDF3307223787CD c:\windows\system32\lsass.exe [7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-10 23:53 58368 3513A57EC257DF60F641D20031ACB383 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-08 921600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Owner [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\WINDOWS\\system32\\userinit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 cfyr;cfyr; [x] R0 guiw;guiw; [x] R2 amd64si;amd64si; [x] R2 ati64si;ati64si; [x] R2 VMwareService;VMwareService; [x] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [2005-04-13 65536] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ef8d02-268c-11de-abf4-000d60dd7435}] \Shell\AutoRun\command - E:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . - - - - ORPHANS REMOVED - - - - SSODL-KvbDEo-{4C434CC7-E6E9-E66D-D168-893E6FB7A935} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\ FF - prefs.js: browser.startup.homepage - www.google.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-01 19:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(3448) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\imon.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\System Update\SUService.exe . ************************************************************************** . Completion time: 2009-05-01 19:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 18:18 Pre-Run: 109,763,674,112 bytes free Post-Run: 112,735,670,272 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 242 --- E O F --- 2009-03-22 22:05 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:24:21, on 01/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing) -- End of file - 5386 bytes |
|
|
|
|
May 4 2009, 02:47 PM
Post
#9
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Sorry about the delay.
The Recover Console was not installed with ComboFix and we really need to get it up and running. If you have another computer you can use we would like you to do the following. If not let me know but do not delete your copy you have now. If you do have use of another computer delete the current ComboFix you have on your machine and complete the instructions below to download a new copy with the Recovery Console installed and run it. Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer. *************************************************** Download ComboFix from one of these locations: Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System  Download the file & save it as it's originally named. --------------------------------------------------------------------- Transfer all files you just downloaded, to the desktop of the infected computer. -------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. ESET NOD32 ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a  sign.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
button.
|
May 5 2009, 02:16 PM
Post
#10
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
Hi again, right done everything you asked from a laptop then to the infected desktop, everything was going to plan until the recovery console tried to install, got a message popup saying the application failed to initialize (0xc0000096) so it did not install. Here is the log combofix created
ComboFix 09-05-04.A3 - Owner 05/05/2009 20:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2182 [GMT 1:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))) . 2009-04-30 18:37 . 2009-05-01 18:24 -------- d-----w c:\program files\trend micro 2009-04-30 18:37 . 2009-04-30 18:38 -------- d-----w C:\rsit 2009-04-29 21:00 . 2009-04-29 21:00 59056 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2009-04-28 19:46 . 2009-04-28 19:45 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-28 19:44 . 2009-04-28 19:46 -------- d-----w c:\documents and settings\Owner\.housecall6.6 2009-04-20 18:17 . 2009-04-20 18:17 -------- d-----w c:\documents and settings\Owner\Application Data\DivX 2009-04-19 19:27 . 2009-04-19 19:27 -------- d-----w c:\program files\microsoft money 2005 2009-04-19 19:09 . 2009-04-19 19:09 -------- d-----w c:\program files\WinAVIVideoConverter 2009-04-19 19:05 . 2009-04-15 20:25 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-04-19 19:05 . 2009-04-15 20:25 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-04-19 19:05 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe 2009-04-19 19:05 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll 2009-04-19 19:04 . 2009-04-19 19:04 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-18 08:59 . 2009-04-18 08:59 -------- d-----w c:\program files\JavaFX 2009-04-18 08:58 . 2009-04-18 08:58 -------- d-----w c:\program files\Sun 2009-04-18 08:58 . 2009-04-18 08:57 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll 2009-04-12 14:43 . 2009-04-12 14:43 -------- d-----w c:\documents and settings\Owner\DoctorWeb 2009-04-11 22:57 . 2009-04-11 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\vsosdk 2009-04-11 18:03 . 2009-04-11 18:03 -------- d-----w c:\program files\CCleaner 2009-04-10 17:35 . 2009-04-10 17:35 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes 2009-04-07 08:52 . 2009-04-07 09:04 28725 ------w c:\windows\hpoins03.dat 2009-04-07 08:52 . 2003-08-11 10:44 34480 ------w c:\windows\hpomdl03.dat 2009-04-07 08:27 . 2009-04-07 08:27 -------- d-----w c:\program files\SonicWallES 2009-04-06 09:15 . 2009-04-06 09:21 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-06 09:08 . 2008-01-17 17:59 713216 -c----w c:\windows\system32\dllcache\sxs.dll 2009-04-06 09:08 . 2009-04-06 09:08 -------- d-----w c:\program files\Zone Labs 2009-04-06 09:08 . 2009-04-11 21:32 -------- d-----w c:\windows\Internet Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 19:57 . 2008-01-22 00:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-04 16:10 . 2009-03-10 12:49 1324 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-02 14:15 . 2009-03-07 07:45 1136 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-04-19 19:05 . 2008-01-27 19:22 -------- d-----w c:\program files\DivX 2009-04-19 18:52 . 2009-01-20 21:48 -------- d-----w c:\program files\Xvid 2009-04-18 08:56 . 2008-06-23 20:50 -------- d-----w c:\program files\Java 2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys 2009-04-12 15:21 . 2002-08-29 12:00 506368 ----a-w c:\windows\system32\winlogon.exe 2009-04-12 15:21 . 2002-08-29 12:00 17408 ----a-w c:\windows\system32\svchost.exe 2009-04-12 15:21 . 2002-08-29 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-04-12 14:45 . 2002-08-29 12:00 1034752 ----a-w c:\windows\explorer.exe 2009-04-11 21:56 . 2008-01-25 13:01 -------- d-----w c:\program files\Essentials Codec Pack 2009-04-11 10:58 . 2009-04-11 10:58 563 ----a-w c:\program files\Shortcut to Malwarebytes' Anti-Malware.lnk 2009-04-02 19:48 . 2009-03-26 21:24 -------- d-----w c:\program files\SpywareBlaster 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-29 16:20 . 2009-03-11 22:32 47360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys 2009-03-29 16:20 . 2008-01-26 17:58 -------- d-----w c:\program files\VSO 2009-03-24 21:13 . 2008-01-24 22:29 -------- d-----w c:\program files\PCDR5 2009-03-22 19:32 . 2009-03-22 19:32 -------- d-----w c:\program files\GrabIt 2009-03-22 16:57 . 2009-03-07 04:39 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-03-22 16:46 . 2009-03-22 16:46 0 ----atw c:\windows\001008_.tmp 2009-03-22 15:53 . 2009-03-22 15:53 0 ----atw c:\windows\003325_.tmp 2009-03-22 15:42 . 2009-03-22 15:42 -------- d-----w c:\program files\Bit Che 2009-03-22 15:20 . 2009-03-07 08:05 59056 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 15:18 . 2009-03-22 15:16 -------- d-----w c:\program files\Common Files\Ahead 2009-03-22 15:16 . 2009-03-21 18:27 -------- d-----w c:\program files\Nero 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\tbdbj5r3.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\zfdb7h79.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\xjjnv1fd.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\gz9rlvd7.dat 2009-03-22 14:52 . 2009-03-22 15:55 2678 ----a-w c:\windows\java\Packages\Data\bpzvlflf.dat 2009-03-18 23:07 . 2008-02-17 16:25 -------- d-----w c:\program files\QuickTime 2009-03-18 23:05 . 2009-02-22 17:47 -------- d-----w c:\program files\Apple Software Update 2009-03-18 13:08 . 2009-03-18 13:08 -------- d-----w c:\program files\PowerISO 2009-03-12 21:50 . 2009-03-12 21:50 -------- d-----w c:\program files\Adobe Type Manager 2009-03-12 21:49 . 2009-03-12 21:48 -------- d-----w c:\program files\PhotoDeluxe 2.0 2009-03-12 20:37 . 2008-06-29 18:24 -------- d-----w c:\program files\Common Files\Nero 2009-03-11 21:27 . 2008-02-14 20:20 -------- d-----w c:\program files\DVD Shrink 2009-03-11 21:06 . 2009-03-11 21:06 0 ----a-w c:\windows\nsreg.dat 2009-03-11 19:18 . 2009-03-11 19:18 -------- d-----w c:\program files\MSN Messenger 2009-03-10 21:50 . 2009-03-10 21:50 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat 2009-03-10 21:28 . 2008-01-08 20:35 -------- d-----w c:\program files\Microsoft AutoRoute 2009-03-10 21:22 . 2008-01-08 20:28 -------- d-----w c:\program files\Picture It! Premium 10 2009-03-10 21:17 . 2008-01-08 20:22 -------- d-----w c:\program files\Microsoft Works 2009-03-10 21:04 . 2008-01-21 20:27 -------- d-----w c:\program files\Eset 2009-03-09 22:01 . 2009-03-09 22:01 -------- d-----w c:\program files\NETGEAR 2009-03-09 22:01 . 2008-01-17 21:26 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 20:42 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-03-09 20:41 . 2009-03-07 04:37 23388 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-08 15:30 . 2009-03-08 15:31 274432 ----a-w c:\windows\system32\imon.dll 2009-03-08 15:30 . 2009-03-08 15:31 502368 ----a-w c:\windows\system32\drivers\amon.sys 2009-03-07 20:05 . 2009-03-07 19:39 -------- d-----w c:\program files\Broadcom 2009-03-07 19:48 . 2008-01-10 20:44 -------- d-----w c:\program files\blueyonder IST 2009-03-07 19:30 . 2009-03-07 19:30 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-07 16:11 . 2008-01-22 21:26 -------- d-----w c:\program files\Windows Media Connect 2 2009-03-07 13:52 . 2009-03-07 13:46 -------- d-----w c:\program files\Analog Devices 2009-03-07 13:46 . 2008-01-17 21:26 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-07 13:31 . 2008-01-24 22:32 -------- d-----w c:\program files\Common Files\SureThing Shared 2009-03-07 13:18 . 2008-01-24 21:18 -------- d-----w c:\program files\Common Files\Lenovo 2009-03-07 13:18 . 2008-01-24 21:18 -------- d-----w c:\program files\Lenovo 2009-03-07 13:18 . 2009-03-07 13:18 30144 ----a-w c:\windows\system32\drivers\psadd.sys 2009-03-07 12:35 . 2008-01-25 13:06 -------- d-----w c:\program files\Google 2009-03-07 06:53 . 2008-01-31 10:43 -------- d-----w c:\program files\Common Files\Adobe 2009-03-07 04:40 . 2009-03-22 15:55 558142 ----a-w c:\windows\java\Packages\8db9jvpz.zip 2009-03-07 04:40 . 2009-03-22 15:55 155995 ----a-w c:\windows\java\Packages\lv1fdz33.zip 2009-03-05 23:59 . 2009-03-18 23:05 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 23:59 . 2009-03-18 23:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2001-06-20 16:21 . 2008-01-13 13:09 1536 ----a-w c:\program files\boot.bin 2001-06-20 16:21 . 2008-01-13 13:08 22507 ----a-w c:\program files\bmgr.exe 2001-06-20 16:21 . 2008-01-13 13:09 168 ----a-w c:\program files\bmgr.scr 1998-05-11 20:01 . 2008-01-13 13:10 18967 ----a-w c:\program files\SYS.COM 1998-05-11 20:01 . 2008-01-13 13:10 7 ----a-w c:\program files\MSDOS.SYS 1998-05-11 20:01 . 2008-01-13 13:09 93880 ----a-w c:\program files\command.com 1998-05-11 20:01 . 2008-01-13 13:09 222390 ----a-w c:\program files\io.sys 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe [-] 2009-04-12 15:21 17408 F9304809C3CA8F45153674A253DC670C c:\windows\system32\svchost.exe [-] 2004-08-04 00:56 502272 50DF290E01181F57562BCFC2E93E79BE c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe [-] 2009-04-12 15:21 506368 1386A976BE507C9CBAFFA6D3F39CBF1E c:\windows\system32\winlogon.exe [7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys [-] 2004-08-03 23:00 29056 ACA96CF6F78D2CAAAAF847F2EE0BEB14 c:\windows\system32\drivers\ip6fw.sys [-] 2009-04-12 14:45 1034752 E52221CA17B56885CD8BBF32BE7DF49E c:\windows\explorer.exe [7] 2004-08-04 00:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe [-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe [7] 2004-08-04 00:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\ServicePackFiles\i386\services.exe [-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe [-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe [-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe [-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe [-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\services.exe [-] 2009-04-12 15:21 110592 3A7225391E3029AE511362F899B32223 c:\windows\system32\services.exe [7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe [-] 2004-08-04 00:56 14336 110FB3121C028E5AAEDF3307223787CD c:\windows\system32\lsass.exe [7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe [-] 2005-06-10 23:53 58368 3513A57EC257DF60F641D20031ACB383 c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((( SnapShot@2009-05-01_18.14.16 ))))))))))))))))))))))))))))))))))))))))) . + 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll - 2006-12-02 00:08 . 2006-12-02 00:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2009-05-05 18:51 . 2009-05-05 18:51 16384 c:\windows\Temp\Perflib_Perfdata_73c.dat + 2009-03-08 15:03 . 2004-08-04 00:56 67584 c:\windows\system32\dllcache\srclient.dll + 2009-03-07 14:51 . 2004-08-03 23:06 73472 c:\windows\system32\dllcache\sr.sys + 2009-05-04 19:58 . 2009-05-04 19:58 11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe - 2009-03-07 07:19 . 2009-04-30 19:40 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2009-03-07 07:19 . 2009-05-02 14:15 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2009-03-10 21:16 . 2009-04-30 19:40 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2009-03-10 21:16 . 2009-05-02 14:15 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2009-03-10 21:16 . 2009-05-02 14:15 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2009-03-10 21:16 . 2009-04-30 19:40 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2009-03-10 21:16 . 2009-04-30 19:40 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2009-03-10 21:16 . 2009-05-02 14:15 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2009-03-07 07:19 . 2009-04-30 19:40 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2009-03-07 07:19 . 2009-05-02 14:15 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2009-03-10 21:16 . 2009-04-30 19:40 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2009-03-10 21:16 . 2009-05-02 14:15 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2009-03-07 07:19 . 2009-04-30 19:40 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2009-03-07 07:19 . 2009-05-02 14:15 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2009-03-08 15:03 . 2004-08-04 00:56 170496 c:\windows\system32\dllcache\srsvc.dll + 2009-03-08 15:03 . 2004-08-04 00:56 239104 c:\windows\system32\dllcache\srrstr.dll + 2009-03-08 15:03 . 2004-08-04 00:56 380416 c:\windows\system32\dllcache\rstrui.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-07 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-08 921600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-26 86016] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-26 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\WINDOWS\\system32\\userinit.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [13/04/2005 01:52 65536] S0 cfyr;cfyr;c:\windows\system32\drivers\noxlg.sys --> c:\windows\system32\drivers\noxlg.sys [?] S0 guiw;guiw;c:\windows\system32\drivers\nfpwyx.sys --> c:\windows\system32\drivers\nfpwyx.sys [?] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?] S2 VMwareService;VMwareService;"c:\windows\system\VMwareService.exe" --> c:\windows\system\VMwareService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1x1e23du.default\ FF - prefs.js: browser.startup.homepage - www.google.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-05 20:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(712) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(1468) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\imon.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-05 20:09 ComboFix-quarantined-files.txt 2009-05-05 19:09 ComboFix2.txt 2009-05-01 18:18 Pre-Run: 117,929,697,280 bytes free Post-Run: 117,930,242,048 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 266 --- E O F --- 2009-03-22 22:05 |
|
|
|
|
May 5 2009, 02:49 PM
Post
#11
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
A question for you here: ComboFix is showing(as I posted below) your antivirus as being enabled during the scan. Did you have trouble disabling it or did you follow the instructions and it failed to disable? This is important to the running of ComboFix and we need to try and figure out why so we can correct it if possible.
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) * Resident AV is active -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 5 2009, 03:05 PM
Post
#12
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
I DID AS YOU SAID RIGHT CLICK ON SYSTEM TRAY AND CLICK ON QUIT, QUITTING WILL DISABLE VIRUS WARNING DO YOU REALLY WANT TO QUIT AND I CLICK YES AND THE ICON DISSAPEARS FROM THE TRAY
|
|
|
|
|
May 5 2009, 08:20 PM
Post
#13
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
There was nothing wrong with what you did I just had to check to make sure if it was the Malware causing the problem with the antivirus. It's a process of elimination thing.
We need for you to have some files checked. Go to http://virusscan.jotti.org Copy the following line into the white textbox: c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe Click Submit. Please post the results of this scan to this thread. Do the same for c:\windows\system32\spoolsv.exe Alternate site if Jottis' doesn't work or is too busy Go to http://www.virustotal.com/en/indexf.html Copy the following line into the white textbox: c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe Click Send. Do the same for c:\windows\system32\spoolsv.exe Please post the results of this scan to this thread. I also need for you to run RSIT again and post the log from it. There will be only one log produced this time. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
May 6 2009, 01:45 PM
Post
#14
|
|
|
Member Group: Members Posts: 46 Joined: 9-April 09 Member No.: 319,068 |
Scan taken on 06 May 2009 18:37:11 (GMT)
A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Scan taken on 06 May 2009 18:40:25 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-05-06 19:43:17 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 112 GB (76%) free of 149 GB Total RAM: 2558 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:22, on 06/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\BACS\BPowMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BACS\BPowMon.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing) -- End of file - 6526 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-17 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-18 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-18 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-03-08 921600] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-08-21 487424] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-18 148888] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-07-26 86016] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-07-07 233472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord" "C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-05-05 20:09:03 ----A---- C:\ComboFix.txt 2009-05-01 19:07:31 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\zip.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\vFind.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\SWREG.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\sed.exe 2009-05-01 19:07:29 ----A---- C:\WINDOWS\grep.exe 2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-01 19:07:28 ----A---- C:\WINDOWS\SWSC.exe 2009-05-01 19:07:19 ----D---- C:\WINDOWS\ERDNT 2009-05-01 19:06:32 ----D---- C:\Qoobox 2009-04-30 19:37:57 ----D---- C:\rsit 2009-04-30 19:37:57 ----D---- C:\Program Files\trend micro 2009-04-20 20:29:40 ----A---- C:\WINDOWS\imsins.BAK 2009-04-20 19:17:56 ----D---- C:\Documents and Settings\Owner\Application Data\DivX 2009-04-19 20:27:56 ----D---- C:\Program Files\microsoft money 2005 2009-04-19 20:09:18 ----D---- C:\Program Files\WinAVIVideoConverter 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-04-19 20:05:15 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-04-19 20:04:33 ----D---- C:\Program Files\Common Files\DivX Shared 2009-04-18 09:59:07 ----D---- C:\Program Files\JavaFX 2009-04-18 09:58:23 ----D---- C:\Program Files\Sun 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-18 09:58:11 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-18 09:58:10 ----A---- C:\WINDOWS\system32\java.exe 2009-04-18 09:55:44 ----D---- C:\Documents and Settings\Owner\Application Data\Sun 2009-04-15 21:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll 2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\DivX.dll 2009-04-12 15:41:43 ----A---- C:\WINDOWS\ntbtlog.txt 2009-04-11 23:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk 2009-04-11 19:03:15 ----D---- C:\Program Files\CCleaner 2009-04-11 12:23:41 ----A---- C:\avenger.txt 2009-04-10 18:35:22 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2009-04-08 09:38:05 ----D---- C:\Program Files\Registry Mechanic 2009-04-07 09:27:42 ----D---- C:\Program Files\SonicWallES ======List of files/folders modified in the last 1 months====== 2009-05-06 19:43:22 ----D---- C:\WINDOWS\Prefetch 2009-05-06 19:38:21 ----D---- C:\Program Files\Mozilla Firefox 2009-05-06 19:27:04 ----D---- C:\WINDOWS\Temp 2009-05-05 21:43:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-05 21:37:34 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-05 20:09:05 ----D---- C:\WINDOWS\system32 2009-05-05 20:09:04 ----D---- C:\WINDOWS 2009-05-05 20:07:23 ----A---- C:\WINDOWS\system.ini 2009-05-05 20:06:36 ----D---- C:\WINDOWS\system32\drivers 2009-05-05 20:06:36 ----D---- C:\WINDOWS\AppPatch 2009-05-05 20:06:26 ----D---- C:\Program Files\Common Files 2009-05-05 20:05:27 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-04 21:49:22 ----D---- C:\WINDOWS\SoftwareDistribution 2009-05-04 21:46:32 ----SHD---- C:\System Volume Information 2009-05-04 21:46:32 ----D---- C:\WINDOWS\system32\Restore 2009-05-04 21:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-04 21:42:01 ----D---- C:\WINDOWS\security 2009-05-04 21:10:15 ----RASH---- C:\boot.ini 2009-05-04 21:10:15 ----A---- C:\WINDOWS\win.ini 2009-05-04 20:58:04 ----SHD---- C:\WINDOWS\Installer 2009-05-04 20:57:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-05-01 19:40:08 ----HD---- C:\WINDOWS\inf 2009-05-01 19:39:58 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-01 19:39:33 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-05-01 19:23:37 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-01 19:11:58 ----D---- C:\WINDOWS\system32\config 2009-05-01 15:31:07 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-04-30 19:37:57 ----RD---- C:\Program Files 2009-04-29 21:59:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-04-20 21:10:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-20 19:45:51 ----D---- C:\Documents and Settings 2009-04-19 20:05:26 ----D---- C:\Program Files\DivX 2009-04-19 19:52:40 ----D---- C:\Program Files\Xvid 2009-04-18 12:33:02 ----RSD---- C:\WINDOWS\Fonts 2009-04-18 09:56:26 ----D---- C:\Program Files\Java 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\VXBLOCK.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxWave.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxSFS.DLL 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxMas.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\Px.dll 2009-04-12 16:21:32 ----A---- C:\WINDOWS\system32\winlogon.exe 2009-04-12 16:21:26 ----A---- C:\WINDOWS\system32\svchost.exe 2009-04-12 16:21:24 ----A---- C:\WINDOWS\system32\services.exe 2009-04-12 15:45:20 ----A---- C:\WINDOWS\explorer.exe 2009-04-11 22:56:29 ----D---- C:\Program Files\Essentials Codec Pack 2009-04-11 22:52:06 ----D---- C:\2c2594450c9c67bac7dc565487 2009-04-11 22:32:41 ----D---- C:\WINDOWS\Internet Logs 2009-04-11 22:26:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-04-11 21:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr 2009-04-11 19:04:49 ----D---- C:\WINDOWS\Debug 2009-04-07 10:11:53 ----D---- C:\WINDOWS\pss 2009-04-07 10:03:10 ----RSD---- C:\WINDOWS\assembly 2009-04-07 09:55:16 ----D---- C:\WINDOWS\twain_32 2009-04-07 09:42:48 ----D---- C:\WINDOWS\system32\NtmsData ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-07 17801] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\BACS\BASFND.sys [] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2006-05-11 156160] R3 cmpci;TerraTec Aureon 5.1 (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-07-26 6097536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360] R3 portio;TPM Service; C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys [2004-05-19 13757] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\System32\DRIVERS\psadd.sys [2009-03-07 30144] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxbrxowbitudotpogkoltmxvnklyapqqji.sys [] S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096] S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys [] S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys [] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BPowMon;Broadcom Power monitoring service; C:\Program Files\Broadcom\BACS\BPowMon.exe [2005-04-13 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-18 152984] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-03-08 507904] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-07-26 159812] R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-08-21 1155072] S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-12 17408] -----------------EOF----------------- hope this is the three logs you are looking for |
|
|
|
|
May 7 2009, 07:45 AM
Post
#15
|
|
|
Forum Addict Group: HJT Team Posts: 5,145 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Yes, those were the right logs. Sorry it's going so slow but due to not being able to install the Recovery Console and the antivirus remaining active we are having to take a different approach as we proceed. Hang in here with us though because we are trying to get you cleaned up.
We need to scan for Rootkits with GMER
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
or 
on your desktop.
and wait for the scan to finish.
and save the logfile to your desktop. |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 01:16 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.