Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infection Causing Loss Of Sound Etc


  • This topic is locked This topic is locked
27 replies to this topic

#1 gaz.103

gaz.103

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 04 July 2008 - 06:41 PM

Heres the problem, I have Norton anti virus but got probs with adware and popups. Followed symantec things to try and delete, rebooting in safe mode etc didnt work.
I also tried to reload an earlier registry backup which it partly did and then said there had been error? - perhaps I shouldnt have done this??
I downloaded windows defender which got rid of most of my probs, it detected downloader, trojan adclicker, trojan:win32/vuodo.gen!Q, PWS:win 32/cimuz.gen!A, Program:win32/antispyware, trojan:win32/agent, adware:win32/clickspring.b, meredrop etc. I now have two issues, when I start up I get the following message: Rundll error loading C:\windows\system32\gxnjnsaq.dll. I then dont get any sound and windows media player wont play wav files or MP3's. When i double click on certain shortcuts (e.g. Active Primary and even the DSS program?)i get a prompt saying that the feature i am trying to use is on a cd rom and to insert it, I click cancel three times and the program then loads up??

Help!!!!!!!!!

DSS and Kaspersky below

Thanks in advance
Gaz

Deckard's System Scanner v20071014.68
Run by Four S on 2008-07-04 20:53:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-07-04 19:53:23 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-07-04 19:35:42 UTC - RP11 - Installed Java™ 6 Update 6
10: 2008-07-04 19:14:20 UTC - RP10 - Installed Java™ SE Development Kit 6 Update 6
9: 2008-07-04 19:10:21 UTC - RP9 - Removed Java 2 Runtime Environment, SE v1.4.2_03
8: 2008-07-04 19:08:46 UTC - RP8 - Removed Java 2 Runtime Environment, SE v1.4.2_01


-- First Restore Point --
1: 2008-07-02 18:37:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Four S.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:13, on 04/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$IPLANNERFRAMEWK\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Four S\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Four S.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.standrews-primary.surrey.sch.uk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE85766-958F-481E-B51F-28D980BB371B} - C:\WINDOWS\system32\fccdddBR.dll (file missing)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINDOWS\system32\efcYRLbB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ActivFilter] C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [ActivDRVAutostart] C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BMd750028d] Rundll32.exe "C:\WINDOWS\system32\gxnjnsaq.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vsmwzdoi] "C:\Program Files\Common Files\a?sembly\i?xplore.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1092677654125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...991/mcfscan.cab
O20 - Winlogon Notify: efcYRLbB - efcYRLbB.dll (file missing)
O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - Unknown owner - C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11801 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 acernbm - c:\windows\system32\drivers\acernbm.sys
R2 ddnt - c:\windows\system32\drivers\ddnt.sys
R2 ipasintf - c:\windows\system32\drivers\pas2k.sys
R2 osadmi - c:\windows\system32\drivers\osadmi.sys
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 ActivDRV_USB (ActivDRV_USB.Sys USB ACTIVboard) - c:\windows\system32\drivers\activdrv_usb.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ActivDRVcontrol (ACTIVdriver Control) - "c:\program files\activ software\activdriver\activdrvservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Composite Battery
Device ID: ROOT\COMPOSITE_BATTERY\0000
Manufacturer: Microsoft
Name: Microsoft Composite Battery
PNP Device ID: ROOT\COMPOSITE_BATTERY\0000
Service: Compbatt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0003
Manufacturer: Microsoft
Name: SMC EZ Connect USB/Ethernet Series Converter - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0003
Service: PSched


-- Scheduled Tasks -------------------------------------------------------------

2008-07-04 20:47:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-04 20:45:24 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-26 21:57:38 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2004-07-20 19:29:24 108 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 20:58:48 0 d-------- C:\Program Files\Trend Micro
2008-07-04 20:39:18 0 d-------- C:\Program Files\Sun
2008-07-04 20:14:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-03 22:07:31 0 d-------- C:\WINDOWS\Prefetch
2008-07-03 21:38:45 0 d-------- C:\WINDOWS\system32\scripting
2008-07-03 21:38:41 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 21:38:40 0 d-------- C:\WINDOWS\system32\en
2008-07-02 21:47:04 0 d-------- C:\Program Files\Windows Defender
2008-06-30 00:05:08 32243714 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-29 19:35:14 0 d-------- C:\Program Files\AntiSpywareMaster
2008-06-29 19:34:24 403 --ahs---- C:\WINDOWS\system32\RBdddccf.ini2
2008-06-29 19:30:20 0 d-------- C:\Program Files\Common Files\a?sembly
2008-06-29 19:29:14 0 d-------- C:\Program Files\Common Files\??mbols
2008-06-29 19:28:54 0 d-------- C:\WINDOWS\system32\modtrux01
2008-06-26 22:05:53 0 d-------- C:\Documents and Settings\Four S\Application Data\Apple Computer
2008-06-26 21:58:11 0 d-------- C:\Program Files\QuickTime
2008-06-26 21:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 21:57:25 0 d-------- C:\Program Files\Apple Software Update
2008-06-26 21:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-19 20:25:27 0 d--hs---- C:\Documents and Settings\Four S\Application Data\.#


-- Find3M Report ---------------------------------------------------------------

2008-07-04 20:47:01 0 d-------- C:\Program Files\Common Files
2008-07-04 20:38:40 0 d-------- C:\Program Files\Java
2008-07-03 22:06:28 0 d-------- C:\Program Files\Messenger
2008-07-03 21:38:38 0 d-------- C:\Program Files\Movie Maker
2008-07-03 21:30:44 0 d-------- C:\Program Files\Windows NT
2008-07-03 21:12:14 0 d-------- C:\Documents and Settings\Four S\Application Data\Adobe
2008-07-02 17:27:18 836 --a------ C:\Documents and Settings\Four S\Application Data\ViewerApp.dat
2008-06-30 02:58:13 0 d-------- C:\Program Files\Common Files\??mbols
2008-06-30 02:58:11 0 d-------- C:\Program Files\Common Files\a?sembly
2008-06-28 23:20:23 0 d-------- C:\Documents and Settings\Four S\Application Data\Azureus
2008-06-17 18:31:38 0 d-------- C:\Program Files\Azureus
2008-05-21 15:51:59 0 d-------- C:\Program Files\Abacus Evolve Teachers
2008-05-11 08:42:26 0 d-------- C:\Documents and Settings\Four S\Application Data\DVD Flick
2008-05-09 21:33:03 0 d-------- C:\Program Files\Launch Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AE85766-958F-481E-B51F-28D980BB371B}]
C:\WINDOWS\system32\fccdddBR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]
C:\WINDOWS\system32\efcYRLbB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/01/2004 09:27]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/01/2004 09:23]
"SoundMan"="SOUNDMAN.EXE" [19/12/2003 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [23/09/2003 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [28/04/2003 15:08]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [18/04/2003 14:36]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/04/2003 15:20]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [27/02/2004 10:57]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [11/12/2003 18:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [21/10/2003 11:52]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 12:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/05/2005 00:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/02/2006 22:39]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [01/06/2006 21:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"ActivFilter"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe" [07/11/2002 14:41]
"ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [30/05/2007 16:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"runner1"="C:\WINDOWS\mrofinu572.exe" []
"UniKey"="" []
"ActivDRVAutostart"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"BMd750028d"="C:\WINDOWS\system32\gxnjnsaq.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/09/2006 06:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/04/2008 17:33]
"Vsmwzdoi"="C:\Program Files\Common Files\a?sembly\i?xplore.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"360SCProgram"=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9C28EAFB-FF50-4F42-8D39-A006129CC907}"= C:\WINDOWS\system32\efcYRLbB.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYRLbB]
efcYRLbB.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccdddBR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1fbfd0-2fd1-11dc-b469-000e3523f2fd}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-04 21:13:38 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1600MHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 494.42 MiB / 125.37 MiB
Pagefile Memory (total/avail): 1154.12 MiB / 768.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1804.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.48 GiB total, 7.1 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 5.47 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATMR04-0 - 37.26 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 27.48 GiB - C:
\PARTITION1 - Installable File System - 9.77 GiB - D:
\PARTITION2 - Unknown - 7.84 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Four S\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-PHUW0A6HUA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Four S
LOGONSERVER=\\ACER-PHUW0A6HUA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FOURS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\FOURS~1\LOCALS~1\Temp
USERDOMAIN=ACER-PHUW0A6HUA
USERNAME=Four S
USERPROFILE=C:\Documents and Settings\Four S
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Four S (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacus Evolve Framework Edition ITR Year 1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{B0E6132D-BAFA-4933-963D-027945035643}
Abacus Evolve Framework Edition ITR Year 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{98AE969C-3B85-4AF4-B844-DA71836053FF}
Abacus Evolve I-Planner Framework Edition --> C:\Program Files\InstallShield Installation Information\{F56339EE-B773-4686-8D70-DA0E84378F1C}\setup.exe -runfromtemp -l0x0009 -removeonly
Abacus Evolve I-Planner Framework Edition Client --> MsiExec.exe /X{34533DD3-136D-4293-AE6C-193084745A6D}
Acer Notebook Manager --> MsiExec.exe /X{8C2FA1ED-8248-42DF-A78A-48D40133129E}
ACTIVdriver v2.6.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{473D0886-819E-4E5C-989E-1AB8B8D983BF} /l2057
Activdriver v4.1.10 --> MsiExec.exe /I{DCBE1A94-4DF9-4ECF-8580-0271D7806DD8}
ACTIVprimary English (UK) v1.2 (Build 2) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EA50D6A9-AA24-4236-85ED-741649CC3A61}
ACTIVprimary Resources English (UK) v1.2.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{76313D5E-2D5C-4C46-B8DB-8EC2C0A262C9}
ACTIVprimary v2.5.94 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FDE509D1-D692-47AF-9304-AED8B7EAFED6} /l2057
ACTIVprimary2 Help (GBR) v2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9E9C7655-5993-44EC-A1CE-0B29AA0F8C10}
ACTIVprimary2 Resources (GBR) v2.0.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2EE06022-C60E-41A5-965E-AA59AE6BEEC6}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DirectShow .SHN FIlter --> "C:\Program Files\DirectShow .SHN FIlter\Uninstall.exe" "C:\Program Files\DirectShow .SHN FIlter\install.log"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
Easiteach --> MsiExec.exe /X{AABDCD05-B435-405A-A8FD-D926AF2E2500}
EasySet System --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Intermec\EasySet System\DeIsL1.isu" -c"C:\Program Files\Intermec\EasySet System\_ISREG32.DLL"
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
FLV Player 1.3.3 --> "C:\Documents and Settings\Four S\My Documents\My Videos\FLV player\FLVPlayer\uninstall.exe"
Good Guide to Interactive Whiteboards --> "C:\Program Files\Good Guide to Interactive Whiteboards\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 4 Demo --> MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IEPWriterV3 --> E:\Uninstall.exe
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
iSofter DVD Audio Ripper Deluxe 3.0.2007.228 --> "C:\Program Files\iSofter\DVDtoMP3\unins000.exe"
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Magic DVD Ripper V5.1.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft GB18030 Support Package --> MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}
Microsoft Office PowerPoint 2003 Presentation Broadcast --> MsiExec.exe /I{90AA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Producer for Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-E5E08F691033}
Microsoft SQL Server Desktop Engine (IPLANNERFRAMEWK) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
O2Micro MemoryCardBus & Smart Card Reader Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{015D937D-9D52-45A4-BDAA-2413938C0564} /l1033
OpenMG Limited Patch 4.6-06-09-04-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.6-06-09-04-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.6.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{D5654243-0EDC-4BE7-8353-16ECE4019CD1} UNINSTALL
PDF Manual NW-S600/S700F Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF71D37B-0CC7-4B8B-863C-FB23849A508E}\setup.exe" -l0x9 UNINSTALL -removeonly
PDF to Text Converter 2.0 --> "C:\Program Files\Adobe\pdf2txt\unins000.exe"
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Riva FLV Encoder 2.0 --> "C:\Documents and Settings\Four S\My Documents\Gaz\Devices\Riva FLV Encoder 2.0\unins000.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SonicStage 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TravelMate Series --> C:\Program Files\TravelMate Series\uninstall.exe
Video to Audio Converter 1.12 --> "C:\Documents and Settings\Four S\My Documents\Gaz\Devices\Video to Audio Converter\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Movie Maker 2 Winter Fun Pack --> MsiExec.exe /I{106F886B-A874-43DF-BCC4-01DB57E1F3C6}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 --> MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Documents and Settings\Four S\My Documents\Gaz\Winrar\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type19412 / Warning
Event Submitted/Written: 07/04/2008 09:12:31 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EA50D6A9-AA24-4236-85ED-741649CC3A61}', feature 'ACTIVprimary' failed during request for component '{0DE74398-BC0D-4E1C-94CC-D058C12E31C8}'

Event Record #/Type19411 / Warning
Event Submitted/Written: 07/04/2008 09:12:31 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EA50D6A9-AA24-4236-85ED-741649CC3A61}', feature 'ACTIVprimary', component '{786AE8F8-A654-43CD-B0F8-FAA66E52488D}' failed. The resource 'C:\Program Files\ACTIV Software\ACTIVprimary\A8Res.dll' does not exist.

Event Record #/Type19410 / Warning
Event Submitted/Written: 07/04/2008 09:02:59 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EA50D6A9-AA24-4236-85ED-741649CC3A61}', feature 'ACTIVprimary' failed during request for component '{0DE74398-BC0D-4E1C-94CC-D058C12E31C8}'

Event Record #/Type19409 / Warning
Event Submitted/Written: 07/04/2008 09:02:59 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EA50D6A9-AA24-4236-85ED-741649CC3A61}', feature 'ACTIVprimary', component '{786AE8F8-A654-43CD-B0F8-FAA66E52488D}' failed. The resource 'C:\Program Files\ACTIV Software\ACTIVprimary\A8Res.dll' does not exist.

Event Record #/Type19408 / Error
Event Submitted/Written: 07/04/2008 08:56:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type113050 / Error
Event Submitted/Written: 07/04/2008 07:03:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Event Record #/Type113049 / Error
Event Submitted/Written: 07/04/2008 07:02:40 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Event Record #/Type113040 / Error
Event Submitted/Written: 07/04/2008 07:02:04 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ACTIVdrv

Event Record #/Type113039 / Error
Event Submitted/Written: 07/04/2008 07:02:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ACTIVdriver Control service failed to start due to the following error:
%%2

Event Record #/Type112417 / Warning
Event Submitted/Written: 07/04/2008 01:54:48 AM
Event ID/Source: 1006 / WinDefend
Event Description:
%NT AUTHORITY27 scan has detected spyware or other potentially unwanted software.

For more information please see the following:
%NT AUTHORITY275

Scan ID: {3CF5EE97-BA20-4996-A042-6E3ECCD2BAB3}

Scan Type: %NT AUTHORITY01

Scan Parameters: %NT AUTHORITY09

User: NT AUTHORITY\NETWORK SERVICE

Name: %NT AUTHORITY271

ID: %NT AUTHORITY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %NT AUTHORITY276

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-04 21:13:38 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 04, 2008 20:42:32
Records in database: 913699
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 83468
Threat name: 15
Infected objects: 276
Suspicious objects: 0
Duration of the scan: 02:19:33


File name / Threat name / Threats count
C:\Deckard\System Scanner\backup\DOCUME~1\FOURS~1\LOCALS~1\Temp\snapsnet.exe Infected: Trojan-Downloader.Win32.VB.eyc 1
C:\Program Files\Norton AntiVirus\Quarantine\033A528D.htm Infected: Exploit.HTML.VML.d 1
C:\Program Files\Norton AntiVirus\Quarantine\04836BA9.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\05140269.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\07B41BE5.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\094303F8 Infected: Trojan.Win32.Scapur.k 1
C:\Program Files\Norton AntiVirus\Quarantine\094D3147.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\0B2B2FC8.htm Infected: Exploit.HTML.VML.d 1
C:\Program Files\Norton AntiVirus\Quarantine\0FF7344C Infected: Trojan.Win32.Scapur.k 1
C:\Program Files\Norton AntiVirus\Quarantine\0FFA5E48 Infected: not-a-virus:AdWare.Win32.PurityScan.gp 1
C:\Program Files\Norton AntiVirus\Quarantine\0FFD0845 Infected: Trojan.Win32.Scapur.k 1
C:\Program Files\Norton AntiVirus\Quarantine\13796273.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\175D6724.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\247240E6 Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Program Files\Norton AntiVirus\Quarantine\28012E90.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2DCE2CD8.htm Infected: Trojan-Downloader.JS.Agent.cd 1
C:\Program Files\Norton AntiVirus\Quarantine\2E416A5B.htm Infected: Exploit.HTML.VML.d 1
C:\Program Files\Norton AntiVirus\Quarantine\2E546645.htm Infected: Exploit.JS.XMLCore.a 1
C:\Program Files\Norton AntiVirus\Quarantine\2E7E5F21.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2ED44BB9.htm Infected: Trojan-Downloader.JS.Agent.cd 1
C:\Program Files\Norton AntiVirus\Quarantine\2EDD49AE.htm Infected: Trojan-Downloader.JS.Agent.bx 1
C:\Program Files\Norton AntiVirus\Quarantine\2EE173AA.htm Infected: Trojan-Downloader.JS.Agent.cd 1
C:\Program Files\Norton AntiVirus\Quarantine\2EE41DA7.htm Infected: Exploit.JS.XMLCore.a 1
C:\Program Files\Norton AntiVirus\Quarantine\2FB3147C.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2FE40A46.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2FEA5E3F.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2FF45C34.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2FF45C34.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\2FF45C34.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\2FF70631.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\2FFA302D.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\2FFA302D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\2FFE5A29.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\2FFE5A29.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\3007581F.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\3007581F.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\300B021B.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\300B021B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\30115614.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\30115614.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\30140010.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\30140010.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\301B5409.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\301B5409.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\301E7E05.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\301E7E05.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\33567264.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\33567264.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\350C2BB4 Infected: Trojan-Downloader.Win32.Small.dxx 1
C:\Program Files\Norton AntiVirus\Quarantine\392C4BCF.exe Infected: Trojan-Downloader.Win32.VB.eyc 1
C:\Program Files\Norton AntiVirus\Quarantine\39B85934.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Program Files\Norton AntiVirus\Quarantine\3B8B7C81.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\3BB91900.exe Infected: Trojan-Downloader.Win32.Agent.tkz 1
C:\Program Files\Norton AntiVirus\Quarantine\3BC51C9F.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\3D960AF3.exe Infected: Trojan-Downloader.Win32.VB.eyc 1
C:\Program Files\Norton AntiVirus\Quarantine\3EBB0DA9.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\3EF31773.exe Infected: Trojan-Downloader.Win32.VB.eyc 1
C:\Program Files\Norton AntiVirus\Quarantine\421E2329 Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Program Files\Norton AntiVirus\Quarantine\42B77197 Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Program Files\Norton AntiVirus\Quarantine\47577009 Infected: Trojan-Downloader.Win32.Small.dxx 1
C:\Program Files\Norton AntiVirus\Quarantine\48A95F0C Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Program Files\Norton AntiVirus\Quarantine\4902308C.htm Infected: Trojan-Downloader.JS.Agent.bx 1
C:\Program Files\Norton AntiVirus\Quarantine\4D51794A Infected: Trojan-Downloader.Win32.Small.dxx 1
C:\Program Files\Norton AntiVirus\Quarantine\53CE5CDF Infected: Trojan-Downloader.Win32.Small.dxx 1
C:\Program Files\Norton AntiVirus\Quarantine\55E771AE.exe Infected: Trojan-Downloader.Win32.Agent.tkz 1
C:\Program Files\Norton AntiVirus\Quarantine\5DED62B8.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\605938EC.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\611A4069 Infected: Trojan-Spy.Win32.BZub.ih 1
C:\Program Files\Norton AntiVirus\Quarantine\62634E6E.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\62E12072.htm Infected: Exploit.JS.XMLCore.a 1
C:\Program Files\Norton AntiVirus\Quarantine\62F90131.htm Infected: Exploit.JS.XMLCore.a 1
C:\Program Files\Norton AntiVirus\Quarantine\6309531F.htm Infected: Exploit.HTML.VML.d 1
C:\Program Files\Norton AntiVirus\Quarantine\630C7D1B.htm Infected: Trojan-Downloader.JS.Agent.cd 1
C:\Program Files\Norton AntiVirus\Quarantine\635458C6.htm Infected: Trojan-Downloader.JS.Agent.bx 1
C:\Program Files\Norton AntiVirus\Quarantine\63CA0A4D.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\63CD344A.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\63CD344A.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\63CD344A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\641225FE.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6732548E.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6732548E.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\67382887.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\673C5283.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\673F7C7F.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\67497A75.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\67497A75.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\674F4E6E.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\674F4E6E.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6753786A.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6753786A.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6753786A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\67594C63.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\67594C63.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\675C765F.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\675C765F.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6760205C.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6760205C.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\67634A58.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\67634A58.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\67667454.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\67667454.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\676D484D.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\676D484D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\680353A8.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\680927A1.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\680927A1.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\680927A1.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\680D519D.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\68107B9A.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\68107B9A.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68107B9A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68132596.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68132596.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68164F92.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\68164F92.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68164F92.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\681D238B.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\681D238B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68204D88.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68204D88.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68272180.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68272180.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\682A4B7D.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\682A4B7D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\682D7579.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\682D7579.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68311F76.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68311F76.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68344972.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68344972.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\683A1D6B.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\683A1D6B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\683E4767.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\683E4767.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6858174A.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\685B4147.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\685E6B43.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\685E6B43.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\685E6B43.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68621540.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68621540.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68686938.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68686938.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\686B1335.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\686B1335.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6872672E.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6872672E.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6875112A.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6875112A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68783B27.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68783B27.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\687F0F1F.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\687F0F1F.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6882391C.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6882391C.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\68866318.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\68866318.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\69417DF6.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6B2E531D.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6E3759FA Infected: Trojan-Downloader.Win32.Small.dxx 1
C:\Program Files\Norton AntiVirus\Quarantine\6E95789E.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6E9A5CE4.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F1C5CB4.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F1F06B1.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F1F06B1.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F1F06B1.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F2C2EA2.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F362C97.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F362C97.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F362C97.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F395694.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F3C0090.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\6F3C0090.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F3C0090.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F402A8D.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F402A8D.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F435489.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F435489.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F467E85.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F467E85.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F492882.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F492882.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F507C7B.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F507C7B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F575073.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F575073.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6F5A7A70.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6F5A7A70.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6FF32FC7.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6FF32FC7.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6FF759C3.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6FF759C3.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\6FFA03C0.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\6FFA03C0.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\700057B9.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\700057B9.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\700A55AE.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\700A55AE.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\701453A3.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\701453A3.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\701A279C.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\701A279C.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\701E5198.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\701E5198.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\70242591.zip Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\70242591.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\7289693B.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\73533430.htm Infected: Trojan-Downloader.JS.Agent.bx 1
C:\Program Files\Norton AntiVirus\Quarantine\73B6478D.dll Infected: Trojan-Spy.Win32.BZub.ih 1
C:\Program Files\Norton AntiVirus\Quarantine\79BF1BB9.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\7A0972A4.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\7C235FE7.htm Infected: Trojan-Downloader.JS.Agent.hv 1
C:\Program Files\Norton AntiVirus\Quarantine\7FD6791F.htm Infected: Trojan-Downloader.JS.Agent.hv 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 05 July 2008 - 11:32 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\efcYRLbB.dll
    C:\WINDOWS\system32\RBdddccf.ini2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9C28EAFB-FF50-4F42-8D39-A006129CC907}
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYRLbB
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMd750028d
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 July 2008 - 12:49 PM

Hi Sam

Thanks for the prompt reply, I was expecting a bit of a wait seeing as this place is very popular right now. Nice to know Im in good company!!! Seriously gonna have to stop the girlfriend opening those attachments on her emails!


Move it log and DSS below
Gaz

File/Folder C:\WINDOWS\system32\efcYRLbB.dll not found.
C:\WINDOWS\system32\RBdddccf.ini2 moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9C28EAFB-FF50-4F42-8D39-A006129CC907} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9C28EAFB-FF50-4F42-8D39-A006129CC907} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C28EAFB-FF50-4F42-8D39-A006129CC907}\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYRLbB >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYRLbB\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMd750028d >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BMd750028d deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_183805



Deckard's System Scanner v20071014.68
Run by Four S on 2008-07-05 18:39:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Four S.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:15, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$IPLANNERFRAMEWK\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Four S\Desktop\dss.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FOURS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.standrews-primary.surrey.sch.uk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE85766-958F-481E-B51F-28D980BB371B} - C:\WINDOWS\system32\fccdddBR.dll (file missing)
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ActivFilter] C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ActivDRVAutostart] C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vsmwzdoi] "C:\Program Files\Common Files\a?sembly\i?xplore.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1092677654125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...991/mcfscan.cab
O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - Unknown owner - C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11559 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-04 20:58:48 0 d-------- C:\Program Files\Trend Micro
2008-07-04 20:39:18 0 d-------- C:\Program Files\Sun
2008-07-04 20:14:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-03 22:07:31 0 d-------- C:\WINDOWS\Prefetch
2008-07-03 21:38:45 0 d-------- C:\WINDOWS\system32\scripting
2008-07-03 21:38:41 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 21:38:40 0 d-------- C:\WINDOWS\system32\en
2008-07-02 21:47:04 0 d-------- C:\Program Files\Windows Defender
2008-06-30 00:05:08 32243714 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-29 19:35:14 0 d-------- C:\Program Files\AntiSpywareMaster
2008-06-29 19:30:20 0 d-------- C:\Program Files\Common Files\a?sembly
2008-06-29 19:29:14 0 d-------- C:\Program Files\Common Files\??mbols
2008-06-29 19:28:54 0 d-------- C:\WINDOWS\system32\modtrux01
2008-06-26 22:05:53 0 d-------- C:\Documents and Settings\Four S\Application Data\Apple Computer
2008-06-26 21:58:11 0 d-------- C:\Program Files\QuickTime
2008-06-26 21:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 21:57:25 0 d-------- C:\Program Files\Apple Software Update
2008-06-26 21:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-19 20:25:27 0 d--hs---- C:\Documents and Settings\Four S\Application Data\.#


-- Find3M Report ---------------------------------------------------------------

2008-07-05 17:09:22 0 d-------- C:\Program Files\Common Files
2008-07-04 20:38:40 0 d-------- C:\Program Files\Java
2008-07-03 22:06:28 0 d-------- C:\Program Files\Messenger
2008-07-03 21:38:38 0 d-------- C:\Program Files\Movie Maker
2008-07-03 21:30:44 0 d-------- C:\Program Files\Windows NT
2008-07-03 21:12:14 0 d-------- C:\Documents and Settings\Four S\Application Data\Adobe
2008-07-02 17:27:18 836 --a------ C:\Documents and Settings\Four S\Application Data\ViewerApp.dat
2008-06-30 02:58:13 0 d-------- C:\Program Files\Common Files\??mbols
2008-06-30 02:58:11 0 d-------- C:\Program Files\Common Files\a?sembly
2008-06-28 23:20:23 0 d-------- C:\Documents and Settings\Four S\Application Data\Azureus
2008-06-17 18:31:38 0 d-------- C:\Program Files\Azureus
2008-05-21 15:51:59 0 d-------- C:\Program Files\Abacus Evolve Teachers
2008-05-11 08:42:26 0 d-------- C:\Documents and Settings\Four S\Application Data\DVD Flick
2008-05-09 21:33:03 0 d-------- C:\Program Files\Launch Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AE85766-958F-481E-B51F-28D980BB371B}]
C:\WINDOWS\system32\fccdddBR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/01/2004 09:27]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/01/2004 09:23]
"SoundMan"="SOUNDMAN.EXE" [19/12/2003 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [23/09/2003 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [28/04/2003 15:08]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [18/04/2003 14:36]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/04/2003 15:20]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [27/02/2004 10:57]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [11/12/2003 18:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [21/10/2003 11:52]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 12:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/05/2005 00:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/02/2006 22:39]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [01/06/2006 21:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"ActivFilter"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe" [07/11/2002 14:41]
"ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [30/05/2007 16:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"UniKey"="" []
"ActivDRVAutostart"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/09/2006 06:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/04/2008 17:33]
"Vsmwzdoi"="C:\Program Files\Common Files\a?sembly\i?xplore.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"360SCProgram"=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccdddBR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1fbfd0-2fd1-11dc-b469-000e3523f2fd}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-05 18:43:52 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 05 July 2008 - 05:24 PM

Don't be too hard on her for the attachments. That's probably not where this one came from. :thumbsup:

Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 July 2008 - 06:04 PM

Thanks for your help so far Sam.

I wont tell her what you said about the attachments!!! :thumbsup:

By the way while running combo fix widows installer kept popping up telling me to insert a Cd, i just clicked cancel, you might not need to know this??

Heres the combofix log

ComboFix 08-07-04.6 - Four S 2008-07-05 23:33:06.1 - NTFSx86
Running from: C:\Documents and Settings\Four S\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Four S\Application Data\.#
C:\Program Files\AntiSpywareMaster
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\??mbols\
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\goqyvwnh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmgpqwpv.ini
C:\WINDOWS\system32\wflekvgr.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 18:38 . 2008-07-05 18:38 <DIR> d-------- C:\_OTMoveIt
2008-07-04 20:58 . 2008-07-04 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-04 20:52 . 2008-07-04 20:52 <DIR> d-------- C:\Deckard
2008-07-04 20:39 . 2008-07-04 20:39 <DIR> d-------- C:\Program Files\Sun
2008-07-04 20:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 20:14 . 2008-07-04 20:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-04 09:31 . 2008-07-04 15:58 <DIR> d-------- C:\Documents and Settings\Abacus Evolve YR2
2008-07-04 08:47 . 2008-07-04 09:32 <DIR> d-------- C:\Documents and Settings\Year 2 Abacus from Anne\Year 2 Abacus
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-03 20:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-07-03 20:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-07-03 20:59 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-03 20:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-07-03 20:57 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-07-03 20:57 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-07-03 20:57 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-07-03 20:57 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-03 20:57 . 2008-04-14 01:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-07-03 20:56 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-03 20:56 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-03 20:56 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-03 20:56 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-03 20:56 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-03 20:56 . 2007-06-21 06:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-07-03 20:54 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-02 21:47 . 2008-07-02 21:47 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-30 22:37 . 2008-07-02 23:20 110,446 --a------ C:\WINDOWS\BMd750028d.xml
2008-06-30 00:05 . 2008-06-30 00:06 32,243,714 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-29 19:40 . 2008-06-29 19:40 13,502 --a------ C:\WINDOWS\system32\CelldoradoIconUK.ico
2008-06-29 19:40 . 2008-06-29 19:40 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-06-29 19:34 . 2008-07-02 23:33 403 --ahs---- C:\WINDOWS\system32\RBdddccf.ini
2008-06-29 19:32 . 2008-06-29 19:32 22 --a------ C:\WINDOWS\b152.exe.bin
2008-06-29 19:28 . 2008-06-29 19:36 <DIR> d-------- C:\WINDOWS\system32\modtrux01
2008-06-29 19:28 . 2008-06-29 19:28 <DIR> d-------- C:\temp\syschk3
2008-06-26 22:05 . 2008-06-26 22:05 <DIR> d-------- C:\Documents and Settings\Four S\Application Data\Apple Computer
2008-06-26 21:58 . 2008-06-26 21:59 <DIR> d-------- C:\Program Files\QuickTime
2008-06-26 21:58 . 2008-06-26 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 21:57 . 2008-06-26 21:57 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-26 21:57 . 2008-06-26 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-11 16:08 . 2008-07-04 08:19 <DIR> d-------- C:\Documents and Settings\Numeracy year 2
2008-06-11 16:06 . 2008-06-11 16:06 <DIR> d-------- C:\Documents and Settings\Literacy YR 2
2008-06-11 15:59 . 2008-06-11 15:59 <DIR> d-------- C:\Documents and Settings\DT
2008-06-11 15:41 . 2008-07-04 09:37 <DIR> d-------- C:\Documents and Settings\Year 2 Abacus from Anne
2008-06-11 15:35 . 2008-07-04 19:20 <DIR> d-------- C:\Documents and Settings\General
2008-06-11 13:20 . 2008-05-08 15:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 13:18 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 22:30 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-04 19:38 --------- d-----w C:\Program Files\Java
2008-07-02 16:27 836 ----a-w C:\Documents and Settings\Four S\Application Data\ViewerApp.dat
2008-06-28 22:20 --------- d-----w C:\Documents and Settings\Four S\Application Data\Azureus
2008-06-17 17:31 --------- d-----w C:\Program Files\Azureus
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 14:51 --------- d-----w C:\Program Files\Abacus Evolve Teachers
2008-05-11 07:42 --------- d-----w C:\Documents and Settings\Four S\Application Data\DVD Flick
2008-05-09 20:33 --------- d-----w C:\Program Files\Launch Manager
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2004-09-27 13:17 26,953,157 ----a-w C:\Program Files\NAV10ESD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vsmwzdoi"="C:\Program Files\Common Files\a?sembly\i?xplore.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 06:18 81920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 17:33 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-01-16 09:27 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-16 09:23 118784]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-28 15:08 184320]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 14:36 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 15:20 610304]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-02-27 10:57 294912]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [2003-12-11 18:18 509952]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47 71328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-16 22:39 180269]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-01 21:23 100056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"ActivFilter"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe" [2002-11-07 14:41 23552]
"ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [2007-05-30 16:12 876544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 18:38 54472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM 282624]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [8/6/2005 4:51:34 PM 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [8/6/2005 4:51:24 PM 106496]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM 74308]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/16/2004 6:24:07 PM 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R2 acernbm;acernbm;C:\WINDOWS\system32\drivers\acernbm.sys [2004-01-06 18:18]
R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2007-10-01 10:32]
R2 ipasintf;ipasintf;C:\WINDOWS\System32\drivers\pas2k.sys [2000-10-03 19:29]
R2 MSSQL$IPLANNERFRAMEWK;MSSQL$IPLANNERFRAMEWK;C:\Program Files\Microsoft SQL Server\MSSQL$IPLANNERFRAMEWK\Binn\sqlservr.exe [2002-12-17 17:26]
R2 osadmi;osadmi;C:\WINDOWS\system32\drivers\osadmi.sys [2003-12-10 20:49]
R3 ActivHidSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-04-27 11:42]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-01-07 16:19]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 09:46]
R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-04-27 11:32]
S2 ActivDRVcontrol;ACTIVdriver Control;C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe []
S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;C:\WINDOWS\system32\Drivers\ActivDRV_USB.sys []
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 SQLAgent$IPLANNERFRAMEWK;SQLAgent$IPLANNERFRAMEWK;C:\Program Files\Microsoft SQL Server\MSSQL$IPLANNERFRAMEWK\Binn\sqlagent.EXE [2002-12-17 17:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1fbfd0-2fd1-11dc-b469-000e3523f2fd}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 20:57:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-07-20 18:29:24 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-07-05 22:48:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-05 22:49:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{1AE85766-958F-481E-B51F-28D980BB371B} - C:\WINDOWS\system32\fccdddBR.dll
BHO-{9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
HKLM-Run-ActivDRVAutostart - C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVcontrol.exe
HKLM-Run-UniKey - (no file)
HKLM-RunServices-360SCProgram - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:43:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVSCAN.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-05 23:58:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 22:57:51

Pre-Run: 7,759,732,736 bytes free
Post-Run: 7,733,686,272 bytes free

275 --- E O F --- 2008-06-20 21:11:09

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 05 July 2008 - 08:03 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\WINDOWS\system32\modtrux01
C:\temp\syschk3

File::
C:\WINDOWS\system32\RBdddccf.ini
C:\WINDOWS\b152.exe.bin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vsmwzdoi"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 July 2008 - 04:12 AM

Here we go
Combo fix log and MBAM log below, still no sound yet, just the occassional beep the same as you get when in safe mode :thumbsup:


ComboFix 08-07-04.6 - Four S 2008-07-06 9:18:48.2 - NTFSx86
Running from: C:\Documents and Settings\Four S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Four S\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\b152.exe.bin
C:\WINDOWS\system32\RBdddccf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\syschk3
C:\WINDOWS\b152.exe.bin
C:\WINDOWS\system32\modtrux01
C:\WINDOWS\system32\RBdddccf.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-05 18:38 . 2008-07-05 18:38 <DIR> d-------- C:\_OTMoveIt
2008-07-04 20:58 . 2008-07-04 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-04 20:52 . 2008-07-04 20:52 <DIR> d-------- C:\Deckard
2008-07-04 20:39 . 2008-07-04 20:39 <DIR> d-------- C:\Program Files\Sun
2008-07-04 20:38 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 20:14 . 2008-07-04 20:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-04 09:31 . 2008-07-04 15:58 <DIR> d-------- C:\Documents and Settings\Abacus Evolve YR2
2008-07-04 08:47 . 2008-07-04 09:32 <DIR> d-------- C:\Documents and Settings\Year 2 Abacus from Anne\Year 2 Abacus
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-03 21:38 . 2008-07-03 21:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-03 20:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-07-03 20:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-07-03 20:59 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-03 20:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-07-03 20:57 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-07-03 20:57 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-07-03 20:57 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-07-03 20:57 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-03 20:57 . 2008-04-14 01:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-07-03 20:56 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-03 20:56 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-03 20:56 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-03 20:56 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-03 20:56 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-03 20:56 . 2007-06-21 06:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-07-03 20:54 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-02 21:47 . 2008-07-02 21:47 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-30 22:37 . 2008-07-02 23:20 110,446 --a------ C:\WINDOWS\BMd750028d.xml
2008-06-30 00:05 . 2008-06-30 00:06 32,243,714 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-29 19:40 . 2008-06-29 19:40 13,502 --a------ C:\WINDOWS\system32\CelldoradoIconUK.ico
2008-06-29 19:40 . 2008-06-29 19:40 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-06-26 22:05 . 2008-06-26 22:05 <DIR> d-------- C:\Documents and Settings\Four S\Application Data\Apple Computer
2008-06-26 21:58 . 2008-06-26 21:59 <DIR> d-------- C:\Program Files\QuickTime
2008-06-26 21:58 . 2008-06-26 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 21:57 . 2008-06-26 21:57 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-26 21:57 . 2008-06-26 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-11 16:08 . 2008-07-04 08:19 <DIR> d-------- C:\Documents and Settings\Numeracy year 2
2008-06-11 16:06 . 2008-06-11 16:06 <DIR> d-------- C:\Documents and Settings\Literacy YR 2
2008-06-11 15:59 . 2008-06-11 15:59 <DIR> d-------- C:\Documents and Settings\DT
2008-06-11 15:41 . 2008-07-04 09:37 <DIR> d-------- C:\Documents and Settings\Year 2 Abacus from Anne
2008-06-11 15:35 . 2008-07-04 19:20 <DIR> d-------- C:\Documents and Settings\General
2008-06-11 13:20 . 2008-05-08 15:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 13:18 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 22:30 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-04 19:38 --------- d-----w C:\Program Files\Java
2008-07-02 16:27 836 ----a-w C:\Documents and Settings\Four S\Application Data\ViewerApp.dat
2008-06-28 22:20 --------- d-----w C:\Documents and Settings\Four S\Application Data\Azureus
2008-06-17 17:31 --------- d-----w C:\Program Files\Azureus
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 14:51 --------- d-----w C:\Program Files\Abacus Evolve Teachers
2008-05-11 07:42 --------- d-----w C:\Documents and Settings\Four S\Application Data\DVD Flick
2008-05-09 20:33 --------- d-----w C:\Program Files\Launch Manager
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2004-09-27 13:17 26,953,157 ----a-w C:\Program Files\NAV10ESD.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-05_23.57.03.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 22:41:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 07:54:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 07:54:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_490.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AE85766-958F-481E-B51F-28D980BB371B}]
C:\WINDOWS\system32\fccdddBR.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-09-05 06:18 81920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 17:33 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-01-16 09:27 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-16 09:23 118784]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-28 15:08 184320]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 14:36 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 15:20 610304]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-02-27 10:57 294912]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [2003-12-11 18:18 509952]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47 71328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-16 22:39 180269]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-01 21:23 100056]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"ActivFilter"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe" [2002-11-07 14:41 23552]
"ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [2007-05-30 16:12 876544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 17:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-23 17:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 18:38 54472]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM 282624]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [8/6/2005 4:51:34 PM 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [8/6/2005 4:51:24 PM 106496]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM 74308]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/16/2004 6:24:07 PM 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R2 acernbm;acernbm;C:\WINDOWS\system32\drivers\acernbm.sys [2004-01-06 18:18]
R2 ddnt;ddnt;C:\WINDOWS\system32\drivers\ddnt.sys [2007-10-01 10:32]
R2 ipasintf;ipasintf;C:\WINDOWS\System32\drivers\pas2k.sys [2000-10-03 19:29]
R2 osadmi;osadmi;C:\WINDOWS\system32\drivers\osadmi.sys [2003-12-10 20:49]
R3 ActivHidSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-04-27 11:42]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-01-07 16:19]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 09:46]
R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-04-27 11:32]
S2 ActivDRVcontrol;ACTIVdriver Control;C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe []
S3 ActivDRV_USB;ActivDRV_USB.Sys USB ACTIVboard;C:\WINDOWS\system32\Drivers\ActivDRV_USB.sys []
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1fbfd0-2fd1-11dc-b469-000e3523f2fd}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 20:57:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-07-20 18:29:24 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-07-06 08:15:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-06 08:02:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 09:25:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\TMP000000985451B444240843E3 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-07-06 9:29:47
ComboFix-quarantined-files.txt 2008-07-06 08:29:29
ComboFix2.txt 2008-07-05 22:58:17

Pre-Run: 7,704,584,192 bytes free
Post-Run: 7,697,149,952 bytes free

248 --- E O F --- 2008-06-20 21:11:09




Malwarebytes' Anti-Malware 1.19
Database version: 926
Windows 5.1.2600 Service Pack 3

10:06:53 06/07/2008
mbam-log-7-6-2008 (10-06-53).txt

Scan type: Quick Scan
Objects scanned: 51903
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Four S\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 06 July 2008 - 08:48 AM

Here's the good news. Your log is looking much better. We may just about have your malware issue resolved.
The bad news is that your audio problem is not associated with malware.

When did the audio issue first become apparent?

Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 July 2008 - 09:07 AM

My audio became an issue either after running regedit and and reinstalling an earlier registry backup or it was after installing windows defender which detected and deleted some stuff. Whne i hit the function key to adjust the volume nothing happens.

I ge tthis message when trying to play an MP3 - Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly.

With quicktime i get the video playing but no sound??


I did backup my registry to CD before following symantec trojan.adclicker advice before looking in certain places to try and delete a file. I did try running that some time ago but it comes up with an error when doing so (I havent tried it again).

Any further ideas?

Cheers
DSS below


Scan saved at 14:53:21, on 06/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$IPLANNERFRAMEWK\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Four S\Desktop\dss.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FOURS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.standrews-primary.surrey.sch.uk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE85766-958F-481E-B51F-28D980BB371B} - C:\WINDOWS\system32\fccdddBR.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ActivFilter] C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1092677654125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...991/mcfscan.cab
O23 - Service: ACTIVdriver Control (ActivDRVcontrol) - Unknown owner - C:\Program Files\ACTIV Software\ACTIVdriver\ActivDRVservice.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11251 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 09:39:50 0 d-------- C:\Documents and Settings\Four S\Application Data\Malwarebytes
2008-07-06 09:39:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 09:38:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 09:25:36 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-05 23:31:44 68096 --a------ C:\WINDOWS\zip.exe
2008-07-05 23:31:44 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-05 23:31:44 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-05 23:31:44 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-05 23:31:44 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-05 23:31:44 98816 --a------ C:\WINDOWS\sed.exe
2008-07-05 23:31:44 80412 --a------ C:\WINDOWS\grep.exe
2008-07-05 23:31:44 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-04 20:58:48 0 d-------- C:\Program Files\Trend Micro
2008-07-04 20:39:18 0 d-------- C:\Program Files\Sun
2008-07-04 20:14:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-03 22:07:31 0 d-------- C:\WINDOWS\Prefetch
2008-07-03 21:38:45 0 d-------- C:\WINDOWS\system32\scripting
2008-07-03 21:38:41 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 21:38:40 0 d-------- C:\WINDOWS\system32\en
2008-07-02 21:47:04 0 d-------- C:\Program Files\Windows Defender
2008-06-30 00:05:08 32243714 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-06-26 22:05:53 0 d-------- C:\Documents and Settings\Four S\Application Data\Apple Computer
2008-06-26 21:58:11 0 d-------- C:\Program Files\QuickTime
2008-06-26 21:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-26 21:57:25 0 d-------- C:\Program Files\Apple Software Update
2008-06-26 21:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-07-06 12:40:50 0 d-------- C:\Program Files\Common Files
2008-07-05 23:30:45 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-04 20:38:40 0 d-------- C:\Program Files\Java
2008-07-03 22:06:28 0 d-------- C:\Program Files\Messenger
2008-07-03 21:38:38 0 d-------- C:\Program Files\Movie Maker
2008-07-03 21:30:44 0 d-------- C:\Program Files\Windows NT
2008-07-03 21:12:14 0 d-------- C:\Documents and Settings\Four S\Application Data\Adobe
2008-07-02 17:27:18 836 --a------ C:\Documents and Settings\Four S\Application Data\ViewerApp.dat
2008-06-28 23:20:23 0 d-------- C:\Documents and Settings\Four S\Application Data\Azureus
2008-06-17 18:31:38 0 d-------- C:\Program Files\Azureus
2008-05-21 15:51:59 0 d-------- C:\Program Files\Abacus Evolve Teachers
2008-05-11 08:42:26 0 d-------- C:\Documents and Settings\Four S\Application Data\DVD Flick
2008-05-09 21:33:03 0 d-------- C:\Program Files\Launch Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AE85766-958F-481E-B51F-28D980BB371B}]
C:\WINDOWS\system32\fccdddBR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/01/2004 09:27]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/01/2004 09:23]
"SoundMan"="SOUNDMAN.EXE" [19/12/2003 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [23/09/2003 17:06 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [28/04/2003 15:08]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [18/04/2003 14:36]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/04/2003 15:20]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [27/02/2004 10:57]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [11/12/2003 18:18]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [21/10/2003 11:52]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 12:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/05/2005 00:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/02/2006 22:39]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [01/06/2006 21:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"ActivFilter"="C:\Program Files\ACTIV Software\ACTIVdriver\ACTIVfilter.exe" [07/11/2002 14:41]
"ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [30/05/2007 16:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/09/2006 06:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/04/2008 17:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [8/6/2005 4:51:34 PM]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [8/6/2005 4:51:24 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/16/2004 6:24:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1fbfd0-2fd1-11dc-b469-000e3523f2fd}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-06 14:56:52 ------------

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 06 July 2008 - 09:19 AM

I noticed in your previous logs that something was installed on 7/3, about 24 hours after Defender was installed.

2008-07-03 20:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-07-03 20:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-07-03 20:59 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-03 20:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-07-03 20:57 . 2008-04-14 01:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-07-03 20:57 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-07-03 20:57 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-07-03 20:57 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-07-03 20:57 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-07-03 20:57 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-03 20:57 . 2008-04-14 01:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-07-03 20:56 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-03 20:56 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-03 20:56 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-03 20:56 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-03 20:56 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-03 20:56 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-03 20:56 . 2007-06-21 06:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-07-03 20:54 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-02 21:47 . 2008-07-02 21:47 <DIR> d-------- C:\Program Files\Windows Defender


Do you know anything about what this might have been?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 July 2008 - 09:23 AM

I think that was this program: RegCureSetup_1501_CB.exe
As i was getting the rundll error i downloaded it and ran a scan with it, but i didnt get it to fix anything as i didnt trust it. I saved it to my D drive but later removed it from add/remove progams via the control panel, I still have the installation file on my D drive.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 06 July 2008 - 09:27 AM

That doesn't seem like it would create all those files, but then I don't those files in your most recent log so maybe so.

Let's check out your hardware.

Click Start -> Run -> devmgmt.msc

Do you see anything that would indicate a problem here? Question marks or exclamation points?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 July 2008 - 09:30 AM

I have a yellow ! over Microsoft composite battery but nil else.

#14 gaz.103

gaz.103
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 July 2008 - 09:34 AM

Oh yeah I seem to remember that my windows automatic updates had been turned off by the malware so I think i updated windows which may have created those files?

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:24 PM

Posted 06 July 2008 - 09:36 AM

Expand the section of "Sound, video, and game controllers"

What do you have listed there?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users