Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VMalum, or Alureon ?


  • This topic is locked This topic is locked
30 replies to this topic

#1 spoolin86

spoolin86

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 01 March 2009 - 11:17 AM

I use CA antivirus and have Malwarebytes installed......when either of these programs finds something, I let it delete or quarantine the file....the next time I boot the pc, I get a screen that asks what account I want to use (my name or guest), which is not the norm. Then whichever account you choose, it starts the login process then says saving settings and puts you back at the start.....clear as mud ?......I can't start in safe mode either.......the only way I can get back to the desktop is to use ERD Commander to force a restore........I'm new here so please be gentle with me :thumbup2: .......I hope I'm following the correct procedure here.....thanks for your time.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Dwayne at 11:11:38.67 on Sun 03/01/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1446 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS1\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\WINDOWS1\system32\taskmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS1\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dwayne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: {D536A62A-CBE2-4CB2-9FCA-CA84CC7B0947} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [PowerBar] "c:\program files\cyberlink dvd solution\multimedia launcher\PowerBar.exe" /AtBootTime
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [nwiz] nwiz.exe /install
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows1\system32\NeroCheck.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows1\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows1\system32\NvCpl.dll,NvStartup
mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows1\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows1\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229031796609
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Notify: awtrQIYR - awtrQIYR.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: idrdjg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows1\system32\WPDShServiceObj.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows1\system32\efcBTKCs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dwayne\applic~1\mozilla\firefox\profiles\h80bg4l3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows1\system32\drivers\vet-filt.sys [2009-2-28 26640]
R1 VET-REC;VET File System Recognizer;c:\windows1\system32\drivers\vet-rec.sys [2009-2-28 21392]
R1 VETEFILE;VET File Scan Engine;c:\windows1\system32\drivers\vetefile.sys [2009-2-28 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows1\system32\drivers\vetfddnt.sys [2009-2-28 21648]
R1 VETMONNT;VET File Monitor;c:\windows1\system32\drivers\vetmonnt.sys [2009-2-28 32528]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-2-28 243216]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows1\system32\drivers\veteboot.sys [2009-2-28 108368]
S1 511688f1;511688f1;c:\windows1\system32\drivers\511688f1.sys --> c:\windows1\system32\drivers\511688f1.sys [?]
S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-2-28 144960]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-17 33752]

=============== Created Last 30 ================

2009-02-28 21:51 <DIR> --d----- c:\program files\common files\Scanner
2009-02-28 21:49 880,560 a------- c:\windows1\system32\drivers\vetefile.sys
2009-02-28 21:49 108,368 a------- c:\windows1\system32\drivers\veteboot.sys
2009-02-28 21:47 99,904 a------- c:\windows1\system32\isafeif.dll
2009-02-28 21:47 79,424 a------- c:\windows1\system32\vetredir.dll
2009-02-28 21:47 75,280 a------- c:\windows1\system32\isafprod.dll
2009-02-28 21:47 32,528 a------- c:\windows1\system32\drivers\vetmonnt.sys
2009-02-28 21:47 26,640 a------- c:\windows1\system32\drivers\vet-filt.sys
2009-02-28 21:47 21,648 a------- c:\windows1\system32\drivers\vetfddnt.sys
2009-02-28 21:47 21,392 a------- c:\windows1\system32\drivers\vet-rec.sys
2009-02-28 21:47 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\CA
2009-02-28 21:47 <DIR> --d----- c:\program files\CA
2009-02-28 09:08 9,728 a------- c:\windows1\system32\iehelper.dll
2009-02-28 08:57 364,556 a------- c:\windows1\sysguard.exe
2009-02-28 08:57 5,516 a------- c:\windows1\system32\uacinit.dll
2009-02-28 08:57 81,408 a------- c:\windows1\system32\UACyoteosso.dll
2009-02-28 08:57 127 a------- c:\windows1\system32\UAClpltpujc.dat
2009-02-23 12:48 <DIR> --d----- c:\program files\QuickTiming
2009-02-17 12:41 <DIR> --d----- c:\program files\Reflexive
2009-02-12 10:43 69,632 a------- c:\windows1\system32\HPZipm12.1
2009-02-01 20:27 34,696 a------- c:\windows1\_000005_.tmp.dll
2009-01-31 14:42 123,060 -------- c:\windows1\HPHins12.dat.temp
2009-01-31 14:42 14,916 -------- c:\windows1\hphmdl12.dat.temp

==================== Find3M ====================

2009-02-11 10:19 38,496 a------- c:\windows1\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows1\system32\drivers\mbam.sys
2009-01-24 10:52 194,418 a------- c:\windows1\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-01-18 20:57 86,333 a------- c:\windows1\pchealth\helpctr\offlinecache\index.dat
2009-01-04 12:56 61,440 a------- c:\windows1\system32\drivers\ogejjxe.sys
2009-01-04 11:03 61,440 a------- c:\windows1\system32\drivers\drkw.sys
2008-12-11 12:01 10,200 a------- c:\windows1\_000022_.tmp.dll
2008-12-11 12:01 10,200 a------- c:\windows1\_000020_.tmp.dll
2008-08-07 09:33 87,608 a------- c:\docume~1\dwayne\applic~1\inst.exe
2008-08-07 09:33 47,360 a------- c:\docume~1\dwayne\applic~1\pcouffin.sys
2008-07-21 21:35 6,504 a------- c:\program files\INSTALL.LOG
2004-10-01 14:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-09-30 21:13 1,438 a--sh--- c:\windows1\system32\EhRBaJlm.ini2

============= FINISH: 11:12:08.75 ===============



I also have today's Malware logfile if it would be useful.

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:55 PM

Posted 15 March 2009 - 07:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 March 2009 - 08:02 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Dwayne at 8:56:45.00 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1477 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
C:\WINDOWS1\Explorer.EXE
svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS1\system32\RUNDLL32.EXE
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\HPZipm12.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dwayne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: {D536A62A-CBE2-4CB2-9FCA-CA84CC7B0947} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [PowerBar] "c:\program files\cyberlink dvd solution\multimedia launcher\PowerBar.exe" /AtBootTime
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows1\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows1\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows1\system32\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows1\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows1\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229031796609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: awtrQIYR - awtrQIYR.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: idrdjg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows1\system32\WPDShServiceObj.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows1\system32\efcBTKCs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dwayne\applic~1\mozilla\firefox\profiles\h80bg4l3.default\
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows1\system32\drivers\vet-filt.sys [2009-2-28 26640]
R1 VET-REC;VET File System Recognizer;c:\windows1\system32\drivers\vet-rec.sys [2009-2-28 21392]
R1 VETEFILE;VET File Scan Engine;c:\windows1\system32\drivers\vetefile.sys [2009-2-28 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows1\system32\drivers\vetfddnt.sys [2009-2-28 21648]
R1 VETMONNT;VET File Monitor;c:\windows1\system32\drivers\vetmonnt.sys [2009-2-28 32528]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-2-28 243216]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows1\system32\drivers\veteboot.sys [2009-2-28 108368]
S1 511688f1;511688f1;c:\windows1\system32\drivers\511688f1.sys --> c:\windows1\system32\drivers\511688f1.sys [?]
S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-2-28 144960]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-17 33752]

=============== Created Last 30 ================

2009-03-14 16:20 <DIR> --d----- c:\program files\Rockstar Games
2009-03-12 20:55 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\HipSoft
2009-03-12 20:55 <DIR> --d----- c:\windows1\Build a lot 3 Passport to Europe
2009-03-12 20:55 <DIR> --d----- c:\program files\Build a lot 3 Passport to Europe
2009-03-12 18:38 <DIR> --d----- c:\windows1\Nick Chase A Detective Story Strategy Guide
2009-03-12 18:38 <DIR> --d----- c:\program files\Nick Chase A Detective Story Strategy Guide
2009-03-12 15:45 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Nick Chase A Detective Story
2009-03-12 15:41 <DIR> --d----- c:\windows1\Nick Chase A Detective Story
2009-03-12 15:41 <DIR> --d----- c:\program files\Nick Chase A Detective Story
2009-03-09 18:37 <DIR> --d----- c:\docume~1\dwayne\applic~1\SerpentOfIsis
2009-03-09 18:20 <DIR> --d----- c:\windows1\The Serpent of Isis
2009-03-09 18:20 <DIR> --d----- c:\program files\The Serpent of Isis
2009-03-05 19:40 <DIR> --d----- c:\docume~1\dwayne\applic~1\BrandX Games
2009-03-05 19:37 <DIR> --d----- c:\windows1\Mae Q West and the Sign of the Stars
2009-03-05 19:37 <DIR> --d----- c:\program files\Mae Q West and the Sign of the Stars
2009-03-04 20:13 123,108 a------- c:\windows1\HPHins12.dat
2009-03-04 20:13 14,916 -------- c:\windows1\hphmdl12.dat
2009-03-04 14:25 <DIR> --d----- c:\docume~1\dwayne\applic~1\Red Alert 3
2009-03-02 18:48 <DIR> --d----- c:\program files\Trend Micro
2009-02-28 22:51 <DIR> --d----- c:\program files\common files\Scanner
2009-02-28 22:49 880,560 a------- c:\windows1\system32\drivers\vetefile.sys
2009-02-28 22:49 108,368 a------- c:\windows1\system32\drivers\veteboot.sys
2009-02-28 22:47 99,904 a------- c:\windows1\system32\isafeif.dll
2009-02-28 22:47 79,424 a------- c:\windows1\system32\vetredir.dll
2009-02-28 22:47 75,280 a------- c:\windows1\system32\isafprod.dll
2009-02-28 22:47 32,528 a------- c:\windows1\system32\drivers\vetmonnt.sys
2009-02-28 22:47 26,640 a------- c:\windows1\system32\drivers\vet-filt.sys
2009-02-28 22:47 21,648 a------- c:\windows1\system32\drivers\vetfddnt.sys
2009-02-28 22:47 21,392 a------- c:\windows1\system32\drivers\vet-rec.sys
2009-02-28 22:47 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\CA
2009-02-28 22:47 <DIR> --d----- c:\program files\CA
2009-02-28 10:08 9,728 a------- c:\windows1\system32\iehelper.dll
2009-02-28 09:57 364,556 a------- c:\windows1\sysguard.exe
2009-02-28 09:57 5,516 a------- c:\windows1\system32\uacinit.dll
2009-02-28 09:57 81,408 a------- c:\windows1\system32\UACyoteosso.dll
2009-02-28 09:57 127 a------- c:\windows1\system32\UAClpltpujc.dat
2009-02-23 13:48 <DIR> --d----- c:\program files\QuickTiming
2009-02-17 13:41 <DIR> --d----- c:\program files\Reflexive

==================== Find3M ====================

2009-02-11 11:19 38,496 a------- c:\windows1\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows1\system32\drivers\mbam.sys
2009-01-24 11:52 194,418 a------- c:\windows1\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-01-18 21:57 86,333 a------- c:\windows1\pchealth\helpctr\offlinecache\index.dat
2008-08-07 10:33 87,608 a------- c:\docume~1\dwayne\applic~1\inst.exe
2008-08-07 10:33 47,360 a------- c:\docume~1\dwayne\applic~1\pcouffin.sys
2008-07-21 22:35 6,504 a------- c:\program files\INSTALL.LOG
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-09-30 22:13 1,438 a--sh--- c:\windows1\system32\EhRBaJlm.ini2
2008-12-06 12:46 368 a--sh--- c:\windows1\system32\sCKTBcfe.ini2

============= FINISH: 8:57:54.03 ===============

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 18 March 2009 - 09:30 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 18 March 2009 - 06:24 PM

ComboFix 09-03-15.01 - Dwayne 2009-03-18 16:18:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -4:00]
Running from: c:\documents and settings\Dwayne\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dwayne\Application Data\Adobe\crc.dat
c:\documents and settings\Dwayne\Application Data\inst.exe
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds
C:\install.exe
c:\program files\INSTALL.LOG
c:\windows1\sysguard.exe
c:\windows1\system32\_000001_.tmp.dll
c:\windows1\system32\_000019_.tmp.dll
c:\windows1\system32\_000020_.tmp.dll
c:\windows1\system32\_000021_.tmp.dll
c:\windows1\system32\_000022_.tmp.dll
c:\windows1\system32\_000023_.tmp.dll
c:\windows1\system32\_000024_.tmp.dll
c:\windows1\system32\_000025_.tmp.dll
c:\windows1\system32\_000026_.tmp.dll
c:\windows1\system32\_000027_.tmp.dll
c:\windows1\system32\_000028_.tmp.dll
c:\windows1\system32\_000029_.tmp.dll
c:\windows1\system32\_000030_.tmp.dll
c:\windows1\system32\_000031_.tmp.dll
c:\windows1\system32\_000032_.tmp.dll
c:\windows1\system32\_000033_.tmp.dll
c:\windows1\system32\_000034_.tmp.dll
c:\windows1\system32\_000035_.tmp.dll
c:\windows1\system32\_000036_.tmp.dll
c:\windows1\system32\_000037_.tmp.dll
c:\windows1\system32\_000038_.tmp.dll
c:\windows1\system32\_000039_.tmp.dll
c:\windows1\system32\_000040_.tmp.dll
c:\windows1\system32\_000041_.tmp.dll
c:\windows1\system32\_000042_.tmp.dll
c:\windows1\system32\_000043_.tmp.dll
c:\windows1\system32\_000044_.tmp.dll
c:\windows1\system32\_000045_.tmp.dll
c:\windows1\system32\_000046_.tmp.dll
c:\windows1\system32\_000047_.tmp.dll
c:\windows1\system32\_000048_.tmp.dll
c:\windows1\system32\_000049_.tmp.dll
c:\windows1\system32\_000050_.tmp.dll
c:\windows1\system32\_000051_.tmp.dll
c:\windows1\system32\_000052_.tmp.dll
c:\windows1\system32\_000053_.tmp.dll
c:\windows1\system32\_000054_.tmp.dll
c:\windows1\system32\_000055_.tmp.dll
c:\windows1\system32\_000056_.tmp.dll
c:\windows1\system32\_000057_.tmp.dll
c:\windows1\system32\_000058_.tmp.dll
c:\windows1\system32\_000059_.tmp.dll
c:\windows1\system32\_000060_.tmp.dll
c:\windows1\system32\_000061_.tmp.dll
c:\windows1\system32\_000062_.tmp.dll
c:\windows1\system32\_000063_.tmp.dll
c:\windows1\system32\_000064_.tmp.dll
c:\windows1\system32\_000065_.tmp.dll
c:\windows1\system32\_000066_.tmp.dll
c:\windows1\system32\_000067_.tmp.dll
c:\windows1\system32\_000068_.tmp.dll
c:\windows1\system32\_000069_.tmp.dll
c:\windows1\system32\_000070_.tmp.dll
c:\windows1\system32\_000071_.tmp.dll
c:\windows1\system32\_000072_.tmp.dll
c:\windows1\system32\_000073_.tmp.dll
c:\windows1\system32\_000074_.tmp.dll
c:\windows1\system32\_000075_.tmp.dll
c:\windows1\system32\_000076_.tmp.dll
c:\windows1\system32\_000077_.tmp.dll
c:\windows1\system32\_000078_.tmp.dll
c:\windows1\system32\_000079_.tmp.dll
c:\windows1\system32\_000080_.tmp.dll
c:\windows1\system32\_000081_.tmp.dll
c:\windows1\system32\_000239_.tmp.dll
c:\windows1\system32\_000240_.tmp.dll
c:\windows1\system32\_000241_.tmp.dll
c:\windows1\system32\_000242_.tmp.dll
c:\windows1\system32\_000243_.tmp.dll
c:\windows1\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows1\system32\config\systemprofile\Application Data\Macromedia\Common\711500761.dll
c:\windows1\system32\EhRBaJlm.ini
c:\windows1\system32\EhRBaJlm.ini2
c:\windows1\system32\iehelper.dll
c:\windows1\system32\sCKTBcfe.ini
c:\windows1\system32\sCKTBcfe.ini2
c:\windows1\system32\uacinit.dll
c:\windows1\system32\UAClpivjedh.log
c:\windows1\system32\UAClpltpujc.dat
c:\windows1\system32\UACyoteosso.dll
c:\windows1\system32\uxfvbsby.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-14 16:20 . 2009-03-14 16:20 <DIR> d-------- c:\program files\Rockstar Games
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\windows1\Build a lot 3 Passport to Europe
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\HipSoft
2009-03-12 18:38 . 2009-03-12 18:38 <DIR> d-------- c:\windows1\Nick Chase A Detective Story Strategy Guide
2009-03-12 15:45 . 2009-03-12 15:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\Nick Chase A Detective Story
2009-03-12 15:41 . 2009-03-12 15:41 <DIR> d-------- c:\windows1\Nick Chase A Detective Story
2009-03-09 18:37 . 2009-03-09 18:37 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\SerpentOfIsis
2009-03-09 18:20 . 2009-03-09 18:20 <DIR> d-------- c:\windows1\The Serpent of Isis
2009-03-05 19:40 . 2009-03-05 19:40 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\BrandX Games
2009-03-05 19:37 . 2009-03-05 19:37 <DIR> d-------- c:\windows1\Mae Q West and the Sign of the Stars
2009-03-04 20:13 . 2009-03-04 22:16 123,108 --a------ c:\windows1\HPHins12.dat
2009-03-04 20:13 . 2006-07-17 15:39 14,916 --------- c:\windows1\hphmdl12.dat
2009-03-04 14:25 . 2009-03-04 14:25 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\Red Alert 3
2009-03-02 18:48 . 2009-03-02 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 22:51 . 2009-02-28 22:51 <DIR> d-------- c:\program files\Common Files\Scanner
2009-02-28 22:49 . 2008-06-04 06:46 880,560 --a------ c:\windows1\system32\drivers\vetefile.sys
2009-02-28 22:49 . 2008-06-04 06:46 108,368 --a------ c:\windows1\system32\drivers\veteboot.sys
2009-02-28 22:47 . 2009-02-28 22:51 <DIR> d-------- c:\program files\CA
2009-02-28 22:47 . 2009-02-28 22:54 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\CA
2009-02-28 22:47 . 2007-04-23 11:36 99,904 --a------ c:\windows1\system32\isafeif.dll
2009-02-28 22:47 . 2007-04-23 11:36 79,424 --a------ c:\windows1\system32\vetredir.dll
2009-02-28 22:47 . 2007-05-25 10:46 75,280 --a------ c:\windows1\system32\isafprod.dll
2009-02-28 22:47 . 2007-05-25 10:46 32,528 --a------ c:\windows1\system32\drivers\vetmonnt.sys
2009-02-28 22:47 . 2007-05-25 10:46 26,640 --a------ c:\windows1\system32\drivers\vet-filt.sys
2009-02-28 22:47 . 2007-05-25 10:46 21,648 --a------ c:\windows1\system32\drivers\vetfddnt.sys
2009-02-28 22:47 . 2007-05-25 10:46 21,392 --a------ c:\windows1\system32\drivers\vet-rec.sys
2009-02-28 10:25 . 2009-01-24 00:11 <DIR> d-------- c:\documents and settings\Guest\Application Data\Logitech
2009-02-28 10:25 . 2009-02-28 10:25 <DIR> d-------- c:\documents and settings\Guest
2009-02-23 13:48 . 2009-02-23 13:48 <DIR> d-------- c:\program files\QuickTiming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 20:21 --------- d-----w c:\program files\lg_fwupdate
2009-03-18 19:40 --------- d---a-w c:\documents and settings\All Users.WINDOWS1\Application Data\TEMP
2009-03-14 20:18 --------- d-----w c:\program files\Microsoft Games
2009-03-13 00:54 --------- d-----w c:\documents and settings\Dwayne\Application Data\uTorrent
2009-03-05 00:47 --------- d-----w c:\program files\HP
2009-02-19 16:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-17 17:41 --------- d-----w c:\program files\Reflexive
2009-02-17 17:41 --------- d-----w c:\documents and settings\Dwayne\Application Data\Pogo Games
2009-02-16 16:32 --------- d-----w c:\documents and settings\All Users.WINDOWS1\Application Data\PCPitstop
2009-02-11 15:19 38,496 ----a-w c:\windows1\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows1\system32\drivers\mbam.sys
2009-01-30 02:18 --------- d-----w c:\documents and settings\All Users.WINDOWS1\Application Data\Pure Networks
2009-01-30 01:34 --------- d-----w c:\documents and settings\Dwayne\Application Data\dvdcss
2009-01-30 01:31 --------- d-----w c:\documents and settings\Dwayne\Application Data\GetRightToGo
2009-01-30 01:30 --------- d-----w c:\program files\Microsoft Works
2009-01-30 01:30 --------- d-----w c:\program files\DVDFab 5
2009-01-24 20:29 --------- d-----w c:\program files\PCPitstop
2009-01-24 20:25 --------- d-----w c:\program files\Electronic Arts
2009-01-24 04:11 --------- d-----w c:\documents and settings\Default User.WINDOWS1\Application Data\Logitech
2008-08-07 14:33 47,360 ----a-w c:\documents and settings\Dwayne\Application Data\pcouffin.sys
2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

2008-06-23 12:12 667136 611ace3f4201e9610af8452f7c268995 c:\windows1\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 11:09 666112 f12fbb673de9cc802c5dc518fe99aa2f c:\windows1\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 10:54 666624 972299b7241ec325d8c7e5638c884925 c:\windows1\$hf_mig$\KB953838\SP3QFE\wininet.dll
2004-08-04 01:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows1\ie7\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\ServicePackFiles\i386\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\wininet.dll
2008-06-23 11:38 659456 9eea04bc4c3fa521d256d89940fab4db c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\wininet.dll
2008-06-23 12:12 667136 611ace3f4201e9610af8452f7c268995 c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\wininet.dll
2008-06-23 11:09 666112 f12fbb673de9cc802c5dc518fe99aa2f c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3gdr\wininet.dll
2008-06-23 10:54 666624 972299b7241ec325d8c7e5638c884925 c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3qfe\wininet.dll
2008-10-16 06:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 06:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 21:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\system32\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\system32\dllcache\wininet.dll

2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 c:\windows1\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows1\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\ServicePackFiles\i386\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\backup\sp2gdr\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\backup\sp2qfe\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\system32\dllcache\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\system32\drivers\tcpip.sys

2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\ServicePackFiles\i386\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows1\system32\dllcache\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows1\system32\drivers\ndis.sys

2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\ServicePackFiles\i386\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows1\system32\dllcache\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows1\system32\drivers\ip6fw.sys

2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\ServicePackFiles\i386\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows1\system32\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows1\system32\dllcache\services.exe

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows1\system32\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows1\system32\dllcache\userinit.exe

2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\ServicePackFiles\i386\kernel32.dll
2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kernel32.dll
2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows1\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows1\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
2004-08-04 02:56 983552 888190e31455fad793312f8d087146eb c:\windows1\system32\kernel32.dll
2004-08-04 02:56 983552 888190e31455fad793312f8d087146eb c:\windows1\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ctfmon.exe"="c:\windows1\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvMediaCenter"="c:\windows1\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2007-12-05 8523776]
"NeroFilterCheck"="c:\windows1\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-05-22 249856]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-16 1397760]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-05-22 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-25 230928]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows1\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows1\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows1\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows1\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-04 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=idrdjg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
backup=c:\windows1\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dwayne^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=c:\windows1\pss\GameSpot Download Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\LBTWiz.exe"=
"c:\\Program Files\\DVDFab 5\\DVDFab.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS1\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S1 511688f1;511688f1;c:\windows1\system32\drivers\511688f1.sys --> c:\windows1\system32\drivers\511688f1.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-17 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16247ac4-cd07-11dd-9159-0007e964ea6d}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57135e49-b7d9-11dd-914a-0007e964ea6d}]
\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57135e4b-b7d9-11dd-914a-0007e964ea6d}]
\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54d4e2d-27e4-11dd-b334-0007e964ea6d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54d4e2e-27e4-11dd-b334-0007e964ea6d}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-01 c:\windows1\Tasks\CAAntiSpywareScan_Daily as Dwayne at 9 51 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 22:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D536A62A-CBE2-4CB2-9FCA-CA84CC7B0947} - (no file)
Notify-awtrQIYR - awtrQIYR.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows1\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows1\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dwayne\Application Data\Mozilla\Firefox\Profiles\h80bg4l3.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 16:21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1364589140-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,05,a8,e9,38,bc,cc,d9,db,16,2d,8c,3d,a2,3e,5d,bf,8c,b0,0b,46,46,53,
14,c1,09,46,dd,3f,7a,95,3b,10,7d,df,fb,a7,88,c8,48,ea,83,3b,75,87,56,97,10,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\S-1-5-21-1004336348-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f8,20,f6,14,bf,77,72,a6,b1,d4,cd,6a,64,6c,6b,d9,dc,f5,1d,f7,46,
8a,2d,59,27,18,3d,ed,51,ee,09,4b,76,87,ea,5b,ae,98,79,dc,02,c7,55,b9,b7,c8,\
"rkeysecu"=hex:91,d9,2b,a9,04,e3,26,ab,5f,ec,f9,a8,47,d7,89,3e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows1\system32\VetRedir.dll
c:\windows1\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows1\system32\rundll32.exe
c:\windows1\system32\rundll32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows1\system32\nvsvc32.exe
c:\windows1\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows1\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-18 16:24:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 20:24:15

Pre-Run: 99,456,385,024 bytes free
Post-Run: 99,794,374,656 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

365 --- E O F --- 2009-01-30 01:49:20

#6 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 18 March 2009 - 06:38 PM

Panda..........I'm running the GMER now.....looks like it's gonna take awhile....will post results if/when it gets done......thanks for your time.

#7 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 04:31 AM

no other changes since post #1

Attached Files

  • Attached File  gmer.log   218.96KB   3 downloads


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 19 March 2009 - 07:44 AM

Hello.

Let's finish that off.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57135e49-b7d9-11dd-914a-0007e964ea6d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57135e4b-b7d9-11dd-914a-0007e964ea6d}]
    
    Driver::
    511688f1
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

With Regards,
The Panda

#9 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 03:24 PM

ComboFix 09-03-18.01 - Dwayne 2009-03-19 16:14:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1632 [GMT -4:00]
Running from: c:\documents and settings\Dwayne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dwayne\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_511688f1


((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-14 16:20 . 2009-03-14 16:20 <DIR> d-------- c:\program files\Rockstar Games
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\windows1\Build a lot 3 Passport to Europe
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\program files\Build a lot 3 Passport to Europe
2009-03-12 20:55 . 2009-03-12 20:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\HipSoft
2009-03-12 18:38 . 2009-03-12 18:38 <DIR> d-------- c:\windows1\Nick Chase A Detective Story Strategy Guide
2009-03-12 15:45 . 2009-03-12 15:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\Nick Chase A Detective Story
2009-03-12 15:41 . 2009-03-12 15:41 <DIR> d-------- c:\windows1\Nick Chase A Detective Story
2009-03-09 18:37 . 2009-03-09 18:37 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\SerpentOfIsis
2009-03-09 18:20 . 2009-03-09 18:20 <DIR> d-------- c:\windows1\The Serpent of Isis
2009-03-05 19:40 . 2009-03-05 19:40 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\BrandX Games
2009-03-05 19:37 . 2009-03-05 19:37 <DIR> d-------- c:\windows1\Mae Q West and the Sign of the Stars
2009-03-04 20:13 . 2009-03-04 22:16 123,108 --a------ c:\windows1\HPHins12.dat
2009-03-04 20:13 . 2006-07-17 15:39 14,916 --------- c:\windows1\hphmdl12.dat
2009-03-04 14:25 . 2009-03-04 14:25 <DIR> d-------- c:\documents and settings\Dwayne\Application Data\Red Alert 3
2009-03-02 18:48 . 2009-03-02 18:48 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 22:51 . 2009-02-28 22:51 <DIR> d-------- c:\program files\Common Files\Scanner
2009-02-28 22:49 . 2008-06-04 06:46 880,560 --a------ c:\windows1\system32\drivers\vetefile.sys
2009-02-28 22:49 . 2008-06-04 06:46 108,368 --a------ c:\windows1\system32\drivers\veteboot.sys
2009-02-28 22:47 . 2009-02-28 22:51 <DIR> d-------- c:\program files\CA
2009-02-28 22:47 . 2009-02-28 22:54 <DIR> d-------- c:\documents and settings\All Users.WINDOWS1\Application Data\CA
2009-02-28 22:47 . 2007-04-23 11:36 99,904 --a------ c:\windows1\system32\isafeif.dll
2009-02-28 22:47 . 2007-04-23 11:36 79,424 --a------ c:\windows1\system32\vetredir.dll
2009-02-28 22:47 . 2007-05-25 10:46 75,280 --a------ c:\windows1\system32\isafprod.dll
2009-02-28 22:47 . 2007-05-25 10:46 32,528 --a------ c:\windows1\system32\drivers\vetmonnt.sys
2009-02-28 22:47 . 2007-05-25 10:46 26,640 --a------ c:\windows1\system32\drivers\vet-filt.sys
2009-02-28 22:47 . 2007-05-25 10:46 21,648 --a------ c:\windows1\system32\drivers\vetfddnt.sys
2009-02-28 22:47 . 2007-05-25 10:46 21,392 --a------ c:\windows1\system32\drivers\vet-rec.sys
2009-02-28 10:25 . 2009-01-24 00:11 <DIR> d-------- c:\documents and settings\Guest\Application Data\Logitech
2009-02-28 10:25 . 2009-02-28 10:25 <DIR> d-------- c:\documents and settings\Guest
2009-02-23 13:48 . 2009-02-23 13:48 <DIR> d-------- c:\program files\QuickTiming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 20:18 --------- d-----w c:\program files\lg_fwupdate
2009-03-18 19:40 --------- d---a-w c:\documents and settings\All Users.WINDOWS1\Application Data\TEMP
2009-03-14 20:18 --------- d-----w c:\program files\Microsoft Games
2009-03-13 00:54 --------- d-----w c:\documents and settings\Dwayne\Application Data\uTorrent
2009-03-05 00:47 --------- d-----w c:\program files\HP
2009-02-19 16:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-17 17:41 --------- d-----w c:\program files\Reflexive
2009-02-17 17:41 --------- d-----w c:\documents and settings\Dwayne\Application Data\Pogo Games
2009-02-16 16:32 --------- d-----w c:\documents and settings\All Users.WINDOWS1\Application Data\PCPitstop
2009-02-11 15:19 38,496 ----a-w c:\windows1\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows1\system32\drivers\mbam.sys
2009-01-30 02:18 --------- d-----w c:\documents and settings\All Users.WINDOWS1\Application Data\Pure Networks
2009-01-30 01:34 --------- d-----w c:\documents and settings\Dwayne\Application Data\dvdcss
2009-01-30 01:31 --------- d-----w c:\documents and settings\Dwayne\Application Data\GetRightToGo
2009-01-30 01:30 --------- d-----w c:\program files\Microsoft Works
2009-01-30 01:30 --------- d-----w c:\program files\DVDFab 5
2009-01-24 20:29 --------- d-----w c:\program files\PCPitstop
2009-01-24 20:25 --------- d-----w c:\program files\Electronic Arts
2009-01-24 04:11 --------- d-----w c:\documents and settings\Default User.WINDOWS1\Application Data\Logitech
2008-08-07 14:33 47,360 ----a-w c:\documents and settings\Dwayne\Application Data\pcouffin.sys
2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

2008-06-23 12:12 667136 611ace3f4201e9610af8452f7c268995 c:\windows1\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 11:09 666112 f12fbb673de9cc802c5dc518fe99aa2f c:\windows1\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 10:54 666624 972299b7241ec325d8c7e5638c884925 c:\windows1\$hf_mig$\KB953838\SP3QFE\wininet.dll
2004-08-04 01:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows1\ie7\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\ServicePackFiles\i386\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\wininet.dll
2008-06-23 11:38 659456 9eea04bc4c3fa521d256d89940fab4db c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\wininet.dll
2008-06-23 12:12 667136 611ace3f4201e9610af8452f7c268995 c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\wininet.dll
2008-06-23 11:09 666112 f12fbb673de9cc802c5dc518fe99aa2f c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3gdr\wininet.dll
2008-06-23 10:54 666624 972299b7241ec325d8c7e5638c884925 c:\windows1\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp3qfe\wininet.dll
2008-10-16 06:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 06:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 21:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows1\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\system32\wininet.dll
2008-10-15 21:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows1\system32\dllcache\wininet.dll

2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 c:\windows1\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows1\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\ServicePackFiles\i386\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\backup\sp2gdr\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\backup\sp2qfe\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows1\system32\dllcache\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows1\system32\drivers\tcpip.sys

2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\ServicePackFiles\i386\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ndis.sys
2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows1\system32\dllcache\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows1\system32\drivers\ndis.sys

2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\ServicePackFiles\i386\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\ip6fw.sys
2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows1\system32\dllcache\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows1\system32\drivers\ip6fw.sys

2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\ServicePackFiles\i386\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\services.exe
2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows1\system32\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows1\system32\dllcache\services.exe

2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\ServicePackFiles\i386\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\userinit.exe
2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows1\system32\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows1\system32\dllcache\userinit.exe

2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\ServicePackFiles\i386\kernel32.dll
2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\kernel32.dll
2008-04-13 20:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows1\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows1\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
2004-08-04 01:56 983552 888190e31455fad793312f8d087146eb c:\windows1\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
2004-08-04 02:56 983552 888190e31455fad793312f8d087146eb c:\windows1\system32\kernel32.dll
2004-08-04 02:56 983552 888190e31455fad793312f8d087146eb c:\windows1\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-18_16.23.32.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 20:18:22 16,384 ----atw c:\windows1\Temp\Perflib_Perfdata_7fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ctfmon.exe"="c:\windows1\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvMediaCenter"="c:\windows1\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2007-12-05 8523776]
"NeroFilterCheck"="c:\windows1\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-05-22 249856]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-16 1397760]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-05-22 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-25 230928]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows1\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows1\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows1\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows1\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-04 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
backup=c:\windows1\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dwayne^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=c:\windows1\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\LBTWiz.exe"=
"c:\\Program Files\\DVDFab 5\\DVDFab.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS1\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-17 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16247ac4-cd07-11dd-9159-0007e964ea6d}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54d4e2d-27e4-11dd-b334-0007e964ea6d}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c54d4e2e-27e4-11dd-b334-0007e964ea6d}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-01 c:\windows1\Tasks\CAAntiSpywareScan_Daily as Dwayne at 9 51 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 22:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows1\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows1\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dwayne\Application Data\Mozilla\Firefox\Profiles\h80bg4l3.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 16:18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1364589140-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,05,a8,e9,38,bc,cc,d9,db,16,2d,8c,3d,a2,3e,5d,bf,8c,b0,0b,46,46,53,
14,c1,09,46,dd,3f,7a,95,3b,10,7d,df,fb,a7,88,c8,48,ea,83,3b,75,87,56,97,10,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_USERS\S-1-5-21-1004336348-1364589140-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f8,20,f6,14,bf,77,72,a6,b1,d4,cd,6a,64,6c,6b,d9,dc,f5,1d,f7,46,
8a,2d,59,27,18,3d,ed,51,ee,09,4b,76,87,ea,5b,ae,98,79,dc,02,c7,55,b9,b7,c8,\
"rkeysecu"=hex:91,d9,2b,a9,04,e3,26,ab,5f,ec,f9,a8,47,d7,89,3e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows1\system32\VetRedir.dll
c:\windows1\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows1\system32\rundll32.exe
c:\windows1\system32\rundll32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows1\system32\nvsvc32.exe
c:\windows1\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows1\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-19 16:20:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 20:20:49
ComboFix2.txt 2009-03-18 20:24:20

Pre-Run: 100,780,122,112 bytes free
Post-Run: 100,766,371,840 bytes free

267 --- E O F --- 2009-01-30 01:49:20

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 19 March 2009 - 03:30 PM

Hello.

Submit File to Online Scanner
There are some files that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\windows1\system32\wininet.dll
  • c:\windows1\system32\drivers\tcpip.sys
  • c:\windows1\system32\drivers\ndis.sys
  • c:\windows1\system32\drivers\ip6fw.sys
  • c:\windows1\system32\services.exe
  • c:\windows1\system32\userinit.exe
  • c:\windows1\system32\kernel32.dll
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
You may have to split them into several posts.

With Regards,
The Panda

#11 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 03:37 PM

I'm doing the Kaspersky scan now.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:55 PM

Posted 19 March 2009 - 03:39 PM

Sorry, please go with Kaspersky first.

The panda

#13 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 08:10 PM

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 19, 2009 22:02:23
Records in database: 1934944
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 89025
Threat name 4
Infected objects 4
Suspicious objects 0
Duration of the scan 01:58:32

File name Threat name Threats count
C:\Documents and Settings\Dwayne\My Documents\fileutil.exe Infected: Trojan.Win32.Agent.ayed 1
C:\Qoobox\Quarantine\C\WINDOWS1\sysguard.exe.vir Infected: Backdoor.Win32.Hupigon.gemw 1
C:\Qoobox\Quarantine\C\WINDOWS1\system32\iehelper.dll.vir Infected: Trojan.Win32.FraudPack.kho 1
C:\Qoobox\Quarantine\C\WINDOWS1\system32\UACyoteosso.dll.vir Infected: Packed.Win32.Tdss.f 1
The selected area was scanned.

#14 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 08:17 PM

#1.
File information
File Name : wininet.dll
File Size : 666112 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 1576318bf08d28cc61d1278114ad8d5b
SHA1 : ef47a73cca73cdbec64dc24e956c0b74af1cb0a2

Scanner results
Scanner results : All Scanners reported not find malware!

Edited by PropagandaPanda, 20 March 2009 - 08:45 AM.


#15 spoolin86

spoolin86
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 19 March 2009 - 08:23 PM

# 2.
File Name : tcpip.sys
File Size : 359040 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 9f4b36614a0fc234525ba224957de55c
SHA1 : c4f3d44361a2afbc309db6993ee0ecf12b6666d1

Scanner results
Scanner results : All Scanners reported not find malware!

Edited by PropagandaPanda, 20 March 2009 - 08:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users