Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups and slower...


  • This topic is locked This topic is locked
12 replies to this topic

#1 McShady

McShady

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 15 April 2009 - 07:52 PM

Hello everyone and thank you for reading.

We've been getting pop-ups and the internet has been running slower than normal for a couple days now. We have Norton Antivirus 2005, and it's fully updated, but it isn't detecting that anything is wrong, so unfortunately I can't tell you what specifically I'm having a problem with other than "pop-ups".

Here is my log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Personal Use at 19:46:34.29 on Wed 04/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1574 [GMT -5:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Personal Use\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: precisead browser enhancer: {35ae9b5c-9c8d-84f5-3a92-bf219129c7f2} - c:\windows\system32\rnyzmsvweipfnqhn.dll
BHO: precisead: {5a4a9519-cc7c-dcac-74a3-8c4ea8da15e9} - c:\windows\system32\nsu8DA.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_SE7.tmp" /EF "HKCU"
uRun: [A00F1E2076A.exe] c:\docume~1\person~1\locals~1\temp\_A00F1E2076A.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [poffrcriwlba] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\rnyzmsvweipfnqhn.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [Xluzidinig] rundll32.exe "c:\windows\ehifukifurizevul.dll",e
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239781424562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Notify: 1c97d3b2577 - c:\windows\system32\dsuiext32.dll
Notify: igfxcui - igfxsrvc.dll
Notify: __c005061C - c:\windows\system32\__c005061C.dat
AppInit_DLLs: c:\windows\system32\dsuiext32.dll
LSA: Notification Packages = scecli mbdhkbdu.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-23 64160]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-1-10 177264]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton antivirus\advtools\NPROTECT.EXE [2009-3-17 135168]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-3-17 822424]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NAVENG.Sys [2009-4-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NavEx15.Sys [2009-4-15 876144]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-1-10 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-26 33176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-12-10 198368]

=============== Created Last 30 ================

2009-04-15 19:02 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-15 19:02 1,409 a------- c:\windows\QTFont.for
2009-04-15 18:59 27,648 a------- c:\windows\system32\__c00BC4F8.dat
2009-04-15 10:15 <DIR> --dsh--- c:\documents and settings\personal use\PrivacIE
2009-04-15 10:13 <DIR> --dsh--- c:\documents and settings\personal use\IETldCache
2009-04-15 10:11 <DIR> --d----- c:\windows\ie8updates
2009-04-15 10:08 <DIR> -cd-h--- c:\windows\ie8
2009-04-15 10:08 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-15 10:06 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-15 04:17 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-15 04:17 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 03:28 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 03:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 03:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 03:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 03:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 03:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 03:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 03:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 03:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 03:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 03:25 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 03:25 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 03:25 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 15:39 110 a------- C:\xcrashdump.dat
2009-04-14 15:34 0 a------- c:\windows\Xvepocukexuguj.bin
2009-04-14 15:34 408 a------- c:\windows\Gzaweyuvasaxog.dat
2009-04-14 15:22 27,648 a------- c:\windows\system32\__c005061C.dat
2009-04-13 23:39 615 a------- c:\windows\system32\JbF0elP.vbs
2009-04-13 23:38 1,548 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-04-13 23:38 <DIR> --dsh--- c:\windows\system32\NetworkService32
2009-04-13 23:38 139,264 a------- c:\windows\system32\dsuiext32.dll
2009-04-13 23:38 615 a------- c:\windows\system32\pmohn4MJWQpk3.vbs
2009-04-11 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-10 05:26 710,144 a------- c:\windows\system32\nsu8DA.dll
2009-04-09 21:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-09 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Riverdeep Interactive Learning Limited
2009-04-09 12:16 <DIR> --d----- c:\program files\Riverdeep
2009-04-09 12:15 <DIR> --d----- c:\program files\Web Publish
2009-04-09 12:15 970,752 a------- c:\windows\system32\cdintf210.dll
2009-04-09 12:13 <DIR> --d----- c:\program files\common files\Broderbund
2009-04-09 12:13 <DIR> --d----- c:\program files\PrintMaster 16
2009-04-09 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Broderbund Software
2009-04-09 12:00 <DIR> --d----- C:\EPSONREG
2009-04-09 11:59 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-04-09 11:59 258,352 a------- c:\windows\system32\unicows.dll
2009-04-09 11:59 212,480 a------- c:\windows\PCDLIB32.DLL
2009-04-09 11:59 126,976 a------- c:\windows\system32\PhotoImpression Slideshow.scr
2009-04-09 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-04-09 11:57 <DIR> --d----- c:\program files\epson
2009-04-09 11:57 67,072 a------- c:\windows\system32\escwiad.dll
2009-04-09 11:56 44 a------- c:\windows\EPCX8400.ini
2009-04-09 11:46 <DIR> --d----- c:\program files\Roxio
2009-04-08 22:43 59 a------- c:\windows\WININIT.INI
2009-04-08 22:43 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 22:43 <DIR> --d----- c:\program files\Sonic
2009-03-30 18:43 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-03-30 18:43 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-03-30 18:43 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-03-30 18:43 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-03-30 18:43 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-03-30 18:43 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-03-30 18:43 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-03-30 18:43 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-03-27 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-26 23:10 <DIR> --d----- c:\windows\system32\Backup
2009-03-26 23:10 <DIR> --d----- c:\windows\SQLHotfix
2009-03-26 23:05 466 a------- c:\windows\system32\mapisvc.inf
2009-03-26 23:05 33,340 -------- c:\windows\system32\dbmsqlgc.dll
2009-03-26 23:05 24,576 -------- c:\windows\system32\dbmsgnet.dll
2009-03-26 23:04 <DIR> --d----- c:\program files\common files\Crystal Decisions
2009-03-26 23:03 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-26 23:01 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-26 22:48 376 a------- c:\windows\ODBC.INI
2009-03-26 22:48 28,040 a------- c:\windows\system32\mdimon.dll
2009-03-26 22:47 <DIR> --d----- c:\program files\common files\L&H
2009-03-26 22:47 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-26 22:46 <DIR> --d----- c:\windows\SHELLNEW
2009-03-24 17:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-23 23:12 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\scripting
2009-03-22 20:16 <DIR> --d----- c:\windows\l2schemas
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\en
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\bits
2009-03-22 20:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-22 20:08 <DIR> --d----- c:\windows\network diagnostic
2009-03-22 20:01 <DIR> --d----- c:\windows\EHome
2009-03-21 09:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 21:36 <DIR> --d----- c:\windows\system32\Adobe
2009-03-19 14:52 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-19 14:52 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-19 14:52 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-03-17 06:40 34,578 a------- c:\windows\system32\drivers\NPDRIVER.SYS
2009-03-17 06:39 306,688 a------- c:\windows\IsUninst.exe
2009-03-17 06:32 4,608 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-03-17 06:32 <DIR> --d----- c:\program files\Norton AntiVirus
2009-03-17 06:32 124,016 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 06:32 91,904 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-17 06:32 <DIR> --d----- c:\docume~1\person~1\applic~1\Symantec
2009-03-17 06:30 <DIR> --d----- c:\program files\Symantec
2009-03-17 06:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-17 06:30 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-17 00:49 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-17 00:33 85,733 a------- c:\windows\system32\45e2305b-3ca2-23e2-7772-61fd9ba4c344.exe
2009-03-17 00:33 48,273 a------- c:\windows\system32\ercjfybcxwxijrj.exe
2009-03-17 00:09 <DIR> --d----- c:\docume~1\person~1\applic~1\LimeWire
2009-03-17 00:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-17 00:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-17 00:08 <DIR> --d----- c:\program files\LimeWire
2009-03-16 23:55 0 a------- c:\windows\iPlayer.INI
2009-03-16 23:52 <DIR> --d----- c:\program files\InterActual
2009-03-16 22:08 <DIR> --d----- c:\program files\iTunes
2009-03-16 22:06 38,229 -------- c:\windows\system32\drivers\StMp3Rec.sys
2009-03-16 22:06 <DIR> --d----- c:\program files\iPod
2009-03-16 22:04 <DIR> --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2009-03-22 20:19 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-16 23:36 388,096 a------- c:\windows\system32\rnyzmsvweipfnqhn.dll
2009-03-11 03:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 19:46:52.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 16 April 2009 - 04:40 PM

Just a little update... My Norton Antivirus finally detected a problem last night.. Apparently a Trojan that it couldn't do anything about.

Any help would be great!

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 17 April 2009 - 07:14 AM

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 April 2009 - 05:12 PM

Last night I downloaded AVG and did a scan that removed a few trojans.

Here is the first log:


SDFix: Version 1.240
Run by Personal Use on Fri 04/17/2009 at 04:55 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 16:59:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Shell"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgdiag.exe"="C:\\Program Files\\AVG\\AVG8\\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG8\\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 17 Mar 2009 836 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti15.tmp"

Finished!

#5 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 April 2009 - 05:55 PM

For some reason when I try to run combofix, the program comes up but says and does nothing. It has been like that for half an hour.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 17 April 2009 - 09:09 PM

Delete your version of ComboFix.. And also find and delete C:\qoobox folder..

Then do below..


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 18 April 2009 - 02:44 PM

Thank you.

Combofix log"

ComboFix 09-04-19.01 - Personal Use 04/18/2009 14:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1753 [GMT -5:00]
Running from: c:\documents and settings\Personal Use\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Personal Use\Application Data\020000002e28adb6577C.manifest
c:\documents and settings\Personal Use\Application Data\020000002e28adb6577O.manifest
c:\documents and settings\Personal Use\Application Data\020000002e28adb6577P.manifest
c:\documents and settings\Personal Use\Application Data\020000002e28adb6577S.manifest
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\rnyzmsvweipfnqhn.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 22:26 . 2009-04-17 22:26 -------- d--h--w c:\windows\PIF
2009-04-17 21:54 . 2009-04-17 21:54 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-17 21:52 . 2009-04-17 21:52 -------- d-----w c:\windows\ERUNT
2009-04-17 21:46 . 2009-04-17 22:01 -------- d-----w C:\SDFix
2009-04-16 22:41 . 2009-04-16 22:42 -------- d--h--w C:\$AVG8.VAULT$
2009-04-16 22:39 . 2009-04-16 22:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-16 22:39 . 2009-04-16 22:39 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-16 22:39 . 2009-04-16 22:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-16 22:39 . 2009-04-16 22:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-16 22:39 . 2009-04-18 14:05 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-16 22:39 . 2009-04-16 23:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-16 00:02 . 2009-04-16 00:02 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-16 00:02 . 2009-04-16 00:02 1409 ----a-w c:\windows\QTFont.for
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-15 15:15 . 2009-04-15 15:15 -------- d-sh--w c:\documents and settings\Personal Use\PrivacIE
2009-04-15 15:13 . 2009-04-15 15:13 -------- d-sh--w c:\documents and settings\Personal Use\IETldCache
2009-04-15 15:11 . 2009-04-15 15:11 -------- d-----w c:\windows\ie8updates
2009-04-15 15:08 . 2009-04-15 15:09 -------- dc-h--w c:\windows\ie8
2009-04-15 15:08 . 2009-04-15 15:11 -------- d--h--w c:\windows\msdownld.tmp
2009-04-15 15:06 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-15 09:17 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-15 09:17 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-15 08:26 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:26 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:26 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:26 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:26 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:26 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:26 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:26 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:25 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:25 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:34 . 2009-04-16 12:29 0 ----a-w c:\windows\Xvepocukexuguj.bin
2009-04-14 20:34 . 2009-04-14 20:34 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\{0981B0DF-CF48-485F-B9C9-464C8BEE8008}
2009-04-14 20:34 . 2009-04-16 20:01 408 ----a-w c:\windows\Gzaweyuvasaxog.dat
2009-04-14 04:39 . 2009-04-14 04:39 615 ----a-w c:\windows\system32\JbF0elP.vbs
2009-04-14 04:38 . 2009-04-14 04:38 -------- d-sh--w c:\windows\system32\NetworkService32
2009-04-14 04:38 . 2009-04-14 04:38 615 ----a-w c:\windows\system32\pmohn4MJWQpk3.vbs
2009-04-10 10:26 . 2009-04-10 10:26 710144 ----a-w c:\windows\system32\nsu8DA.dll
2009-04-10 02:34 . 2009-04-10 02:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-10 02:33 . 2009-04-10 02:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-10 02:33 . 2009-04-10 02:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-09 17:54 . 2009-04-09 17:54 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Roxio
2009-04-09 17:20 . 2009-04-09 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2009-04-09 17:19 . 2009-04-09 17:19 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Broderbund Software
2009-04-09 17:15 . 2004-01-20 08:08 970752 ----a-w c:\windows\system32\cdintf210.dll
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2009-04-09 17:00 . 2009-04-09 17:00 -------- d-----w C:\EPSONREG
2009-04-09 16:59 . 2009-04-09 16:59 -------- d-----w c:\documents and settings\Personal Use\Application Data\ArcSoft
2009-04-09 16:59 . 2005-02-23 19:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-04-09 16:59 . 2004-12-07 15:11 258352 ----a-w c:\windows\system32\unicows.dll
2009-04-09 16:59 . 1995-08-01 09:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-09 16:59 . 2006-10-20 21:11 126976 ----a-w c:\windows\system32\PhotoImpression Slideshow.scr
2009-04-09 16:57 . 2007-04-18 05:00 67072 ----a-w c:\windows\system32\escwiad.dll
2009-04-09 16:56 . 2009-04-09 17:00 44 ----a-w c:\windows\EPCX8400.ini
2009-04-09 16:47 . 2009-04-09 16:47 -------- d-----w c:\documents and settings\Personal Use\Application Data\Roxio
2009-04-09 04:15 . 2009-04-09 04:15 -------- d-----w c:\documents and settings\Personal Use\Application Data\Leadertech
2009-04-09 03:43 . 2009-04-09 03:43 59 ----a-w c:\windows\WININIT.INI
2009-03-30 23:43 . 2004-05-14 21:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-03-30 23:43 . 2004-01-12 07:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-03-30 23:43 . 2003-11-04 20:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-03-28 02:49 . 2009-04-15 07:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-27 16:42 . 2009-04-09 17:28 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\ApplicationHistory
2009-03-27 04:38 . 2009-04-17 20:07 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Google
2009-03-27 04:20 . 2009-03-30 23:09 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Adobe
2009-03-27 04:17 . 2009-03-27 04:17 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-27 04:10 . 2009-03-27 04:10 -------- d-----w c:\windows\system32\Backup
2009-03-27 04:10 . 2009-03-27 04:14 -------- d-----w c:\windows\SQLHotfix
2009-03-27 04:05 . 2009-03-27 04:05 466 ----a-w c:\windows\system32\mapisvc.inf
2009-03-27 04:05 . 2002-12-17 21:23 33340 ------w c:\windows\system32\dbmsqlgc.dll
2009-03-27 04:05 . 2002-10-20 19:05 24576 ------w c:\windows\system32\dbmsgnet.dll
2009-03-27 04:01 . 2009-03-27 04:02 -------- d-----w c:\windows\system32\URTTemp
2009-03-27 03:48 . 2009-03-27 03:48 376 ----a-w c:\windows\ODBC.INI
2009-03-27 03:48 . 2007-04-09 18:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-03-27 03:46 . 2009-03-27 03:47 -------- d-----w c:\windows\SHELLNEW
2009-03-27 03:43 . 2009-03-27 03:43 -------- d--h--r C:\MSOCache
2009-03-24 22:27 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-24 04:12 . 2009-03-24 04:12 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-24 04:12 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-24 03:35 . 2009-04-15 07:48 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-23 15:27 . 2009-03-23 15:27 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-23 15:27 . 2009-03-23 15:27 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-23 04:24 . 2009-03-23 04:24 -------- d-----w c:\windows\Sun
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\scripting
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\l2schemas
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\en
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\bits
2009-03-23 01:12 . 2009-03-23 01:17 -------- d-----w c:\windows\ServicePackFiles
2009-03-23 01:01 . 2009-03-23 01:01 -------- d-----w c:\windows\EHome
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 02:36 . 2009-03-27 04:15 -------- d-----w c:\windows\system32\Adobe
2009-03-19 20:10 . 2009-04-07 23:45 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\WMTools Downloaded Files
2009-03-19 19:52 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-03-19 19:52 . 2004-08-04 05:56 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-03-19 19:52 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 19:39 . 2009-03-26 13:01 6940 ----a-w C:\aaw7boot.log
2009-04-17 18:39 . 2009-03-17 11:30 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 22:39 . 2009-04-16 22:39 -------- d-----w c:\program files\AVG
2009-04-15 14:40 . 2009-03-17 11:44 84616 ----a-w c:\documents and settings\Personal Use\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 08:31 . 2009-03-27 03:46 -------- d-----w c:\program files\Microsoft Works
2009-04-15 08:28 . 2009-04-15 08:28 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 07:52 . 2009-04-15 07:52 67 ----a-w C:\inferno.log
2009-04-14 05:01 . 2009-03-17 05:09 -------- d-----w c:\documents and settings\Personal Use\Application Data\LimeWire
2009-04-13 20:45 . 2009-03-17 05:33 85733 ----a-w c:\windows\system32\45e2305b-3ca2-23e2-7772-61fd9ba4c344.exe
2009-04-11 08:00 . 2009-04-11 08:00 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 17:54 . 2009-04-09 17:15 -------- d-----w c:\program files\Web Publish
2009-04-09 17:20 . 2009-04-09 17:13 -------- d-----w c:\program files\PrintMaster 16
2009-04-09 17:15 . 2009-04-09 17:13 -------- d-----w c:\program files\Common Files\Broderbund
2009-04-09 17:00 . 2009-04-09 16:57 -------- d-----w c:\program files\epson
2009-04-09 16:59 . 2009-04-09 16:58 -------- d-----w c:\program files\ArcSoft
2009-04-09 16:59 . 2009-03-12 06:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 16:59 . 2009-04-09 16:59 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-09 16:58 . 2009-04-09 16:58 -------- d-----w c:\documents and settings\Personal Use\Application Data\InstallShield
2009-04-09 16:58 . 2009-04-09 16:58 -------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-04-09 16:47 . 2009-04-09 16:45 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-09 16:46 . 2009-04-09 16:46 -------- d-----w c:\program files\Roxio
2009-04-09 03:43 . 2009-04-09 03:43 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-09 03:43 . 2009-04-09 03:43 -------- d-----w c:\program files\Sonic
2009-03-27 04:20 . 2009-03-27 04:20 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-27 04:20 . 2009-03-27 04:19 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 04:17 . 2009-03-27 04:17 -------- d-----w c:\program files\NOS
2009-03-27 04:04 . 2009-03-27 04:04 -------- d-----w c:\program files\Microsoft Visual Studio .NET 2003
2009-03-27 04:04 . 2009-03-27 04:04 -------- d-----w c:\program files\Common Files\Crystal Decisions
2009-03-27 04:03 . 2009-03-27 04:03 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-27 03:47 . 2009-03-27 03:47 -------- d-----w c:\program files\Common Files\L&H
2009-03-27 03:47 . 2009-03-27 03:47 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-25 14:23 . 2009-03-17 05:33 48273 ----a-w c:\windows\system32\ercjfybcxwxijrj.exe
2009-03-23 01:19 . 2009-03-11 08:28 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 01:07 . 2004-08-12 14:02 250048 --sha-r C:\ntldr
2009-03-23 01:00 . 2009-03-17 03:09 -------- d-----w c:\documents and settings\Personal Use\Application Data\Apple Computer
2009-03-17 15:39 . 2009-03-17 11:32 -------- d-----w c:\program files\Norton AntiVirus
2009-03-17 14:59 . 2009-03-17 11:30 -------- d-----w c:\program files\Symantec
2009-03-17 14:45 . 2009-03-17 11:32 -------- d-----w c:\documents and settings\Personal Use\Application Data\Symantec
2009-03-17 11:43 . 2009-03-17 11:30 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-17 11:32 . 2009-03-17 11:32 4608 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2009-03-17 06:13 . 2009-03-17 06:13 -------- d-----w c:\documents and settings\Personal Use\Application Data\CyberLink
2009-03-17 06:10 . 2009-03-17 06:10 -------- d-----w c:\program files\CyberLink
2009-03-17 06:09 . 2009-03-12 06:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-17 05:09 . 2009-03-17 05:08 -------- d-----w c:\program files\LimeWire
2009-03-17 05:08 . 2009-03-17 05:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 05:08 . 2009-03-17 05:08 -------- d-----w c:\program files\Java
2009-03-17 04:52 . 2009-03-17 04:52 -------- d-----w c:\program files\InterActual
2009-03-17 03:09 . 2009-03-17 03:08 -------- d-----w c:\program files\QuickTime
2009-03-17 03:08 . 2009-03-17 03:08 -------- d-----w c:\program files\iTunes
2009-03-17 03:08 . 2009-03-17 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-17 03:06 . 2009-03-17 03:06 -------- d-----w c:\program files\iPod
2009-03-12 06:13 . 2009-03-12 06:12 -------- d-----w c:\program files\Analog Devices
2009-03-11 08:29 . 2009-03-11 08:29 -------- d-----w c:\program files\microsoft frontpage
2009-03-11 08:26 . 2009-03-11 08:26 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 09:34 . 2004-08-12 14:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-12 13:59 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-12 13:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-12 14:08 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-12 13:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-12 13:58 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-12 13:58 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-12 14:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-12 14:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-12 14:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-12 14:03 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-12 13:59 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-12 14:04 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-12 14:02 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-12 13:55 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-12 14:09 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-12 14:05 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-12 14:02 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-12 14:04 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-12 14:04 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a4a9519-cc7c-dcac-74a3-8c4ea8da15e9}]
2009-04-10 10:26 710144 ----a-w c:\windows\system32\nsu8DA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus CX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-17 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 136600]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2005-01-10 79472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-02-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-16 1932568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-16 22:39 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dsuiext32.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mbdhkbdu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-16 12552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-16 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-16 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-16 298264]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]

.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Personal Use.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 17:54]
.
- - - - ORPHANS REMOVED - - - -

BHO-{35AE9B5C-9C8D-84F5-3A92-BF219129C7F2} - c:\windows\system32\rnyzmsvweipfnqhn.dll
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM-Run-Xluzidinig - c:\windows\ehifukifurizevul.dll
Notify-1c97d3b2577 - c:\windows\System32\dsuiext32.dll
Notify-__c005061C - c:\windows\system32\__c005061C.dat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 14:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Messenger\msmsgs.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-04-18 14:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 19:43

Pre-Run: 25,587,146,752 bytes free
Post-Run: 25,633,603,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

339 --- E O F --- 2009-04-11 08:00

#8 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 18 April 2009 - 02:47 PM

DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Personal Use at 14:46:27.85 on Sat 04/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1630 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Personal Use\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: precisead: {5a4a9519-cc7c-dcac-74a3-8c4ea8da15e9} - c:\windows\system32\nsu8DA.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_SE7.tmp" /EF "HKCU"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239781424562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\dsuiext32.dll
LSA: Notification Packages = scecli mbdhkbdu.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-16 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-23 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-16 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton antivirus\advtools\NPROTECT.EXE [2009-3-17 135168]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-3-17 822424]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-1-10 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-26 33176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-1-10 177264]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NAVENG.Sys [2009-4-15 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NavEx15.Sys [2009-4-15 876144]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-12-10 198368]

=============== Created Last 30 ================

2009-04-18 14:35 <DIR> a-dshr-- C:\cmdcons
2009-04-18 14:34 161,792 a------- c:\windows\SWREG.exe
2009-04-18 14:34 98,816 a------- c:\windows\sed.exe
2009-04-17 17:26 <DIR> --d-h--- c:\windows\PIF
2009-04-17 16:54 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-17 16:52 <DIR> --d----- c:\windows\ERUNT
2009-04-17 16:46 <DIR> --d----- C:\SDFix
2009-04-16 17:41 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-16 17:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-16 17:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:39 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-16 17:39 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-16 17:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-16 17:39 <DIR> --d----- c:\program files\AVG
2009-04-16 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-15 19:02 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-15 19:02 1,409 a------- c:\windows\QTFont.for
2009-04-15 10:15 <DIR> --dsh--- c:\documents and settings\personal use\PrivacIE
2009-04-15 10:13 <DIR> --dsh--- c:\documents and settings\personal use\IETldCache
2009-04-15 10:11 <DIR> --d----- c:\windows\ie8updates
2009-04-15 10:08 <DIR> -cd-h--- c:\windows\ie8
2009-04-15 10:08 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-15 10:06 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-15 04:17 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-15 04:17 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 03:28 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 03:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 03:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 03:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 03:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 03:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 03:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 03:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 03:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 03:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 03:25 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 03:25 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 03:25 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 15:34 0 a------- c:\windows\Xvepocukexuguj.bin
2009-04-14 15:34 408 a------- c:\windows\Gzaweyuvasaxog.dat
2009-04-13 23:39 615 a------- c:\windows\system32\JbF0elP.vbs
2009-04-13 23:38 <DIR> --dsh--- c:\windows\system32\NetworkService32
2009-04-13 23:38 615 a------- c:\windows\system32\pmohn4MJWQpk3.vbs
2009-04-11 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-10 05:26 710,144 a------- c:\windows\system32\nsu8DA.dll
2009-04-09 21:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-09 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Riverdeep Interactive Learning Limited
2009-04-09 12:15 <DIR> --d----- c:\program files\Web Publish
2009-04-09 12:15 970,752 a------- c:\windows\system32\cdintf210.dll
2009-04-09 12:13 <DIR> --d----- c:\program files\common files\Broderbund
2009-04-09 12:13 <DIR> --d----- c:\program files\PrintMaster 16
2009-04-09 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Broderbund Software
2009-04-09 12:00 <DIR> --d----- C:\EPSONREG
2009-04-09 11:59 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-04-09 11:59 258,352 a------- c:\windows\system32\unicows.dll
2009-04-09 11:59 212,480 a------- c:\windows\PCDLIB32.DLL
2009-04-09 11:59 126,976 a------- c:\windows\system32\PhotoImpression Slideshow.scr
2009-04-09 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-04-09 11:57 <DIR> --d----- c:\program files\epson
2009-04-09 11:57 67,072 a------- c:\windows\system32\escwiad.dll
2009-04-09 11:56 44 a------- c:\windows\EPCX8400.ini
2009-04-09 11:46 <DIR> --d----- c:\program files\Roxio
2009-04-08 22:43 59 a------- c:\windows\WININIT.INI
2009-04-08 22:43 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 22:43 <DIR> --d----- c:\program files\Sonic
2009-03-30 18:43 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-03-30 18:43 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-03-30 18:43 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-03-30 18:43 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-03-30 18:43 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-03-30 18:43 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-03-30 18:43 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-03-30 18:43 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-03-27 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-26 23:10 <DIR> --d----- c:\windows\system32\Backup
2009-03-26 23:10 <DIR> --d----- c:\windows\SQLHotfix
2009-03-26 23:05 466 a------- c:\windows\system32\mapisvc.inf
2009-03-26 23:05 33,340 -------- c:\windows\system32\dbmsqlgc.dll
2009-03-26 23:05 24,576 -------- c:\windows\system32\dbmsgnet.dll
2009-03-26 23:04 <DIR> --d----- c:\program files\common files\Crystal Decisions
2009-03-26 23:03 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-26 23:01 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-26 22:48 376 a------- c:\windows\ODBC.INI
2009-03-26 22:48 28,040 a------- c:\windows\system32\mdimon.dll
2009-03-26 22:47 <DIR> --d----- c:\program files\common files\L&H
2009-03-26 22:47 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-26 22:46 <DIR> --d----- c:\windows\SHELLNEW
2009-03-24 17:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-23 23:12 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\scripting
2009-03-22 20:16 <DIR> --d----- c:\windows\l2schemas
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\en
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\bits
2009-03-22 20:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-22 20:08 <DIR> --d----- c:\windows\network diagnostic
2009-03-22 20:01 <DIR> --d----- c:\windows\EHome
2009-03-21 09:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 21:36 <DIR> --d----- c:\windows\system32\Adobe
2009-03-19 14:52 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-19 14:52 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-19 14:52 15,104 a------- c:\windows\system32\drivers\usbscan.sys

==================== Find3M ====================

2009-04-13 15:45 85,733 a------- c:\windows\system32\45e2305b-3ca2-23e2-7772-61fd9ba4c344.exe
2009-03-25 09:23 48,273 a------- c:\windows\system32\ercjfybcxwxijrj.exe
2009-03-22 20:19 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-17 06:32 4,608 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-03-17 00:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 03:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 14:46:38.84 ===============

Attached Files


Edited by McShady, 18 April 2009 - 02:48 PM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 18 April 2009 - 09:16 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/index.php?showtopic=219724&view=findpost&p=1228793

KillAll::

Collect::
c:\windows\Xvepocukexuguj.bin
c:\windows\Gzaweyuvasaxog.dat
c:\windows\system32\JbF0elP.vbs
c:\windows\system32\pmohn4MJWQpk3.vbs
c:\windows\system32\nsu8DA.dll
c:\windows\system32\ercjfybcxwxijrj.exe
c:\windows\System32\dsuiext32.dll

Folder::
c:\windows\system32\NetworkService32

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a4a9519-cc7c-dcac-74a3-8c4ea8da15e9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • Simply follow the instructions to copy/paste/send the requested file.
Note::
If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here[/color=red]).zip[/color] and upload it at this site

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 April 2009 - 02:37 PM

ComboFix log:

ComboFix 09-04-19.05 - Personal Use 04/19/2009 14:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1802 [GMT -5:00]
Running from: c:\documents and settings\Personal Use\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Personal Use\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Gzaweyuvasaxog.dat
c:\windows\system32\ercjfybcxwxijrj.exe
c:\windows\system32\JbF0elP.vbs
c:\windows\system32\NetworkService32
c:\windows\system32\NetworkService32\101.crack.zip
c:\windows\system32\NetworkService32\101.crack.zip.kwd
c:\windows\system32\NetworkService32\102.keygen.zip
c:\windows\system32\NetworkService32\102.keygen.zip.kwd
c:\windows\system32\NetworkService32\103.serial.zip
c:\windows\system32\NetworkService32\103.serial.zip.kwd
c:\windows\system32\NetworkService32\104.setup.zip
c:\windows\system32\NetworkService32\104.setup.zip.kwd
c:\windows\system32\NetworkService32\105.music.mp3
c:\windows\system32\NetworkService32\105.music.mp3.kwd
c:\windows\system32\NetworkService32\106.music.snd
c:\windows\system32\NetworkService32\106.music.snd.kwd
c:\windows\system32\NetworkService32\107.music.au
c:\windows\system32\NetworkService32\107.music.au.kwd
c:\windows\system32\NetworkService32\108.video.wmv
c:\windows\system32\NetworkService32\108.video.wmv.kwd
c:\windows\system32\nsu8DA.dll
c:\windows\system32\pmohn4MJWQpk3.vbs
c:\windows\Xvepocukexuguj.bin

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-17 22:26 . 2009-04-17 22:26 -------- d--h--w c:\windows\PIF
2009-04-17 21:54 . 2009-04-17 21:54 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-17 21:52 . 2009-04-17 21:52 -------- d-----w c:\windows\ERUNT
2009-04-17 21:46 . 2009-04-17 22:01 -------- d-----w C:\SDFix
2009-04-16 22:41 . 2009-04-16 22:42 -------- d--h--w C:\$AVG8.VAULT$
2009-04-16 22:39 . 2009-04-16 22:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-16 22:39 . 2009-04-16 22:39 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-16 22:39 . 2009-04-16 22:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-16 22:39 . 2009-04-16 22:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-16 22:39 . 2009-04-18 14:05 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-16 22:39 . 2009-04-16 23:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-16 00:02 . 2009-04-16 00:02 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-16 00:02 . 2009-04-16 00:02 1409 ----a-w c:\windows\QTFont.for
2009-04-15 15:19 . 2009-04-15 15:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-15 15:15 . 2009-04-15 15:15 -------- d-sh--w c:\documents and settings\Personal Use\PrivacIE
2009-04-15 15:13 . 2009-04-15 15:13 -------- d-sh--w c:\documents and settings\Personal Use\IETldCache
2009-04-15 15:11 . 2009-04-15 15:11 -------- d-----w c:\windows\ie8updates
2009-04-15 15:08 . 2009-04-15 15:09 -------- dc-h--w c:\windows\ie8
2009-04-15 15:08 . 2009-04-15 15:11 -------- d--h--w c:\windows\msdownld.tmp
2009-04-15 15:06 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-15 09:17 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-15 09:17 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-15 08:26 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:26 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:26 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:26 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:26 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:26 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:26 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:26 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:25 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:25 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:34 . 2009-04-14 20:34 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\{0981B0DF-CF48-485F-B9C9-464C8BEE8008}
2009-04-10 02:34 . 2009-04-10 02:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-10 02:33 . 2009-04-10 02:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-10 02:33 . 2009-04-10 02:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-09 17:54 . 2009-04-09 17:54 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Roxio
2009-04-09 17:20 . 2009-04-09 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2009-04-09 17:19 . 2009-04-09 17:19 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Broderbund Software
2009-04-09 17:15 . 2004-01-20 08:08 970752 ----a-w c:\windows\system32\cdintf210.dll
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2009-04-09 17:00 . 2009-04-09 17:00 -------- d-----w C:\EPSONREG
2009-04-09 16:59 . 2009-04-09 16:59 -------- d-----w c:\documents and settings\Personal Use\Application Data\ArcSoft
2009-04-09 16:59 . 2005-02-23 19:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-04-09 16:59 . 2004-12-07 15:11 258352 ----a-w c:\windows\system32\unicows.dll
2009-04-09 16:59 . 1995-08-01 09:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-09 16:59 . 2006-10-20 21:11 126976 ----a-w c:\windows\system32\PhotoImpression Slideshow.scr
2009-04-09 16:57 . 2007-04-18 05:00 67072 ----a-w c:\windows\system32\escwiad.dll
2009-04-09 16:56 . 2009-04-09 17:00 44 ----a-w c:\windows\EPCX8400.ini
2009-04-09 16:47 . 2009-04-09 16:47 -------- d-----w c:\documents and settings\Personal Use\Application Data\Roxio
2009-04-09 04:15 . 2009-04-09 04:15 -------- d-----w c:\documents and settings\Personal Use\Application Data\Leadertech
2009-04-09 03:43 . 2009-04-09 03:43 59 ----a-w c:\windows\WININIT.INI
2009-03-30 23:43 . 2004-05-14 21:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-03-30 23:43 . 2004-05-14 21:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-03-30 23:43 . 2004-01-12 07:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-03-30 23:43 . 2003-11-04 20:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-03-28 02:49 . 2009-04-15 07:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-27 16:42 . 2009-04-09 17:28 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\ApplicationHistory
2009-03-27 04:38 . 2009-04-17 20:07 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Google
2009-03-27 04:20 . 2009-03-30 23:09 -------- d-----w c:\documents and settings\Personal Use\Local Settings\Application Data\Adobe
2009-03-27 04:17 . 2009-03-27 04:17 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-27 04:10 . 2009-03-27 04:10 -------- d-----w c:\windows\system32\Backup
2009-03-27 04:10 . 2009-03-27 04:14 -------- d-----w c:\windows\SQLHotfix
2009-03-27 04:05 . 2009-03-27 04:05 466 ----a-w c:\windows\system32\mapisvc.inf
2009-03-27 04:05 . 2002-12-17 21:23 33340 ------w c:\windows\system32\dbmsqlgc.dll
2009-03-27 04:05 . 2002-10-20 19:05 24576 ------w c:\windows\system32\dbmsgnet.dll
2009-03-27 04:01 . 2009-03-27 04:02 -------- d-----w c:\windows\system32\URTTemp
2009-03-27 03:48 . 2009-03-27 03:48 376 ----a-w c:\windows\ODBC.INI
2009-03-27 03:48 . 2007-04-09 18:23 28040 ----a-w c:\windows\system32\mdimon.dll
2009-03-27 03:46 . 2009-03-27 03:47 -------- d-----w c:\windows\SHELLNEW
2009-03-27 03:43 . 2009-03-27 03:43 -------- d--h--r C:\MSOCache
2009-03-24 22:27 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-24 04:12 . 2009-03-24 04:12 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-24 04:12 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-24 03:35 . 2009-04-15 07:48 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-23 15:27 . 2009-03-23 15:27 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-23 15:27 . 2009-03-23 15:27 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-23 04:24 . 2009-03-23 04:24 -------- d-----w c:\windows\Sun
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\scripting
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\l2schemas
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\en
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\windows\system32\bits
2009-03-23 01:12 . 2009-03-23 01:17 -------- d-----w c:\windows\ServicePackFiles
2009-03-23 01:01 . 2009-03-23 01:01 -------- d-----w c:\windows\EHome
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 02:36 . 2009-03-27 04:15 -------- d-----w c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 19:31 . 2009-03-26 13:01 7388 ----a-w C:\aaw7boot.log
2009-04-18 20:08 . 2009-03-17 05:09 -------- d-----w c:\documents and settings\Personal Use\Application Data\LimeWire
2009-04-17 18:39 . 2009-03-17 11:30 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 22:39 . 2009-04-16 22:39 -------- d-----w c:\program files\AVG
2009-04-15 14:40 . 2009-03-17 11:44 84616 ----a-w c:\documents and settings\Personal Use\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 08:31 . 2009-03-27 03:46 -------- d-----w c:\program files\Microsoft Works
2009-04-15 08:28 . 2009-04-15 08:28 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 07:52 . 2009-04-15 07:52 67 ----a-w C:\inferno.log
2009-04-13 20:45 . 2009-03-17 05:33 85733 ----a-w c:\windows\system32\45e2305b-3ca2-23e2-7772-61fd9ba4c344.exe
2009-04-11 08:00 . 2009-04-11 08:00 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 17:54 . 2009-04-09 17:15 -------- d-----w c:\program files\Web Publish
2009-04-09 17:20 . 2009-04-09 17:13 -------- d-----w c:\program files\PrintMaster 16
2009-04-09 17:15 . 2009-04-09 17:13 -------- d-----w c:\program files\Common Files\Broderbund
2009-04-09 17:00 . 2009-04-09 16:57 -------- d-----w c:\program files\epson
2009-04-09 16:59 . 2009-04-09 16:58 -------- d-----w c:\program files\ArcSoft
2009-04-09 16:59 . 2009-03-12 06:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 16:59 . 2009-04-09 16:59 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-09 16:58 . 2009-04-09 16:58 -------- d-----w c:\documents and settings\Personal Use\Application Data\InstallShield
2009-04-09 16:58 . 2009-04-09 16:58 -------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-04-09 16:47 . 2009-04-09 16:45 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-09 16:46 . 2009-04-09 16:46 -------- d-----w c:\program files\Roxio
2009-04-09 03:43 . 2009-04-09 03:43 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-09 03:43 . 2009-04-09 03:43 -------- d-----w c:\program files\Sonic
2009-03-27 04:20 . 2009-03-27 04:20 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-27 04:20 . 2009-03-27 04:19 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 04:17 . 2009-03-27 04:17 -------- d-----w c:\program files\NOS
2009-03-27 04:04 . 2009-03-27 04:04 -------- d-----w c:\program files\Microsoft Visual Studio .NET 2003
2009-03-27 04:04 . 2009-03-27 04:04 -------- d-----w c:\program files\Common Files\Crystal Decisions
2009-03-27 04:03 . 2009-03-27 04:03 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-27 03:47 . 2009-03-27 03:47 -------- d-----w c:\program files\Common Files\L&H
2009-03-27 03:47 . 2009-03-27 03:47 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-23 01:19 . 2009-03-11 08:28 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 01:07 . 2004-08-12 14:02 250048 --sha-r C:\ntldr
2009-03-23 01:00 . 2009-03-17 03:09 -------- d-----w c:\documents and settings\Personal Use\Application Data\Apple Computer
2009-03-17 15:39 . 2009-03-17 11:32 -------- d-----w c:\program files\Norton AntiVirus
2009-03-17 14:59 . 2009-03-17 11:30 -------- d-----w c:\program files\Symantec
2009-03-17 14:45 . 2009-03-17 11:32 -------- d-----w c:\documents and settings\Personal Use\Application Data\Symantec
2009-03-17 11:43 . 2009-03-17 11:30 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-17 11:32 . 2009-03-17 11:32 4608 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2009-03-17 06:13 . 2009-03-17 06:13 -------- d-----w c:\documents and settings\Personal Use\Application Data\CyberLink
2009-03-17 06:10 . 2009-03-17 06:10 -------- d-----w c:\program files\CyberLink
2009-03-17 06:09 . 2009-03-12 06:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-17 05:09 . 2009-03-17 05:08 -------- d-----w c:\program files\LimeWire
2009-03-17 05:08 . 2009-03-17 05:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 05:08 . 2009-03-17 05:08 -------- d-----w c:\program files\Java
2009-03-17 04:52 . 2009-03-17 04:52 -------- d-----w c:\program files\InterActual
2009-03-17 03:09 . 2009-03-17 03:08 -------- d-----w c:\program files\QuickTime
2009-03-17 03:08 . 2009-03-17 03:08 -------- d-----w c:\program files\iTunes
2009-03-17 03:08 . 2009-03-17 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-17 03:06 . 2009-03-17 03:06 -------- d-----w c:\program files\iPod
2009-03-12 06:13 . 2009-03-12 06:12 -------- d-----w c:\program files\Analog Devices
2009-03-11 08:29 . 2009-03-11 08:29 -------- d-----w c:\program files\microsoft frontpage
2009-03-11 08:26 . 2009-03-11 08:26 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 09:34 . 2004-08-12 14:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-12 13:59 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-12 13:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-12 14:08 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-12 13:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-12 13:58 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-12 13:58 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-12 14:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-12 14:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-12 14:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-12 14:03 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-12 13:59 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-12 14:04 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-12 14:02 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-12 13:55 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-12 14:09 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-12 14:05 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-12 14:02 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-12 14:04 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-12 14:04 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_19.40.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 19:32 . 2009-04-19 19:32 16384 c:\windows\temp\Perflib_Perfdata_98.dat
+ 2009-04-19 19:32 . 2009-04-19 19:32 16384 c:\windows\temp\Perflib_Perfdata_23c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus CX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-17 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 136600]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2005-01-10 79472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-02-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-16 1932568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-16 22:39 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-16 12552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-16 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-16 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-16 298264]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]

.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Personal Use.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 17:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-04-19 14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 19:35
ComboFix2.txt 2009-04-18 19:43

Pre-Run: 24,765,382,656 bytes free
Post-Run: 25,197,658,112 bytes free

329 --- E O F --- 2009-04-11 08:00

#11 McShady

McShady
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 April 2009 - 02:38 PM

DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Personal Use at 14:37:31.14 on Sun 04/19/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2294.1715 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Personal Use\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_SE7.tmp" /EF "HKCU"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239781424562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-16 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-23 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-16 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181608]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton antivirus\advtools\NPROTECT.EXE [2009-3-17 135168]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-3-17 822424]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2005-1-10 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-26 33176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-1-10 177264]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NAVENG.Sys [2009-4-15 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.003\NavEx15.Sys [2009-4-15 876144]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-12-10 198368]

=============== Created Last 30 ================

2009-04-18 14:35 <DIR> a-dshr-- C:\cmdcons
2009-04-18 14:34 161,792 a------- c:\windows\SWREG.exe
2009-04-18 14:34 98,816 a------- c:\windows\sed.exe
2009-04-17 17:26 <DIR> --d-h--- c:\windows\PIF
2009-04-17 16:54 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-17 16:52 <DIR> --d----- c:\windows\ERUNT
2009-04-17 16:46 <DIR> --d----- C:\SDFix
2009-04-16 17:41 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-16 17:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-16 17:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:39 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-16 17:39 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-16 17:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-16 17:39 <DIR> --d----- c:\program files\AVG
2009-04-16 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-15 19:02 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-15 19:02 1,409 a------- c:\windows\QTFont.for
2009-04-15 10:15 <DIR> --dsh--- c:\documents and settings\personal use\PrivacIE
2009-04-15 10:13 <DIR> --dsh--- c:\documents and settings\personal use\IETldCache
2009-04-15 10:11 <DIR> --d----- c:\windows\ie8updates
2009-04-15 10:08 <DIR> -cd-h--- c:\windows\ie8
2009-04-15 10:08 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-15 10:06 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-15 04:17 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-15 04:17 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-15 03:28 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-15 03:26 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 03:26 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 03:26 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 03:26 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 03:26 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 03:26 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 03:26 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 03:26 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 03:26 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 03:25 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 03:25 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 03:25 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-11 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-09 21:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-09 21:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-09 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Riverdeep Interactive Learning Limited
2009-04-09 12:15 <DIR> --d----- c:\program files\Web Publish
2009-04-09 12:15 970,752 a------- c:\windows\system32\cdintf210.dll
2009-04-09 12:13 <DIR> --d----- c:\program files\common files\Broderbund
2009-04-09 12:13 <DIR> --d----- c:\program files\PrintMaster 16
2009-04-09 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Broderbund Software
2009-04-09 12:00 <DIR> --d----- C:\EPSONREG
2009-04-09 11:59 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-04-09 11:59 258,352 a------- c:\windows\system32\unicows.dll
2009-04-09 11:59 212,480 a------- c:\windows\PCDLIB32.DLL
2009-04-09 11:59 126,976 a------- c:\windows\system32\PhotoImpression Slideshow.scr
2009-04-09 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-04-09 11:57 <DIR> --d----- c:\program files\epson
2009-04-09 11:57 67,072 a------- c:\windows\system32\escwiad.dll
2009-04-09 11:56 44 a------- c:\windows\EPCX8400.ini
2009-04-09 11:46 <DIR> --d----- c:\program files\Roxio
2009-04-08 22:43 59 a------- c:\windows\WININIT.INI
2009-04-08 22:43 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 22:43 <DIR> --d----- c:\program files\Sonic
2009-03-30 18:43 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-03-30 18:43 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-03-30 18:43 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-03-30 18:43 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-03-30 18:43 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-03-30 18:43 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-03-30 18:43 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-03-30 18:43 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-03-27 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-26 23:10 <DIR> --d----- c:\windows\system32\Backup
2009-03-26 23:10 <DIR> --d----- c:\windows\SQLHotfix
2009-03-26 23:05 466 a------- c:\windows\system32\mapisvc.inf
2009-03-26 23:05 33,340 -------- c:\windows\system32\dbmsqlgc.dll
2009-03-26 23:05 24,576 -------- c:\windows\system32\dbmsgnet.dll
2009-03-26 23:04 <DIR> --d----- c:\program files\common files\Crystal Decisions
2009-03-26 23:03 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-26 23:01 <DIR> --d----- c:\windows\system32\URTTemp
2009-03-26 22:48 376 a------- c:\windows\ODBC.INI
2009-03-26 22:48 28,040 a------- c:\windows\system32\mdimon.dll
2009-03-26 22:47 <DIR> --d----- c:\program files\common files\L&H
2009-03-26 22:47 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-26 22:46 <DIR> --d----- c:\windows\SHELLNEW
2009-03-24 17:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-23 23:12 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-23 10:27 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\scripting
2009-03-22 20:16 <DIR> --d----- c:\windows\l2schemas
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\en
2009-03-22 20:16 <DIR> --d----- c:\windows\system32\bits
2009-03-22 20:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-22 20:08 <DIR> --d----- c:\windows\network diagnostic
2009-03-22 20:01 <DIR> --d----- c:\windows\EHome
2009-03-21 09:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 21:36 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-04-13 15:45 85,733 a------- c:\windows\system32\45e2305b-3ca2-23e2-7772-61fd9ba4c344.exe
2009-03-22 20:19 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-17 06:32 4,608 a------- c:\windows\system32\drivers\symlcbrd.sys
2009-03-17 00:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 03:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 14:37:41.78 ===============

Attached Files


Edited by McShady, 19 April 2009 - 02:39 PM.


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 19 April 2009 - 10:20 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post me these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. How's the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 24 April 2009 - 08:19 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users