Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access Windows Update site....redirects me to Google.com


  • This topic is locked This topic is locked
26 replies to this topic

#1 Kenneth Woel

Kenneth Woel

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 May 2009 - 03:22 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kenny at 16:20:20.31 on Tue 05/05/2009
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1573 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kenny\Local Settings\Temporary Internet Files\Content.IE5\6P89SBUD\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-4 26624]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-3 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-3 55640]
S0 ffntavg;ffntavg;c:\windows\system32\drivers\xpubfsjp.sys --> c:\windows\system32\drivers\xpubfsjp.sys [?]
S0 muglty;muglty;c:\windows\system32\drivers\vradjdly.sys --> c:\windows\system32\drivers\vradjdly.sys [?]
S0 nsjia;nsjia;c:\windows\system32\drivers\mjaqua.sys --> c:\windows\system32\drivers\mjaqua.sys [?]
S0 PSBoot;Panda boot driver;c:\windows\system32\drivers\psboot.sys --> c:\windows\system32\drivers\PSBoot.sys [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-3 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-3 185089]

=============== Created Last 30 ================

2009-05-05 16:07 <DIR> --ds---- c:\documents and settings\kenny\UserData
2009-05-05 15:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-05 15:48 <DIR> --d----- c:\documents and settings\Kenny
2009-05-05 15:21 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-05 03:19 <DIR> --d----- c:\program files\Yahoo!
2009-05-04 17:26 <DIR> --d----- c:\windows\pss
2009-05-04 17:06 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-04 05:23 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-04 05:23 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-05-04 04:50 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-05-04 04:49 <DIR> --d----- c:\windows\network diagnostic
2009-05-04 04:49 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-04 04:49 19,569 a------- c:\windows\002770_.tmp
2009-05-04 02:28 <DIR> a-dshr-- C:\cmdcons
2009-05-04 02:17 <DIR> --d----- c:\program files\trend micro
2009-05-04 01:41 26,624 a------- c:\windows\system32\drivers\fsbts.sys
2009-05-04 01:08 <DIR> --d----- c:\program files\CCleaner
2009-05-03 21:18 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-03 21:18 <DIR> --d----- c:\program files\Avira
2009-05-03 21:18 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-05-03 19:16 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-03 19:16 <DIR> --d----- c:\windows\system32\796525
2009-05-03 17:57 <DIR> --d----- c:\program files\FrostWire
2009-05-03 17:49 22,528 a------- c:\windows\system32\wsock32.dlb
2009-05-03 17:49 205,560 a------- c:\windows\UNBOC.EXE
2009-05-03 17:49 212,728 a------- c:\windows\CMDLIC.DLL
2009-05-03 17:49 <DIR> --d----- c:\program files\Comodo
2009-05-01 02:36 0 a------- c:\windows\system32\commonpriv.log.lock
2009-05-01 02:20 <DIR> --d----- c:\windows\ERUNT
2009-05-01 01:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 01:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 01:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-01 01:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-01 01:21 <DIR> --d----- c:\program files\Autorun Eater
2009-05-01 01:01 947 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-04-29 23:30 <DIR> --d----- c:\program files\AVG
2009-04-29 21:53 2,422 a------- c:\windows\system32\wpa.bak
2009-04-29 21:36 <DIR> --d----- c:\program files\DNA
2009-04-29 21:36 <DIR> --d----- c:\program files\BitTorrent
2009-04-29 20:49 <DIR> --d----- c:\program files\Panda Security
2009-04-29 20:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Panda Security
2009-04-29 20:20 <DIR> --d----- c:\program files\Auslogics
2009-04-29 15:42 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-29 03:46 51,048 a------- c:\windows\system32\nvapps.xml
2009-04-29 03:46 208,896 a------- c:\windows\system32\nvudisp.exe
2009-04-29 03:46 16,960 a------- c:\windows\system32\nvdisp.nvu
2009-04-29 03:39 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-29 03:25 102,400 a------- c:\windows\system32\vsnp2uvc.dll
2009-04-29 03:25 102,400 a------- c:\windows\HPWebcam.exe
2009-04-29 03:25 53,248 a------- c:\windows\csnp2uvc.dll
2009-04-29 03:25 47,744 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-04-29 03:25 26,880 a------- c:\windows\system32\drivers\sncduvc.sys
2009-04-29 03:24 53,248 a------- c:\windows\system32\CSVer.dll
2009-04-29 03:24 <DIR> --d----- C:\Intel
2009-04-29 03:22 <DIR> --d----- c:\program files\Zipeg
2009-04-29 03:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvuide.exe
2009-04-29 03:17 1,570 -------- c:\windows\system32\nvide.nvu
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvunrm.exe
2009-04-29 03:17 101,888 a------- c:\windows\system32\drivers\nvtcp.sys
2009-04-29 03:17 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvusmb.exe
2009-04-29 03:17 1,231 a------- c:\windows\system32\nvsmb.nvu
2009-04-29 03:15 <DIR> --d----- c:\windows\Sminst
2009-04-29 03:08 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-04-29 03:08 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-29 03:08 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-04-29 03:08 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-04-29 03:08 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-04-29 03:08 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-04-29 03:08 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-04-29 03:08 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-04-29 03:08 <DIR> --d----- c:\program files\CONEXANT
2009-04-29 03:08 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-04-29 03:07 192,512 a------- c:\windows\VimicroCam.exe
2009-04-29 03:07 73,728 a------- c:\windows\VMInstNT.exe
2009-04-29 03:07 40,960 a------- c:\windows\VM303UninstNT.exe
2009-04-29 03:07 15,086 a------- c:\windows\uninstall.ico
2009-04-29 03:07 8,990 a------- c:\windows\Product.ico
2009-04-29 03:05 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-04-29 03:05 28,510 a------- c:\windows\system32\oeminfo.ini
2009-04-29 03:05 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-04-29 03:05 9,472 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-04-29 03:05 8,192 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-04-29 03:05 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-04-29 03:05 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-04-29 03:04 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-29 03:04 <DIR> --d----- c:\windows\_PrimaxInstallTempDir1
2009-04-29 03:04 229,376 -------- c:\windows\system32\PMUNINST.EXE
2009-04-29 02:22 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-04-29 02:22 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-04-29 02:22 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-04-29 02:22 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2009-04-29 02:22 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-04-29 02:20 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-04-29 02:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-29 02:12 19,528 a------- c:\windows\000001_.tmp
2009-04-29 02:12 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-29 02:11 <DIR> --d----- c:\windows\EHome
2009-04-29 02:07 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-29 02:06 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-04-29 02:06 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-04-29 02:04 5,632 ac------ c:\windows\system32\dllcache\kbdvntc.dll
2009-04-29 02:03 66,594 ac------ c:\windows\system32\dllcache\c_864.nls
2009-04-29 02:02 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-04-29 02:01 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-29 02:01 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-29 02:01 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-04-29 01:59 11,264 ac------ c:\windows\system32\dllcache\atrace.dll
2009-04-29 01:59 11,264 a------- c:\windows\system32\atrace.dll
2009-04-29 01:59 99,840 ac------ c:\windows\system32\dllcache\helphost.exe
2009-04-29 01:59 35,328 ac------ c:\windows\system32\dllcache\notiflag.exe
2009-04-29 01:59 21,504 ac------ c:\windows\system32\dllcache\brpinfo.dll
2009-04-29 01:59 6,656 ac------ c:\windows\system32\dllcache\hcappres.dll
2009-04-29 01:59 2 a------- c:\windows\system32\desktop.ini
2009-04-29 01:59 2 a------- c:\windows\desktop.ini
2009-04-29 01:59 48,680 ---sh--- c:\windows\winnt256.bmp
2009-04-29 01:59 48,680 ---sh--- c:\windows\winnt.bmp
2009-04-29 01:57 73,472 a------- c:\windows\system32\drivers\sr.sys
2009-04-29 01:56 37 a------- c:\windows\vbaddin.ini
2009-04-29 01:56 36 a------- c:\windows\vb.ini
2009-04-29 01:54 65,832 a------- c:\windows\Santa Fe Stucco.bmp
2009-04-29 01:53 63,488 a------- c:\windows\system32\wmimgmt.msc
2009-04-29 01:52 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-04-29 01:52 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-04-29 01:29 <DIR> --d----- c:\windows\setup.pss
2009-04-29 00:56 <DIR> --d----- c:\windows\CatRoot
2009-04-29 00:51 <DIR> --d----- c:\program files\GRETECH
2009-04-29 00:45 <DIR> --d----- c:\program files\Synaptics
2009-04-28 21:50 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-04-28 21:50 61,952 a------- c:\windows\system32\kstvtune.ax
2009-04-28 21:50 28,672 a------- c:\windows\system32\vidcap.ax
2009-04-28 21:50 129,536 a------- c:\windows\system32\ksproxy.ax
2009-04-28 21:50 121,984 a------- c:\windows\system32\drivers\usbvideo.sys
2009-04-28 21:50 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-04-28 21:50 43,008 a------- c:\windows\system32\ksxbar.ax
2009-04-28 21:50 20,992 a------- c:\windows\system32\dshowext.ax
2009-04-28 21:50 4,096 a------- c:\windows\system32\ksuser.dll
2009-04-28 21:50 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-04-28 21:50 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-04-28 21:50 74,240 a------- c:\windows\system32\usbui.dll
2009-04-28 21:49 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-04-28 21:49 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-04-28 21:49 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-04-28 21:49 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-04-28 21:47 8,192 ac------ c:\windows\system32\dllcache\kbdhept.dll
2009-04-28 21:47 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-04-28 21:46 13,753 a----r-- c:\windows\SET8.tmp
2009-04-28 21:46 1,086,058 a----r-- c:\windows\SET4.tmp
2009-04-28 21:46 1,042,903 a----r-- c:\windows\SET3.tmp
2009-04-28 21:45 560 a------- c:\windows\system32\$winnt$.inf
2009-04-28 21:38 <DIR> --d----- c:\windows\Provisioning
2009-04-28 21:38 <DIR> --d----- c:\windows\PeerNet
2009-04-28 03:41 <DIR> --d----- c:\windows\system32\bits
2009-04-28 03:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-28 02:50 <DIR> --d----- c:\windows\nview
2009-04-28 01:32 822,272 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-04-28 00:45 245,376 a------- c:\windows\system32\drivers\rt2500usb.sys
2009-04-28 00:45 <DIR> --d----- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-27 23:52 <DIR> --d----- C:\Linksys Driver
2009-04-27 23:21 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-27 22:04 <DIR> --d----- c:\program files\common files\SupportSoft
2009-04-27 16:33 <DIR> --d----- c:\windows\system32\Logfiles
2009-04-27 16:32 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-27 01:17 <DIR> --d----- c:\program files\Application Compatibility Toolkit
2009-04-27 01:16 <DIR> --d----- c:\program files\Support Tools
2009-04-27 01:15 <DIR> --d----- c:\program files\Citrix
2009-04-27 00:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-27 00:47 <DIR> --d----- c:\program files\Broadcom
2009-04-27 00:46 <DIR> --d----- c:\program files\HP 1.3MP Webcam
2009-04-27 00:46 <DIR> --d----- c:\program files\HP Wireless Laser Mini Mouse
2009-04-27 00:44 <DIR> --d----- c:\program files\HPQ
2009-04-27 00:44 <DIR> --d----- c:\program files\HP
2009-04-27 00:43 <DIR> --d----- c:\windows\_PrimaxInstallTempDir0
2009-04-27 00:43 <DIR> --d----- c:\program files\HP Optical USB Mobile Mouse
2009-04-27 00:43 <DIR> --d----- c:\temp\AT89
2009-04-27 00:43 <DIR> --d----- C:\TEMP
2009-04-27 00:42 <DIR> --d----- c:\program files\HP DVB-T TV Tuner
2009-04-27 00:42 <DIR> --d----- C:\Drivers
2009-04-27 00:42 <DIR> --d----- C:\SWSetup
2009-04-27 00:40 <DIR> --dsh--- c:\windows\Installer
2009-04-27 00:35 <DIR> --d----- c:\windows\system32\xircom
2009-04-27 00:34 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-04-27 00:34 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-27 00:34 <DIR> --d----- c:\windows\srchasst
2009-04-27 00:34 <DIR> --d----- c:\windows\system32\DirectX
2009-04-27 00:34 774,144 ac------ c:\windows\system32\dllcache\setup_wm.exe
2009-04-27 00:34 73,728 ac------ c:\windows\system32\dllcache\wmplayer.exe
2009-04-27 00:33 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-27 00:32 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-27 00:32 <DIR> --d----- c:\program files\Online Services
2009-04-27 00:32 <DIR> --d----- c:\program files\Messenger
2009-04-27 00:32 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-27 00:32 <DIR> --d----- c:\program files\Windows NT
2009-04-26 20:23 <DIR> --d----- c:\program files\common files\ODBC
2009-04-26 20:23 <DIR> --d----- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2009-05-04 04:53 78,883 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 01:57 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 16:20:27.96 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 5/5/2009 3:48:20 PM (1 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion™ 64 X2 Mobile Technology TL-50 | Socket S1 | 1607/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 103.014 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30B7103C&REV_01\4&3A3249AB&0&2A80
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30B7103C&REV_0A\4&3A3249AB&0&2B80
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_30B7103C&REV_05\4&3A3249AB&0&2C80
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_30B7103C&REV_05\4&3A3249AB&0&2C80
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AusLogics BoostSpeed
Broadcom 802.11 Wireless LAN Adapter
CCleaner (remove only)
Conexant HD Audio
FrostWire 4.17.2
GOM Player
HP Help and Support
HP Pavilion Webcam
HP Product Detection
HP Quick Launch Buttons 6.10 B9
HP Update
HP Webcam
HP Wireless Assistant
Java™ 6 Update 13
Java™ 6 Update 5
Malwarebytes' Anti-Malware
NVIDIA Drivers
Soft Data Fax Modem with SmartCP
WebFldrs XP
Windows XP Service Pack 3
Zipeg

==== Event Viewer Messages From Past Week ========

5/5/2009 3:48:50 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
5/5/2009 3:45:52 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
5/5/2009 3:45:52 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\Avira\ANTIVI~1\avconfig.exe. Reference error message: The operation completed successfully. .
5/5/2009 3:45:52 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
5/5/2009 3:45:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Avira\AntiVir Desktop\shlext.dll. Reference error message: The operation completed successfully. .

==== End Of File ===========================

Attached Files


Edited by Kenneth Woel, 05 May 2009 - 03:24 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:32 PM

Posted 18 May 2009 - 03:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 May 2009 - 08:17 PM

My DDS.Txt is provided below & my zip "attach" file is attached:



DDS (Ver_09-05-14.01) - NTFSx86
Run by Kenny at 21:12:11.48 on Mon 05/18/2009
Internet Explorer: 6.0.2900.3300
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1554 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kenny\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenny\applic~1\mozilla\firefox\profiles\msbty7vz.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-4 26624]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-3 55640]
S0 ffntavg;ffntavg; [x]
S0 muglty;muglty; [x]
S0 nsjia;nsjia; [x]
S0 PSBoot;Panda boot driver; [x]

=============== Created Last 30 ================

2009-05-17 18:10 161,792 a------- c:\windows\SWREG.exe
2009-05-17 18:10 98,816 a------- c:\windows\sed.exe
2009-05-17 18:09 <DIR> --d----- C:\ComboFix
2009-05-17 15:47 <DIR> --d----- c:\program files\Avira
2009-05-17 15:47 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-05-11 01:48 <DIR> --d----- c:\docume~1\kenny\applic~1\Auslogics
2009-05-10 15:14 <DIR> --d----- c:\docume~1\kenny\applic~1\OpenOffice.org
2009-05-10 15:09 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-05-09 22:12 587 a------- c:\windows\system32\runrefog.lnk
2009-05-09 22:12 587 a------- c:\windows\system32\runkgb.lnk
2009-05-09 22:12 <DIR> --dsh--- c:\windows\system32\MPK
2009-05-09 22:12 <DIR> --dsh--- c:\docume~1\alluse~1.win\applic~1\MPK
2009-05-09 21:33 <DIR> --d----- c:\program files\common files\HP
2009-05-09 21:32 48,640 a------- c:\windows\system32\hpzll4pi.dll
2009-05-09 21:32 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-05-09 21:32 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-05-09 21:32 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-05-09 21:32 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-05-09 21:32 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-05-09 21:32 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-05-09 21:32 306,688 a------- c:\windows\IsUninst.exe
2009-05-09 21:31 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-05-09 21:31 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-09 21:30 123,996 a------- c:\windows\HPHins12.dat
2009-05-09 21:30 14,916 -------- c:\windows\hphmdl12.dat
2009-05-09 21:14 784 ---sh--- c:\windows\system\actualspystart.lnk
2009-05-08 01:43 <DIR> --d----- c:\docume~1\kenny\applic~1\com.zipeg
2009-05-05 22:02 <DIR> --d----- c:\docume~1\kenny\applic~1\BitTorrent
2009-05-05 16:57 <DIR> --d----- c:\docume~1\kenny\applic~1\Malwarebytes
2009-05-05 16:07 <DIR> --ds---- c:\documents and settings\kenny\UserData
2009-05-05 15:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-05 15:48 <DIR> --d----- c:\documents and settings\Kenny
2009-05-05 15:21 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-05-05 03:19 <DIR> --d----- c:\program files\Yahoo!
2009-05-04 17:26 <DIR> --d----- c:\windows\pss
2009-05-04 17:06 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-04 05:23 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-04 05:23 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-05-04 04:50 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-05-04 04:49 <DIR> --d----- c:\windows\network diagnostic
2009-05-04 04:49 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-04 04:49 19,569 a------- c:\windows\002770_.tmp
2009-05-04 02:28 <DIR> a-dshr-- C:\cmdcons
2009-05-04 02:17 <DIR> --d----- c:\program files\trend micro
2009-05-04 01:41 26,624 a------- c:\windows\system32\drivers\fsbts.sys
2009-05-04 01:08 <DIR> --d----- c:\program files\CCleaner
2009-05-03 21:18 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-03 19:16 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-03 19:16 <DIR> --d----- c:\windows\system32\796525
2009-05-03 17:57 <DIR> --d----- c:\program files\FrostWire
2009-05-03 17:49 22,528 a------- c:\windows\system32\wsock32.dlb
2009-05-03 17:49 205,560 a------- c:\windows\UNBOC.EXE
2009-05-03 17:49 212,728 a------- c:\windows\CMDLIC.DLL
2009-05-03 17:49 <DIR> --d----- c:\program files\Comodo
2009-05-01 02:36 0 a------- c:\windows\system32\commonpriv.log.lock
2009-05-01 02:20 <DIR> --d----- c:\windows\ERUNT
2009-05-01 01:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 01:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 01:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-01 01:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-01 01:01 947 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-04-29 23:30 <DIR> --d----- c:\program files\AVG
2009-04-29 21:53 2,422 a------- c:\windows\system32\wpa.bak
2009-04-29 21:36 <DIR> --d----- c:\program files\DNA
2009-04-29 21:36 <DIR> --d----- c:\program files\BitTorrent
2009-04-29 20:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Panda Security
2009-04-29 20:20 <DIR> --d----- c:\program files\Auslogics
2009-04-29 15:42 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-29 03:46 51,048 a------- c:\windows\system32\nvapps.xml
2009-04-29 03:46 208,896 a------- c:\windows\system32\nvudisp.exe
2009-04-29 03:46 16,960 a------- c:\windows\system32\nvdisp.nvu
2009-04-29 03:39 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-29 03:25 102,400 a------- c:\windows\system32\vsnp2uvc.dll
2009-04-29 03:25 102,400 a------- c:\windows\HPWebcam.exe
2009-04-29 03:25 53,248 a------- c:\windows\csnp2uvc.dll
2009-04-29 03:25 47,744 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-04-29 03:25 26,880 a------- c:\windows\system32\drivers\sncduvc.sys
2009-04-29 03:24 53,248 a------- c:\windows\system32\CSVer.dll
2009-04-29 03:24 <DIR> --d----- C:\Intel
2009-04-29 03:22 <DIR> --d----- c:\program files\Zipeg
2009-04-29 03:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvuide.exe
2009-04-29 03:17 1,570 -------- c:\windows\system32\nvide.nvu
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvunrm.exe
2009-04-29 03:17 101,888 a------- c:\windows\system32\drivers\nvtcp.sys
2009-04-29 03:17 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-04-29 03:17 208,896 a------- c:\windows\system32\nvusmb.exe
2009-04-29 03:17 1,231 a------- c:\windows\system32\nvsmb.nvu
2009-04-29 03:15 <DIR> --d----- c:\windows\Sminst
2009-04-29 03:08 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-04-29 03:08 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-29 03:08 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-04-29 03:08 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-04-29 03:08 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-04-29 03:08 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-04-29 03:08 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-04-29 03:08 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-04-29 03:08 <DIR> --d----- c:\program files\CONEXANT
2009-04-29 03:08 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-04-29 03:07 192,512 a------- c:\windows\VimicroCam.exe
2009-04-29 03:07 73,728 a------- c:\windows\VMInstNT.exe
2009-04-29 03:07 40,960 a------- c:\windows\VM303UninstNT.exe
2009-04-29 03:07 15,086 a------- c:\windows\uninstall.ico
2009-04-29 03:07 8,990 a------- c:\windows\Product.ico
2009-04-29 03:05 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-04-29 03:05 28,510 a------- c:\windows\system32\oeminfo.ini
2009-04-29 03:05 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-04-29 03:05 9,472 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-04-29 03:05 8,192 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-04-29 03:05 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-04-29 03:05 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-04-29 03:04 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-29 03:04 <DIR> --d----- c:\windows\_PrimaxInstallTempDir1
2009-04-29 03:04 229,376 -------- c:\windows\system32\PMUNINST.EXE
2009-04-29 02:22 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-04-29 02:22 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-04-29 02:22 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-04-29 02:22 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2009-04-29 02:22 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-04-29 02:20 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-04-29 02:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-29 02:12 19,528 a------- c:\windows\000001_.tmp
2009-04-29 02:12 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-29 02:11 <DIR> --d----- c:\windows\EHome
2009-04-29 02:07 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-29 02:06 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-04-29 02:06 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-04-29 02:06 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-04-29 02:04 5,632 ac------ c:\windows\system32\dllcache\kbdvntc.dll
2009-04-29 02:03 66,594 ac------ c:\windows\system32\dllcache\c_864.nls
2009-04-29 02:02 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-04-29 02:01 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-29 02:01 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-29 02:01 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-29 02:01 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-04-29 01:59 11,264 ac------ c:\windows\system32\dllcache\atrace.dll
2009-04-29 01:59 11,264 a------- c:\windows\system32\atrace.dll
2009-04-29 01:59 99,840 ac------ c:\windows\system32\dllcache\helphost.exe
2009-04-29 01:59 35,328 ac------ c:\windows\system32\dllcache\notiflag.exe
2009-04-29 01:59 21,504 ac------ c:\windows\system32\dllcache\brpinfo.dll
2009-04-29 01:59 6,656 ac------ c:\windows\system32\dllcache\hcappres.dll
2009-04-29 01:59 2 a------- c:\windows\system32\desktop.ini
2009-04-29 01:59 2 a------- c:\windows\desktop.ini
2009-04-29 01:59 48,680 ---sh--- c:\windows\winnt256.bmp
2009-04-29 01:59 48,680 ---sh--- c:\windows\winnt.bmp
2009-04-29 01:57 73,472 a------- c:\windows\system32\drivers\sr.sys
2009-04-29 01:56 37 a------- c:\windows\vbaddin.ini
2009-04-29 01:56 36 a------- c:\windows\vb.ini
2009-04-29 01:54 65,832 a------- c:\windows\Santa Fe Stucco.bmp
2009-04-29 01:53 63,488 a------- c:\windows\system32\wmimgmt.msc
2009-04-29 01:52 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-04-29 01:52 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-04-29 01:29 <DIR> --d----- c:\windows\setup.pss
2009-04-29 00:56 <DIR> --d----- c:\windows\CatRoot
2009-04-29 00:51 <DIR> --d----- c:\program files\GRETECH
2009-04-29 00:45 <DIR> --d----- c:\program files\Synaptics
2009-04-28 21:50 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-04-28 21:50 61,952 a------- c:\windows\system32\kstvtune.ax
2009-04-28 21:50 28,672 a------- c:\windows\system32\vidcap.ax
2009-04-28 21:50 129,536 a------- c:\windows\system32\ksproxy.ax
2009-04-28 21:50 121,984 a------- c:\windows\system32\drivers\usbvideo.sys
2009-04-28 21:50 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-04-28 21:50 43,008 a------- c:\windows\system32\ksxbar.ax
2009-04-28 21:50 20,992 a------- c:\windows\system32\dshowext.ax
2009-04-28 21:50 4,096 a------- c:\windows\system32\ksuser.dll
2009-04-28 21:50 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-04-28 21:50 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-04-28 21:50 74,240 a------- c:\windows\system32\usbui.dll
2009-04-28 21:49 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-04-28 21:49 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-04-28 21:49 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-04-28 21:49 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-04-28 21:47 8,192 ac------ c:\windows\system32\dllcache\kbdhept.dll
2009-04-28 21:47 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-04-28 21:46 13,753 a----r-- c:\windows\SET8.tmp
2009-04-28 21:46 1,086,058 a----r-- c:\windows\SET4.tmp
2009-04-28 21:46 1,042,903 a----r-- c:\windows\SET3.tmp
2009-04-28 21:45 560 a------- c:\windows\system32\$winnt$.inf
2009-04-28 21:38 <DIR> --d----- c:\windows\Provisioning
2009-04-28 21:38 <DIR> --d----- c:\windows\PeerNet
2009-04-28 03:41 <DIR> --d----- c:\windows\system32\bits
2009-04-28 03:26 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-28 02:50 <DIR> --d----- c:\windows\nview
2009-04-28 01:32 822,272 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-04-28 00:45 245,376 a------- c:\windows\system32\drivers\rt2500usb.sys
2009-04-28 00:45 <DIR> --d----- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-27 23:52 <DIR> --d----- C:\Linksys Driver
2009-04-27 23:21 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-27 22:04 <DIR> --d----- c:\program files\common files\SupportSoft
2009-04-27 16:33 <DIR> --d----- c:\windows\system32\Logfiles
2009-04-27 16:32 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-27 01:17 <DIR> --d----- c:\program files\Application Compatibility Toolkit
2009-04-27 01:16 <DIR> --d----- c:\program files\Support Tools
2009-04-27 01:15 <DIR> --d----- c:\program files\Citrix
2009-04-27 00:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-27 00:47 <DIR> --d----- c:\program files\Broadcom
2009-04-27 00:46 <DIR> --d----- c:\program files\HP 1.3MP Webcam
2009-04-27 00:46 <DIR> --d----- c:\program files\HP Wireless Laser Mini Mouse
2009-04-27 00:44 <DIR> --d----- c:\program files\HPQ
2009-04-27 00:44 <DIR> --d----- c:\program files\HP
2009-04-27 00:43 <DIR> --d----- c:\windows\_PrimaxInstallTempDir0
2009-04-27 00:43 <DIR> --d----- c:\program files\HP Optical USB Mobile Mouse
2009-04-27 00:43 <DIR> --d----- c:\temp\AT89
2009-04-27 00:43 <DIR> --d----- C:\TEMP
2009-04-27 00:42 <DIR> --d----- c:\program files\HP DVB-T TV Tuner
2009-04-27 00:42 <DIR> --d----- C:\Drivers
2009-04-27 00:42 <DIR> --d----- C:\SWSetup
2009-04-27 00:40 <DIR> --dsh--- c:\windows\Installer
2009-04-27 00:35 <DIR> --d----- c:\windows\system32\xircom
2009-04-27 00:34 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-04-27 00:34 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-27 00:34 <DIR> --d----- c:\windows\srchasst
2009-04-27 00:34 <DIR> --d----- c:\windows\system32\DirectX
2009-04-27 00:34 774,144 ac------ c:\windows\system32\dllcache\setup_wm.exe
2009-04-27 00:34 73,728 ac------ c:\windows\system32\dllcache\wmplayer.exe
2009-04-27 00:33 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-27 00:32 <DIR> --d----- c:\program files\Online Services
2009-04-27 00:32 <DIR> --d----- c:\program files\Messenger
2009-04-27 00:32 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-27 00:32 <DIR> --d----- c:\program files\Windows NT
2009-04-26 20:23 <DIR> --d----- c:\program files\common files\ODBC
2009-04-26 20:23 <DIR> --d----- c:\program files\common files\SpeechEngines

==================== Find3M ====================

2009-05-04 04:53 78,883 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-29 01:57 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:12:26.01 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 20 May 2009 - 09:05 PM

Hello, Kenneth Woel :thumbup2:
Please post the contents of the file C:\ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 20 May 2009 - 09:06 PM

ComboFix 08-10-10.07 - Kenny 2009-05-17 18:10:17.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1604 [GMT -4:00]
Running from: C:\Documents and Settings\Kenny\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 15:47 . 2009-05-17 15:47 <DIR> d-------- C:\Program Files\Avira
2009-05-17 15:47 . 2009-05-17 15:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2009-05-17 15:06 . 2009-05-17 15:06 <DIR> d-------- C:\Program Files\Microsoft Works
2009-05-17 15:04 . 2009-05-17 15:04 <DIR> dr-h----- C:\MSOCache
2009-05-17 15:04 . 2009-05-17 15:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-11 01:48 . 2009-05-11 01:48 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\Auslogics
2009-05-10 15:14 . 2009-05-10 15:14 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\OpenOffice.org
2009-05-10 15:09 . 2009-05-10 15:09 <DIR> d-------- C:\Program Files\OpenOffice.org 3
2009-05-10 15:09 . 2009-05-10 15:09 <DIR> d-------- C:\Program Files\JRE
2009-05-09 22:12 . 2009-05-09 22:12 <DIR> d--hs---- C:\WINDOWS\system32\MPK
2009-05-09 22:12 . 2009-05-17 14:38 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MPK
2009-05-09 22:12 . 2009-05-09 22:12 587 --a------ C:\WINDOWS\system32\runrefog.lnk
2009-05-09 22:12 . 2009-05-09 22:12 587 --a------ C:\WINDOWS\system32\runkgb.lnk
2009-05-09 21:35 . 2009-05-09 21:35 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\HP
2009-05-09 21:35 . 2009-05-09 21:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2009-05-09 21:33 . 2009-05-09 21:33 <DIR> d-------- C:\Program Files\Common Files\HP
2009-05-09 21:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2009-05-09 21:32 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2009-05-09 21:32 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2009-05-09 21:32 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2009-05-09 21:32 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2009-05-09 21:32 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2009-05-09 21:32 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2009-05-09 21:32 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll
2009-05-09 21:31 . 2008-01-25 23:35 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2009-05-09 21:31 . 2008-01-25 23:35 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2009-05-09 21:30 . 2009-05-09 21:35 123,996 --a------ C:\WINDOWS\HPHins12.dat
2009-05-09 21:30 . 2006-06-12 18:21 14,916 --------- C:\WINDOWS\hphmdl12.dat
2009-05-09 21:14 . 2009-05-09 21:59 784 ---hs---- C:\WINDOWS\system\actualspystart.lnk
2009-05-08 01:43 . 2009-05-14 21:06 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\com.zipeg
2009-05-05 22:02 . 2009-05-17 18:10 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\BitTorrent
2009-05-05 21:57 . 2009-05-05 21:57 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\GRETECH
2009-05-05 16:57 . 2009-05-05 16:57 <DIR> d-------- C:\Documents and Settings\Kenny\Application Data\Malwarebytes
2009-05-05 16:07 . 2009-05-05 16:07 <DIR> d---s---- C:\Documents and Settings\Kenny\UserData
2009-05-05 15:58 . 2009-05-05 15:58 410,984 --a------ C:\WINDOWS\system32\deploytk.dll
2009-05-05 15:48 . 2009-05-05 16:07 <DIR> d-------- C:\Documents and Settings\Kenny
2009-05-05 15:21 . 2009-05-05 15:21 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2009-05-05 03:19 . 2009-05-05 03:20 <DIR> d-------- C:\Program Files\Yahoo!
2009-05-04 17:06 . 2009-05-04 17:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2009-05-04 05:23 . 2009-05-04 05:23 <DIR> d-------- C:\Program Files\Alwil Software
2009-05-04 05:23 . 2003-03-18 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2009-05-04 05:23 . 2003-03-18 14:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2009-05-04 04:50 . 2008-01-26 06:57 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2009-05-04 04:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002770_.tmp
2009-05-04 04:49 . 2008-01-25 23:29 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2009-05-04 02:17 . 2009-05-04 02:17 <DIR> d-------- C:\rsit
2009-05-04 02:17 . 2009-05-05 16:40 <DIR> d-------- C:\Program Files\trend micro
2009-05-04 01:41 . 2009-05-04 01:41 26,624 --a------ C:\WINDOWS\system32\drivers\fsbts.sys
2009-05-04 01:08 . 2009-05-05 03:19 <DIR> d-------- C:\Program Files\CCleaner
2009-05-03 21:18 . 2009-03-24 16:08 55,640 --a------ C:\WINDOWS\system32\drivers\avgntflt.sys
2009-05-03 19:16 . 2009-05-03 20:25 <DIR> d-------- C:\WINDOWS\system32\796525
2009-05-03 19:16 . 2009-05-03 19:16 1 --a------ C:\WINDOWS\9g2234wesdf3dfgjf23
2009-05-03 17:57 . 2009-05-03 17:58 <DIR> d-------- C:\Program Files\FrostWire
2009-05-03 17:49 . 2009-05-03 22:34 <DIR> d-------- C:\Program Files\Comodo
2009-05-03 17:49 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2009-05-03 17:49 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2009-05-03 17:49 . 2004-08-04 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2009-05-03 17:47 . 2009-05-03 17:47 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2009-05-03 17:47 . 2009-05-03 17:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2009-05-03 17:42 . 2009-05-03 20:31 <DIR> d-------- C:\Program Files\NOS
2009-05-03 17:42 . 2009-05-03 20:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2009-05-01 02:36 . 2009-05-01 02:36 0 --a------ C:\WINDOWS\system32\commonpriv.log.lock
2009-05-01 02:20 . 2009-05-01 02:20 <DIR> d-------- C:\WINDOWS\ERUNT
2009-05-01 01:35 . 2009-05-01 02:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-01 01:35 . 2009-05-01 01:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-01 01:35 . 2009-04-06 15:32 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-01 01:35 . 2009-04-06 15:32 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-05-01 01:31 . 2009-05-05 14:39 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-05-01 01:01 . 2009-05-05 14:41 947 --a------ C:\WINDOWS\system32\BIN_STRSBW.SPT
2009-04-29 23:30 . 2009-04-29 23:30 <DIR> d-------- C:\Program Files\AVG
2009-04-29 21:53 . 2009-04-29 21:53 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2009-04-29 21:36 . 2009-05-04 09:48 <DIR> d-------- C:\Program Files\DNA
2009-04-29 21:36 . 2009-04-29 21:37 <DIR> d-------- C:\Program Files\BitTorrent
2009-04-29 20:49 . 2009-04-29 20:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Panda Security
2009-04-29 20:20 . 2009-04-29 20:20 <DIR> d-------- C:\Program Files\Auslogics
2009-04-29 15:42 . 2009-04-29 15:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-04-29 15:42 . 2008-01-26 06:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2009-04-29 03:46 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2009-04-29 03:46 . 2009-05-04 09:48 51,048 --a------ C:\WINDOWS\system32\nvapps.xml
2009-04-29 03:46 . 2006-07-20 20:58 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2009-04-29 03:45 . 2009-04-29 03:45 0 --a------ C:\WINDOWS\nsreg.dat
2009-04-29 03:39 . 2009-04-29 03:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2009-04-29 03:25 . 2006-05-30 19:14 102,400 --a------ C:\WINDOWS\system32\vsnp2uvc.dll
2009-04-29 03:25 . 2006-06-27 18:31 102,400 --a------ C:\WINDOWS\HPWebcam.exe
2009-04-29 03:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnp2uvc.dll
2009-04-29 03:25 . 2006-07-06 10:28 47,744 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys
2009-04-29 03:25 . 2006-05-11 17:31 26,880 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys
2009-04-29 03:24 . 2009-04-29 03:24 <DIR> d-------- C:\Program Files\Intel
2009-04-29 03:24 . 2009-04-29 03:24 <DIR> d-------- C:\Intel
2009-04-29 03:24 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2009-04-29 03:22 . 2009-05-09 22:08 <DIR> d-------- C:\Program Files\Zipeg
2009-04-29 03:22 . 2009-05-05 15:58 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2009-04-29 03:20 . 2009-04-29 03:20 <DIR> d-------- C:\Program Files\Common Files\Java
2009-04-29 03:17 . 2006-07-20 23:21 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2009-04-29 03:17 . 2006-07-20 23:21 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2009-04-29 03:17 . 2006-07-20 23:21 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2009-04-29 03:17 . 2006-03-03 00:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2009-04-29 03:17 . 2006-02-19 22:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2009-04-29 03:17 . 2005-12-08 11:06 1,570 --------- C:\WINDOWS\system32\nvide.nvu
2009-04-29 03:17 . 2005-02-08 13:26 1,231 --a------ C:\WINDOWS\system32\nvsmb.nvu
2009-04-29 03:15 . 2009-04-29 03:15 <DIR> d-------- C:\WINDOWS\Sminst
2009-04-29 03:08 . 2009-04-29 03:12 <DIR> d-------- C:\Program Files\CONEXANT
2009-04-29 03:08 . 2008-01-25 23:35 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2009-04-29 03:08 . 2008-01-25 21:26 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2009-04-29 03:08 . 2008-01-26 00:07 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2009-04-29 03:08 . 2008-01-26 00:06 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2009-04-29 03:08 . 2008-01-25 23:35 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2009-04-29 03:08 . 2008-01-25 23:35 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2009-04-29 03:08 . 2008-01-25 23:34 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2009-04-29 03:08 . 2008-01-25 23:35 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2009-04-29 03:08 . 2008-01-25 23:35 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2009-04-29 03:07 . 2006-06-05 13:44 192,512 --a------ C:\WINDOWS\VimicroCam.exe
2009-04-29 03:07 . 2006-06-08 11:25 73,728 --a------ C:\WINDOWS\VMInstNT.exe
2009-04-29 03:07 . 2006-08-21 21:13 40,960 --a------ C:\WINDOWS\VM303UninstNT.exe
2009-04-29 03:07 . 2002-02-26 18:47 15,086 --a------ C:\WINDOWS\uninstall.ico
2009-04-29 03:07 . 2005-09-29 16:26 8,990 --a------ C:\WINDOWS\Product.ico
2009-04-29 03:05 . 2006-08-18 15:56 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns_64.dll
2009-04-29 03:05 . 2006-06-30 05:46 1,560,576 --a------ C:\WINDOWS\system32\BttnCmns.dll
2009-04-29 03:05 . 2005-10-31 14:30 987,136 --a------ C:\WINDOWS\system32\BttnCmn.dll
2009-04-29 03:05 . 2006-08-21 10:39 28,510 --a------ C:\WINDOWS\system32\oeminfo.ini
2009-04-29 03:05 . 2008-01-25 23:28 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2009-04-29 03:05 . 2006-06-28 09:54 9,472 --a------ C:\WINDOWS\system32\drivers\CPQBttn.sys
2009-04-29 03:05 . 2006-06-28 09:57 8,192 --a------ C:\WINDOWS\system32\drivers\eabfiltr.sys
2009-04-29 03:04 . 2009-04-29 03:04 <DIR> d-------- C:\WINDOWS\_PrimaxInstallTempDir1
2009-04-29 03:04 . 2006-01-03 15:21 229,376 --------- C:\WINDOWS\system32\PMUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 01:35 --------- d-----w C:\Program Files\HP
2009-05-10 01:33 --------- d-----w C:\Program Files\Hewlett-Packard
2009-04-28 04:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-04-27 04:47 --------- d-----w C:\Program Files\DIFX
2009-04-27 04:47 --------- d-----w C:\Program Files\Broadcom
2009-04-27 04:46 --------- d-----w C:\Program Files\HP Wireless Laser Mini Mouse
2009-04-27 04:46 --------- d-----w C:\Program Files\HP 1.3MP Webcam
2009-04-27 04:44 --------- d-----w C:\Program Files\HPQ
2009-04-27 04:44 --------- d-----w C:\Program Files\Common Files\LightScribe
2009-04-27 04:43 --------- d-----w C:\Program Files\HP Optical USB Mobile Mouse
2009-04-27 04:42 --------- d-----w C:\Program Files\HP DVB-T TV Tuner
2009-04-27 04:35 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ C:\WINDOWS\system32\rundll62.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
backup=C:\WINDOWS\pss\HP Pavilion Webcam Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-04-29 21:36 321344 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-20 20:58 7581696 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-10-19 13:28 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"XAudioService"=2 (0x2)
"WinDefend"=2 (0x2)
"sp_rssrv"=2 (0x2)
"NVSvc"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AddFiltr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 fsbts;fsbts;C:\WINDOWS\system32\Drivers\fsbts.sys [2009-05-04 26624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-05 152984]
R4 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5c4e05-32e5-11de-8bdf-ba7100ba51b8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-3-65-100018702-100031751-100005790-8569.com e:\
\Shell\Open\command - RECYCLER\S-9-3-65-100018702-100031751-100005790-8569.com e:\
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-573735546-725345543-1004.job
- C:\Documents and Settings\Kenneth Woel.KENNETH-135DC3C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-SpywareTerminator - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kenny\Application Data\Mozilla\Firefox\Profiles\msbty7vz.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 18:10:29
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-05-17 18:10:59
ComboFix-quarantined-files.txt 2009-05-17 22:10:57

Pre-Run: 101,688,283,136 bytes free
Post-Run: 101,686,071,296 bytes free

240

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 20 May 2009 - 09:27 PM

Hello, Kenneth Woel :thumbup2:
Why on earth are you using a copy of ComboFix from back in October? It should ALWAYS be downloaded each time it is used. Updates are put up multiple times per day.

This is exactly why the following is the case:

ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please downlaod and run a fresh copy as follows:

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 20 May 2009 - 09:39 PM

Sorry......never noticed. COMBOFIX.TXT:

ComboFix 09-05-20.A0 - Kenny 05/20/2009 22:32.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1664 [GMT -4:00]
Running from: c:\documents and settings\Kenny\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcodtrunadkvytnftdbncsqdwiwnuqmyqf.sys
c:\windows\system32\gxvxcajhaofbfhuobjobacefkapagsndalrlo.dll
c:\windows\system32\gxvxccounter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\program files\Avira
2009-05-17 19:06 . 2009-05-17 19:06 -------- d-----w c:\program files\Microsoft Works
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:04 -------- d--h--r C:\MSOCache
2009-05-17 06:09 . 2009-05-17 06:09 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Identities
2009-05-11 05:48 . 2009-05-11 05:48 -------- d-----w c:\documents and settings\Kenny\Application Data\Auslogics
2009-05-10 19:14 . 2009-05-10 19:14 -------- d-----w c:\documents and settings\Kenny\Application Data\OpenOffice.org
2009-05-10 19:09 . 2009-05-10 19:09 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-10 02:12 . 2009-05-17 18:38 -------- d-sh--w c:\documents and settings\All Users.WINDOWS\Application Data\MPK
2009-05-10 02:12 . 2009-05-10 02:12 -------- d-sh--w c:\windows\system32\MPK
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\Kenny\Application Data\HP
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-05-10 01:33 . 2009-05-10 01:33 -------- d-----w c:\program files\Common Files\HP
2009-05-10 01:32 . 2006-06-04 01:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-10 01:32 . 2006-03-04 01:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-05-10 01:32 . 2006-03-04 01:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-05-10 01:32 . 2006-03-04 01:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-05-10 01:32 . 2006-03-04 01:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-05-10 01:32 . 2006-03-04 01:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-05-10 01:32 . 2006-03-04 01:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-05-10 01:32 . 1998-10-29 20:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-10 01:31 . 2008-01-26 03:35 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 01:31 . 2008-01-26 03:35 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-10 01:30 . 2009-05-10 01:35 123996 ----a-w c:\windows\HPHins12.dat
2009-05-10 01:30 . 2006-06-12 22:21 14916 ------w c:\windows\hphmdl12.dat
2009-05-10 01:30 . 2009-05-11 05:42 17672 ----a-w c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 05:43 . 2009-05-15 01:06 -------- d-----w c:\documents and settings\Kenny\Application Data\com.zipeg
2009-05-08 05:43 . 2009-05-08 05:43 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\com.zipeg
2009-05-06 02:02 . 2009-05-21 02:30 -------- d-----w c:\documents and settings\Kenny\Application Data\BitTorrent
2009-05-06 01:58 . 2009-05-06 09:02 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Adobe
2009-05-06 01:57 . 2009-05-06 01:57 -------- d-----w c:\documents and settings\Kenny\Application Data\GRETECH
2009-05-05 20:57 . 2009-05-05 20:57 -------- d-----w c:\documents and settings\Kenny\Application Data\Malwarebytes
2009-05-05 20:32 . 2009-05-05 20:32 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Mozilla
2009-05-05 20:26 . 2009-05-05 20:28 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Google
2009-05-05 20:07 . 2009-05-05 20:07 -------- d-s---w c:\documents and settings\Kenny\UserData
2009-05-05 19:58 . 2009-05-05 19:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 19:48 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft
2009-05-05 19:48 . 2009-05-05 20:07 -------- d-----w c:\documents and settings\Kenny
2009-05-05 19:21 . 2009-05-05 19:21 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-05 07:19 . 2009-05-05 07:20 -------- d-----w c:\program files\Yahoo!
2009-05-04 21:06 . 2009-05-04 21:30 -------- d-----w c:\windows\SxsCaPendDel
2009-05-04 09:23 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-04 09:23 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-05-04 09:23 . 2009-05-04 09:23 -------- d-----w c:\program files\Alwil Software
2009-05-04 08:50 . 2008-01-26 10:57 294912 -c----w c:\windows\system32\dllcache\dlimport.exe
2009-05-04 08:49 . 2008-01-26 03:29 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-05-04 06:17 . 2009-05-05 20:40 -------- d-----w c:\program files\trend micro
2009-05-04 06:17 . 2009-05-04 06:17 -------- d-----w C:\rsit
2009-05-04 05:41 . 2009-05-04 05:41 26624 ----a-w c:\windows\system32\drivers\fsbts.sys
2009-05-04 05:08 . 2009-05-05 07:19 -------- d-----w c:\program files\CCleaner
2009-05-04 01:18 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-03 23:16 . 2009-05-04 00:25 -------- d-----w c:\windows\system32\796525
2009-05-03 21:57 . 2009-05-03 21:58 -------- d-----w c:\program files\FrostWire
2009-05-03 21:49 . 2008-07-14 09:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-03 21:49 . 2008-07-14 09:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-03 21:49 . 2009-05-04 02:34 -------- d-----w c:\program files\Comodo
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\program files\NOS
2009-05-01 06:20 . 2009-05-01 06:20 -------- d-----w c:\windows\ERUNT
2009-05-01 05:35 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 05:35 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 05:35 . 2009-05-01 05:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-01 05:35 . 2009-05-01 06:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 05:31 . 2009-05-05 18:39 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-30 03:30 . 2009-04-30 03:30 -------- d-----w c:\program files\AVG
2009-04-30 01:36 . 2009-05-04 13:48 -------- d-----w c:\program files\DNA
2009-04-30 01:36 . 2009-04-30 01:37 -------- d-----w c:\program files\BitTorrent
2009-04-30 00:49 . 2009-04-30 00:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
2009-04-30 00:20 . 2009-04-30 00:20 -------- d-----w c:\program files\Auslogics
2009-04-29 19:42 . 2009-04-29 19:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-04-29 19:42 . 2008-01-26 10:57 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-29 07:46 . 2006-07-21 00:58 208896 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 07:45 . 2009-04-29 07:45 0 ----a-w c:\windows\nsreg.dat
2009-04-29 07:39 . 2009-04-29 07:39 -------- d-----w c:\windows\Downloaded Installations
2009-04-29 07:25 . 2006-06-27 22:31 102400 ----a-w c:\windows\HPWebcam.exe
2009-04-29 07:25 . 2006-05-11 21:31 26880 ----a-w c:\windows\system32\drivers\sncduvc.sys
2009-04-29 07:25 . 2006-07-06 14:28 47744 ----a-w c:\windows\system32\drivers\snp2uvc.sys
2009-04-29 07:25 . 2006-05-30 23:14 102400 ----a-w c:\windows\system32\vsnp2uvc.dll
2009-04-29 07:25 . 2005-11-23 17:55 53248 ----a-w c:\windows\csnp2uvc.dll
2009-04-29 07:24 . 2008-03-26 15:15 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w c:\program files\Intel
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w C:\Intel
2009-04-29 07:22 . 2009-05-10 02:08 -------- d-----w c:\program files\Zipeg
2009-04-29 07:20 . 2009-04-29 07:20 -------- d-----w c:\program files\Common Files\Java
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvuide.exe
2009-04-29 07:17 . 2006-03-03 04:30 101888 ----a-w c:\windows\system32\drivers\nvtcp.sys
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvunrm.exe
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvusmb.exe
2009-04-29 07:15 . 2009-04-29 07:15 -------- d-----w c:\windows\Sminst
2009-04-29 07:08 . 2008-01-26 03:35 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-04-29 07:08 . 2008-01-26 04:07 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-04-29 07:08 . 2008-01-26 03:34 52864 ----a-w c:\windows\system32\drivers\dmusic.sys
2009-04-29 07:08 . 2008-01-26 03:35 56576 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-04-29 07:08 . 2008-01-26 01:26 142592 ----a-w c:\windows\system32\drivers\aec.sys
2009-04-29 07:08 . 2008-01-26 03:35 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-04-29 07:08 . 2008-01-26 03:35 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-04-29 07:08 . 2008-01-26 04:06 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-04-29 07:08 . 2009-04-29 07:12 -------- d-----w c:\program files\CONEXANT
2009-04-29 07:08 . 2008-01-26 03:35 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-29 07:07 . 2006-06-05 17:44 192512 ----a-w c:\windows\VimicroCam.exe
2009-04-29 07:07 . 2006-08-22 01:13 40960 ----a-w c:\windows\VM303UninstNT.exe
2009-04-29 07:07 . 2006-06-08 15:25 73728 ----a-w c:\windows\VMInstNT.exe
2009-04-29 07:05 . 2008-01-26 03:28 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-29 07:05 . 2006-06-28 13:54 9472 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-04-29 07:05 . 2006-06-28 13:57 8192 ----a-w c:\windows\system32\drivers\eabfiltr.sys
2009-04-29 07:05 . 2006-08-18 19:56 1560576 ----a-w c:\windows\system32\BttnCmns_64.dll
2009-04-29 07:05 . 2006-06-30 09:46 1560576 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-29 07:05 . 2005-10-31 18:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-29 07:04 . 2008-01-26 03:35 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-29 07:04 . 2006-01-03 19:21 229376 ------w c:\windows\system32\PMUNINST.EXE
2009-04-29 07:04 . 2009-04-29 07:04 -------- d-----w c:\windows\_PrimaxInstallTempDir1
2009-04-29 06:22 . 2003-09-26 02:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-29 06:22 . 2003-10-13 19:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-29 06:20 . 2007-05-02 13:28 356352 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-29 06:12 . 2009-04-29 06:12 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 06:12 . 2007-08-11 00:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-29 06:11 . 2009-05-04 08:48 -------- d-----w c:\windows\EHome
2009-04-29 06:04 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll
2009-04-29 06:03 . 2001-08-18 02:36 45056 -c--a-w c:\windows\system32\dllcache\EXCH_aqadmin.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 01:35 . 2009-04-27 04:44 -------- d-----w c:\program files\HP
2009-05-10 01:33 . 2009-04-27 04:42 -------- d-----w c:\program files\Hewlett-Packard
2009-05-04 08:53 . 2009-04-29 06:02 78883 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-29 06:02 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-29 05:57 . 2009-04-29 05:57 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-28 04:45 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\Broadcom
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\DIFX
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP 1.3MP Webcam
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP Wireless Laser Mini Mouse
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\HPQ
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-27 04:43 . 2009-04-27 04:43 -------- d-----w c:\program files\HP Optical USB Mobile Mouse
2009-04-27 04:42 . 2009-04-27 04:42 -------- d-----w c:\program files\HP DVB-T TV Tuner
2009-04-27 04:35 . 2009-04-27 04:35 -------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
backup=c:\windows\pss\HP Pavilion Webcam Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"XAudioService"=2 (0x2)
"WinDefend"=2 (0x2)
"sp_rssrv"=2 (0x2)
"NVSvc"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AddFiltr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5/4/2009 1:41 AM 26624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 3:47 PM 108289]
S0 ffntavg;ffntavg; [x]
S0 muglty;muglty; [x]
S0 nsjia;nsjia; [x]
S0 PSBoot;Panda boot driver; [x]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\msbty7vz.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 22:34
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-21 22:35
ComboFix-quarantined-files.txt 2009-05-21 02:35
ComboFix2.txt 2009-05-17 22:11

Pre-Run: 100,539,719,680 bytes free
Post-Run: 100,534,009,856 bytes free

225

Edited by Kenneth Woel, 20 May 2009 - 09:40 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 20 May 2009 - 10:01 PM

Hello, Kenneth Woel :thumbup2:
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/224766/unable-to-access-windows-update-siteredirects-me-to-googlecom/
    collect::[54]
    c:\windows\system32\drivers\fsbts.sys
    driver::
    fsbts
    ffntavg
    muglty
    nsjia
    PSBoot
    folder::
    C:\rsit
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ComboFix.txt
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 20 May 2009 - 10:13 PM

When I try to go to the website you provided for the scan i get this message: Failed to Connect













Firefox can't establish a connection to the server at www.eset.com.







Though the site seems valid, the browser was unable to establish a connection.

* Could the site be temporarily unavailable? Try again later.
* Are you unable to browse other sites? Check the computer's network connection.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.




This is the new COMBOFIX.TXT


ComboFix 09-05-20.A0 - Kenny 05/20/2009 23:05.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1622 [GMT -4:00]
Running from: c:\documents and settings\Kenny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kenny\Desktop\CFScript.txt
* Created a new restore point

file zipped: c:\windows\system32\drivers\fsbts.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\windows\system32\drivers\fsbts.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FSBTS
-------\Service_ffntavg
-------\Service_fsbts
-------\Service_muglty
-------\Service_nsjia
-------\Service_PSBoot


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\program files\Avira
2009-05-17 19:06 . 2009-05-17 19:06 -------- d-----w c:\program files\Microsoft Works
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:04 -------- d--h--r C:\MSOCache
2009-05-17 06:09 . 2009-05-17 06:09 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Identities
2009-05-11 05:48 . 2009-05-11 05:48 -------- d-----w c:\documents and settings\Kenny\Application Data\Auslogics
2009-05-10 19:14 . 2009-05-10 19:14 -------- d-----w c:\documents and settings\Kenny\Application Data\OpenOffice.org
2009-05-10 19:09 . 2009-05-10 19:09 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-10 02:12 . 2009-05-17 18:38 -------- d-sh--w c:\documents and settings\All Users.WINDOWS\Application Data\MPK
2009-05-10 02:12 . 2009-05-10 02:12 -------- d-sh--w c:\windows\system32\MPK
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\Kenny\Application Data\HP
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-05-10 01:33 . 2009-05-10 01:33 -------- d-----w c:\program files\Common Files\HP
2009-05-10 01:32 . 2006-06-04 01:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-10 01:32 . 2006-03-04 01:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-05-10 01:32 . 2006-03-04 01:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-05-10 01:32 . 2006-03-04 01:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-05-10 01:32 . 2006-03-04 01:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-05-10 01:32 . 2006-03-04 01:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-05-10 01:32 . 2006-03-04 01:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-05-10 01:32 . 1998-10-29 20:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-10 01:31 . 2008-01-26 03:35 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 01:31 . 2008-01-26 03:35 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-10 01:30 . 2009-05-10 01:35 123996 ----a-w c:\windows\HPHins12.dat
2009-05-10 01:30 . 2006-06-12 22:21 14916 ------w c:\windows\hphmdl12.dat
2009-05-10 01:30 . 2009-05-11 05:42 17672 ----a-w c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 05:43 . 2009-05-15 01:06 -------- d-----w c:\documents and settings\Kenny\Application Data\com.zipeg
2009-05-08 05:43 . 2009-05-08 05:43 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\com.zipeg
2009-05-06 02:02 . 2009-05-21 02:30 -------- d-----w c:\documents and settings\Kenny\Application Data\BitTorrent
2009-05-06 01:58 . 2009-05-06 09:02 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Adobe
2009-05-06 01:57 . 2009-05-06 01:57 -------- d-----w c:\documents and settings\Kenny\Application Data\GRETECH
2009-05-05 20:57 . 2009-05-05 20:57 -------- d-----w c:\documents and settings\Kenny\Application Data\Malwarebytes
2009-05-05 20:32 . 2009-05-05 20:32 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Mozilla
2009-05-05 20:26 . 2009-05-05 20:28 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Google
2009-05-05 20:07 . 2009-05-05 20:07 -------- d-s---w c:\documents and settings\Kenny\UserData
2009-05-05 19:58 . 2009-05-05 19:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 19:48 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft
2009-05-05 19:48 . 2009-05-05 20:07 -------- d-----w c:\documents and settings\Kenny
2009-05-05 19:21 . 2009-05-05 19:21 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-05 07:19 . 2009-05-05 07:20 -------- d-----w c:\program files\Yahoo!
2009-05-04 21:06 . 2009-05-04 21:30 -------- d-----w c:\windows\SxsCaPendDel
2009-05-04 09:23 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-04 09:23 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-05-04 09:23 . 2009-05-04 09:23 -------- d-----w c:\program files\Alwil Software
2009-05-04 08:50 . 2008-01-26 10:57 294912 -c----w c:\windows\system32\dllcache\dlimport.exe
2009-05-04 08:49 . 2008-01-26 03:29 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-05-04 06:17 . 2009-05-05 20:40 -------- d-----w c:\program files\trend micro
2009-05-04 05:08 . 2009-05-05 07:19 -------- d-----w c:\program files\CCleaner
2009-05-04 01:18 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-03 23:16 . 2009-05-04 00:25 -------- d-----w c:\windows\system32\796525
2009-05-03 21:57 . 2009-05-03 21:58 -------- d-----w c:\program files\FrostWire
2009-05-03 21:49 . 2008-07-14 09:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-03 21:49 . 2008-07-14 09:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-03 21:49 . 2009-05-04 02:34 -------- d-----w c:\program files\Comodo
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\program files\NOS
2009-05-01 06:20 . 2009-05-01 06:20 -------- d-----w c:\windows\ERUNT
2009-05-01 05:35 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 05:35 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 05:35 . 2009-05-01 05:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-01 05:35 . 2009-05-01 06:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 05:31 . 2009-05-05 18:39 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-30 03:30 . 2009-04-30 03:30 -------- d-----w c:\program files\AVG
2009-04-30 01:36 . 2009-05-04 13:48 -------- d-----w c:\program files\DNA
2009-04-30 01:36 . 2009-04-30 01:37 -------- d-----w c:\program files\BitTorrent
2009-04-30 00:49 . 2009-04-30 00:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
2009-04-30 00:20 . 2009-04-30 00:20 -------- d-----w c:\program files\Auslogics
2009-04-29 19:42 . 2009-04-29 19:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-04-29 19:42 . 2008-01-26 10:57 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-29 07:46 . 2006-07-21 00:58 208896 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 07:45 . 2009-04-29 07:45 0 ----a-w c:\windows\nsreg.dat
2009-04-29 07:39 . 2009-04-29 07:39 -------- d-----w c:\windows\Downloaded Installations
2009-04-29 07:25 . 2006-06-27 22:31 102400 ----a-w c:\windows\HPWebcam.exe
2009-04-29 07:25 . 2006-05-11 21:31 26880 ----a-w c:\windows\system32\drivers\sncduvc.sys
2009-04-29 07:25 . 2006-07-06 14:28 47744 ----a-w c:\windows\system32\drivers\snp2uvc.sys
2009-04-29 07:25 . 2006-05-30 23:14 102400 ----a-w c:\windows\system32\vsnp2uvc.dll
2009-04-29 07:25 . 2005-11-23 17:55 53248 ----a-w c:\windows\csnp2uvc.dll
2009-04-29 07:24 . 2008-03-26 15:15 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w c:\program files\Intel
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w C:\Intel
2009-04-29 07:22 . 2009-05-10 02:08 -------- d-----w c:\program files\Zipeg
2009-04-29 07:20 . 2009-04-29 07:20 -------- d-----w c:\program files\Common Files\Java
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvuide.exe
2009-04-29 07:17 . 2006-03-03 04:30 101888 ----a-w c:\windows\system32\drivers\nvtcp.sys
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvunrm.exe
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvusmb.exe
2009-04-29 07:15 . 2009-04-29 07:15 -------- d-----w c:\windows\Sminst
2009-04-29 07:08 . 2008-01-26 03:35 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-04-29 07:08 . 2008-01-26 04:07 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-04-29 07:08 . 2008-01-26 03:34 52864 ----a-w c:\windows\system32\drivers\dmusic.sys
2009-04-29 07:08 . 2008-01-26 03:35 56576 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-04-29 07:08 . 2008-01-26 01:26 142592 ----a-w c:\windows\system32\drivers\aec.sys
2009-04-29 07:08 . 2008-01-26 03:35 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-04-29 07:08 . 2008-01-26 03:35 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-04-29 07:08 . 2008-01-26 04:06 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-04-29 07:08 . 2009-04-29 07:12 -------- d-----w c:\program files\CONEXANT
2009-04-29 07:08 . 2008-01-26 03:35 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-29 07:07 . 2006-06-05 17:44 192512 ----a-w c:\windows\VimicroCam.exe
2009-04-29 07:07 . 2006-08-22 01:13 40960 ----a-w c:\windows\VM303UninstNT.exe
2009-04-29 07:07 . 2006-06-08 15:25 73728 ----a-w c:\windows\VMInstNT.exe
2009-04-29 07:05 . 2008-01-26 03:28 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-29 07:05 . 2006-06-28 13:54 9472 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-04-29 07:05 . 2006-06-28 13:57 8192 ----a-w c:\windows\system32\drivers\eabfiltr.sys
2009-04-29 07:05 . 2006-08-18 19:56 1560576 ----a-w c:\windows\system32\BttnCmns_64.dll
2009-04-29 07:05 . 2006-06-30 09:46 1560576 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-29 07:05 . 2005-10-31 18:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-29 07:04 . 2008-01-26 03:35 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-29 07:04 . 2006-01-03 19:21 229376 ------w c:\windows\system32\PMUNINST.EXE
2009-04-29 07:04 . 2009-04-29 07:04 -------- d-----w c:\windows\_PrimaxInstallTempDir1
2009-04-29 06:22 . 2003-09-26 02:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-29 06:22 . 2003-10-13 19:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-29 06:20 . 2007-05-02 13:28 356352 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-29 06:12 . 2009-04-29 06:12 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 06:12 . 2007-08-11 00:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-29 06:11 . 2009-05-04 08:48 -------- d-----w c:\windows\EHome
2009-04-29 06:04 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll
2009-04-29 06:03 . 2001-08-18 02:36 45056 -c--a-w c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-04-29 06:03 . 2001-08-18 02:36 5632 -c--a-w c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-04-29 06:02 . 2009-05-17 07:23 -------- d-sh--w c:\documents and settings\All Users.WINDOWS\DRM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 01:35 . 2009-04-27 04:44 -------- d-----w c:\program files\HP
2009-05-10 01:33 . 2009-04-27 04:42 -------- d-----w c:\program files\Hewlett-Packard
2009-05-04 08:53 . 2009-04-29 06:02 78883 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-29 06:02 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-29 05:57 . 2009-04-29 05:57 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-28 04:45 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\Broadcom
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\DIFX
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP 1.3MP Webcam
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP Wireless Laser Mini Mouse
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\HPQ
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-27 04:43 . 2009-04-27 04:43 -------- d-----w c:\program files\HP Optical USB Mobile Mouse
2009-04-27 04:42 . 2009-04-27 04:42 -------- d-----w c:\program files\HP DVB-T TV Tuner
2009-04-27 04:35 . 2009-04-27 04:35 -------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 03:08 . 2009-05-21 03:08 16384 c:\windows\temp\Perflib_Perfdata_ac.dat
+ 2004-08-04 12:00 . 2009-05-21 02:35 40190 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-05-20 03:23 40190 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-21 02:35 311842 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-05-20 03:23 311842 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
backup=c:\windows\pss\HP Pavilion Webcam Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"XAudioService"=2 (0x2)
"WinDefend"=2 (0x2)
"sp_rssrv"=2 (0x2)
"NVSvc"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AddFiltr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 3:47 PM 108289]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\msbty7vz.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 23:08
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-05-21 23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 03:09
ComboFix2.txt 2009-05-21 02:35
ComboFix3.txt 2009-05-17 22:11

Pre-Run: 100,550,176,768 bytes free
Post-Run: 100,489,510,912 bytes free

243

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 20 May 2009 - 10:34 PM

Hello, Kenneth Woel :thumbup2:

Please try again after this.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    firefox::
    FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\msbty7vz.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    file::
    c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 20 May 2009 - 10:43 PM

I am still getting the same message....this darn virus is the devil! Thank you for the help by the way!!!!

COMBOFIX.TXT:

ComboFix 09-05-20.A0 - Kenny 05/20/2009 23:38.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1642 [GMT -4:00]
Running from: c:\documents and settings\Kenny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kenny\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-05-17 19:47 . 2009-05-17 19:47 -------- d-----w c:\program files\Avira
2009-05-17 19:06 . 2009-05-17 19:06 -------- d-----w c:\program files\Microsoft Works
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-17 19:04 . 2009-05-17 19:04 -------- d--h--r C:\MSOCache
2009-05-17 06:09 . 2009-05-17 06:09 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Identities
2009-05-11 05:48 . 2009-05-11 05:48 -------- d-----w c:\documents and settings\Kenny\Application Data\Auslogics
2009-05-10 19:14 . 2009-05-10 19:14 -------- d-----w c:\documents and settings\Kenny\Application Data\OpenOffice.org
2009-05-10 19:09 . 2009-05-10 19:09 -------- d-----w c:\program files\OpenOffice.org 3
2009-05-10 02:12 . 2009-05-17 18:38 -------- d-sh--w c:\documents and settings\All Users.WINDOWS\Application Data\MPK
2009-05-10 02:12 . 2009-05-10 02:12 -------- d-sh--w c:\windows\system32\MPK
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\Kenny\Application Data\HP
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-05-10 01:33 . 2009-05-10 01:33 -------- d-----w c:\program files\Common Files\HP
2009-05-10 01:32 . 2006-06-04 01:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-10 01:32 . 2006-03-04 01:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-05-10 01:32 . 2006-03-04 01:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-05-10 01:32 . 2006-03-04 01:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-05-10 01:32 . 2006-03-04 01:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-05-10 01:32 . 2006-03-04 01:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-05-10 01:32 . 2006-03-04 01:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-05-10 01:32 . 1998-10-29 20:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-10 01:31 . 2008-01-26 03:35 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-10 01:31 . 2008-01-26 03:35 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-10 01:30 . 2009-05-10 01:35 123996 ----a-w c:\windows\HPHins12.dat
2009-05-10 01:30 . 2006-06-12 22:21 14916 ------w c:\windows\hphmdl12.dat
2009-05-10 01:30 . 2009-05-11 05:42 17672 ----a-w c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 05:43 . 2009-05-15 01:06 -------- d-----w c:\documents and settings\Kenny\Application Data\com.zipeg
2009-05-08 05:43 . 2009-05-08 05:43 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\com.zipeg
2009-05-06 02:02 . 2009-05-21 02:30 -------- d-----w c:\documents and settings\Kenny\Application Data\BitTorrent
2009-05-06 01:58 . 2009-05-06 09:02 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Adobe
2009-05-06 01:57 . 2009-05-06 01:57 -------- d-----w c:\documents and settings\Kenny\Application Data\GRETECH
2009-05-05 20:57 . 2009-05-05 20:57 -------- d-----w c:\documents and settings\Kenny\Application Data\Malwarebytes
2009-05-05 20:32 . 2009-05-05 20:32 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Mozilla
2009-05-05 20:26 . 2009-05-05 20:28 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Google
2009-05-05 20:07 . 2009-05-05 20:07 -------- d-s---w c:\documents and settings\Kenny\UserData
2009-05-05 19:58 . 2009-05-05 19:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 19:48 . 2009-05-17 19:06 -------- d-----w c:\documents and settings\Kenny\Local Settings\Application Data\Microsoft
2009-05-05 19:48 . 2009-05-05 20:07 -------- d-----w c:\documents and settings\Kenny
2009-05-05 19:21 . 2009-05-05 19:21 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-05 07:19 . 2009-05-05 07:20 -------- d-----w c:\program files\Yahoo!
2009-05-04 21:06 . 2009-05-04 21:30 -------- d-----w c:\windows\SxsCaPendDel
2009-05-04 09:23 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-04 09:23 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-05-04 09:23 . 2009-05-04 09:23 -------- d-----w c:\program files\Alwil Software
2009-05-04 08:50 . 2008-01-26 10:57 294912 -c----w c:\windows\system32\dllcache\dlimport.exe
2009-05-04 08:49 . 2008-01-26 03:29 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-05-04 06:17 . 2009-05-05 20:40 -------- d-----w c:\program files\trend micro
2009-05-04 05:08 . 2009-05-05 07:19 -------- d-----w c:\program files\CCleaner
2009-05-04 01:18 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-03 23:16 . 2009-05-04 00:25 -------- d-----w c:\windows\system32\796525
2009-05-03 21:57 . 2009-05-03 21:58 -------- d-----w c:\program files\FrostWire
2009-05-03 21:49 . 2008-07-14 09:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-03 21:49 . 2008-07-14 09:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-03 21:49 . 2009-05-04 02:34 -------- d-----w c:\program files\Comodo
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-03 21:47 . 2009-05-03 21:47 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-05-03 21:42 . 2009-05-04 00:31 -------- d-----w c:\program files\NOS
2009-05-01 06:20 . 2009-05-01 06:20 -------- d-----w c:\windows\ERUNT
2009-05-01 05:35 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 05:35 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 05:35 . 2009-05-01 05:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-05-01 05:35 . 2009-05-01 06:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 05:31 . 2009-05-05 18:39 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-30 03:30 . 2009-04-30 03:30 -------- d-----w c:\program files\AVG
2009-04-30 01:36 . 2009-05-04 13:48 -------- d-----w c:\program files\DNA
2009-04-30 01:36 . 2009-04-30 01:37 -------- d-----w c:\program files\BitTorrent
2009-04-30 00:49 . 2009-04-30 00:49 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
2009-04-30 00:20 . 2009-04-30 00:20 -------- d-----w c:\program files\Auslogics
2009-04-29 19:42 . 2009-04-29 19:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-04-29 19:42 . 2008-01-26 10:57 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-29 07:46 . 2006-07-21 00:58 208896 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 07:45 . 2009-04-29 07:45 0 ----a-w c:\windows\nsreg.dat
2009-04-29 07:39 . 2009-04-29 07:39 -------- d-----w c:\windows\Downloaded Installations
2009-04-29 07:25 . 2006-06-27 22:31 102400 ----a-w c:\windows\HPWebcam.exe
2009-04-29 07:25 . 2006-05-11 21:31 26880 ----a-w c:\windows\system32\drivers\sncduvc.sys
2009-04-29 07:25 . 2006-07-06 14:28 47744 ----a-w c:\windows\system32\drivers\snp2uvc.sys
2009-04-29 07:25 . 2006-05-30 23:14 102400 ----a-w c:\windows\system32\vsnp2uvc.dll
2009-04-29 07:25 . 2005-11-23 17:55 53248 ----a-w c:\windows\csnp2uvc.dll
2009-04-29 07:24 . 2008-03-26 15:15 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w c:\program files\Intel
2009-04-29 07:24 . 2009-04-29 07:24 -------- d-----w C:\Intel
2009-04-29 07:22 . 2009-05-10 02:08 -------- d-----w c:\program files\Zipeg
2009-04-29 07:20 . 2009-04-29 07:20 -------- d-----w c:\program files\Common Files\Java
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvuide.exe
2009-04-29 07:17 . 2006-03-03 04:30 101888 ----a-w c:\windows\system32\drivers\nvtcp.sys
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvunrm.exe
2009-04-29 07:17 . 2006-07-21 03:21 208896 ----a-w c:\windows\system32\nvusmb.exe
2009-04-29 07:15 . 2009-04-29 07:15 -------- d-----w c:\windows\Sminst
2009-04-29 07:08 . 2008-01-26 03:35 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-04-29 07:08 . 2008-01-26 04:07 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-04-29 07:08 . 2008-01-26 03:34 52864 ----a-w c:\windows\system32\drivers\dmusic.sys
2009-04-29 07:08 . 2008-01-26 03:35 56576 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-04-29 07:08 . 2008-01-26 01:26 142592 ----a-w c:\windows\system32\drivers\aec.sys
2009-04-29 07:08 . 2008-01-26 03:35 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-04-29 07:08 . 2008-01-26 03:35 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-04-29 07:08 . 2008-01-26 04:06 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-04-29 07:08 . 2009-04-29 07:12 -------- d-----w c:\program files\CONEXANT
2009-04-29 07:08 . 2008-01-26 03:35 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-29 07:07 . 2006-06-05 17:44 192512 ----a-w c:\windows\VimicroCam.exe
2009-04-29 07:07 . 2006-08-22 01:13 40960 ----a-w c:\windows\VM303UninstNT.exe
2009-04-29 07:07 . 2006-06-08 15:25 73728 ----a-w c:\windows\VMInstNT.exe
2009-04-29 07:05 . 2008-01-26 03:28 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-29 07:05 . 2006-06-28 13:54 9472 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-04-29 07:05 . 2006-06-28 13:57 8192 ----a-w c:\windows\system32\drivers\eabfiltr.sys
2009-04-29 07:05 . 2006-08-18 19:56 1560576 ----a-w c:\windows\system32\BttnCmns_64.dll
2009-04-29 07:05 . 2006-06-30 09:46 1560576 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-29 07:05 . 2005-10-31 18:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-29 07:04 . 2008-01-26 03:35 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-29 07:04 . 2006-01-03 19:21 229376 ------w c:\windows\system32\PMUNINST.EXE
2009-04-29 07:04 . 2009-04-29 07:04 -------- d-----w c:\windows\_PrimaxInstallTempDir1
2009-04-29 06:22 . 2003-09-26 02:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-29 06:22 . 2003-10-13 19:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-29 06:22 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-29 06:20 . 2007-05-02 13:28 356352 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-29 06:12 . 2009-04-29 06:12 -------- d-----w c:\windows\ServicePackFiles
2009-04-29 06:12 . 2007-08-11 00:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-29 06:11 . 2009-05-04 08:48 -------- d-----w c:\windows\EHome
2009-04-29 06:04 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\kbdvntc.dll
2009-04-29 06:03 . 2001-08-18 02:36 45056 -c--a-w c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-04-29 06:03 . 2001-08-18 02:36 5632 -c--a-w c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-04-29 06:02 . 2009-05-17 07:23 -------- d-sh--w c:\documents and settings\All Users.WINDOWS\DRM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 01:35 . 2009-04-27 04:44 -------- d-----w c:\program files\HP
2009-05-10 01:33 . 2009-04-27 04:42 -------- d-----w c:\program files\Hewlett-Packard
2009-05-04 08:53 . 2009-04-29 06:02 78883 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-29 06:02 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-29 05:57 . 2009-04-29 05:57 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-28 04:45 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\Broadcom
2009-04-27 04:47 . 2009-04-27 04:47 -------- d-----w c:\program files\DIFX
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP 1.3MP Webcam
2009-04-27 04:46 . 2009-04-27 04:46 -------- d-----w c:\program files\HP Wireless Laser Mini Mouse
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\HPQ
2009-04-27 04:44 . 2009-04-27 04:44 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-27 04:43 . 2009-04-27 04:43 -------- d-----w c:\program files\HP Optical USB Mobile Mouse
2009-04-27 04:42 . 2009-04-27 04:42 -------- d-----w c:\program files\HP DVB-T TV Tuner
2009-04-27 04:35 . 2009-04-27 04:35 -------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((( SnapShot@2009-05-21_02.34.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 03:08 . 2009-05-21 03:08 16384 c:\windows\temp\Perflib_Perfdata_ac.dat
+ 2004-08-04 12:00 . 2009-05-21 03:12 40190 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-05-20 03:23 40190 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-21 03:12 311842 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-05-20 03:23 311842 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
backup=c:\windows\pss\HP Pavilion Webcam Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"XAudioService"=2 (0x2)
"WinDefend"=2 (0x2)
"sp_rssrv"=2 (0x2)
"NVSvc"=2 (0x2)
"hpqwmiex"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AddFiltr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 3:47 PM 108289]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\msbty7vz.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 23:39
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-21 23:40
ComboFix-quarantined-files.txt 2009-05-21 03:40
ComboFix2.txt 2009-05-21 03:13
ComboFix3.txt 2009-05-21 02:35
ComboFix4.txt 2009-05-17 22:11

Pre-Run: 100,482,277,376 bytes free
Post-Run: 100,471,300,096 bytes free

226

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 21 May 2009 - 02:11 PM

Do you get that message for all sites now -- or only for specific ones?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 21 May 2009 - 07:18 PM

No, I only received it for that website! I'm currently using this laptop in order to communicate with you. For some reason it wont allow me to go to any website that would allow me to remove the virus.....any windows update site, virus scan websites etc...

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:32 PM

Posted 21 May 2009 - 07:30 PM

Hello, Kenneth Woel :thumbup2:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all six boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
In your next reply, please include the following:
  • RootRepeal Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Kenneth Woel

Kenneth Woel
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 22 May 2009 - 08:33 PM

This is what I received, which by the way, took foreeeevvvveeerrrr. I started the scan last night and this morning when i woke up to go to work it still wasnt done! I dont know if its the virus or what.


ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0040e693
Attempt to read from address: 0x01880248




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users