Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

txplatform and others


  • This topic is locked This topic is locked
23 replies to this topic

#1 gtredx69

gtredx69

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 03 June 2009 - 05:17 PM

Hi all,

I have been plagued recently with a lot of virus and malware. My computer been barely useable but seem to have cleared quite a few programs and virus from my machine but still having problems and I think I still have not removed all infections. Any help be greatly appreciated. Also I cant remove Avira AntiVir when I click remove from add/remove programs I get "cannot load master resource file"

Many thanks
Gareth


DDS (Ver_09-05-14.01) - NTFSx86
Run by Sea-ah at 6:01:22.37 on 04/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.511.121 [GMT 8:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D4AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B4424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836255E4-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B9664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836905E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379EDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C5594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A17594-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83810DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833E332C-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C7DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E03CC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F6814-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381BDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833487FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E1484-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836EB29C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83730594-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835F0514-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {82CA4BCC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836AC424-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8339E624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AA7D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837173AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83616DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2FB6C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000206-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837453DC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834B67E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82F5B2A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EA0C1C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838D2994-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8380CBBC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837845BC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8382972C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834959D4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CDC1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837ACDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837DA444-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83786C0C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8382C2BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356095C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A1685C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8374E214-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839652C4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832DD784-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83597594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83541B1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839FA054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8384672C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83345054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837F87E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379DDDC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835BE424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83830884-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E4054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83355B64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C9BF4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839BC8A4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377B2DC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A198C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83815054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8375B5DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8370D25C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D654-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838B8DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837FFC64-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B4754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83706A34-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E8DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381430C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835B7874-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838F6B8C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83568C1C-FFA4-00F6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837DF8AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838F7054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379238C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83705A5C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837FBA34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A29D74-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83815304-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837898CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E2DB4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83366564-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8388A26C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839FA7FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A49DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8332A87C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836972F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836385BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838D9054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A09AF4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8375BAAC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F7754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836D02BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8385EDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8343ADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A2A6C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839CADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377E93C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838BCDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838B4404-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356FAA4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83238DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83315C44-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82ECB054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E3894-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8362D964-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838603B4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836B093C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F4A34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377B444-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381F8DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837F4254-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C0DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8348B4EC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834F8A34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E798C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8353C6FC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837367D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83B07DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8330AA5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8352C84C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8372F43C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A25054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A8B8A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378C49C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832C6374-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378B5E4-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836EF4C4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833206DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837342DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838FE6F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CEDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8329DDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CFDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835FE584-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E872C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8331FB64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83757624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8343A644-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837D2B54-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837756FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C6C1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378A7AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83759DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8370692C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D98C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A6DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8355563C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837225AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837758EC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8338BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838612CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838EC934-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8398F394-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83599DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AFDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8386F224-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83787754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836A4594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83834DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83613664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A3234-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837505BC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83837944-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83298464-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837185D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83705054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8333835C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E621C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836C36EC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A1C5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83661DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834E19BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835077DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839BDC1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833B38BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83885A5C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8368293C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837999A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83779A5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356946C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A2B5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C02F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381045C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A6384-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8347DA74-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E0C24-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8344DDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83313054-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837398D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83731C0C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839A3474-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A22D4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C5DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838CF594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8395C624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837768D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8385FBAC-FFA4-00DF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83852DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8332D65C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835BC784-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A3BB4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83656DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835FF8DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8374FB64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83849C1C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8361A664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8365F7BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B43CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83804A7C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A0EDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835964A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83775C1C-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8331B5E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833408AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83994624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835F24FC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837BADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837903BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A05E4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834B1424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E9C1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83760914-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832EDA8C-FFA4-0107-0D24-347CA8A3377C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msagente\TXPlatform.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\scardsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\QQmusic.exe
C:\WINDOWS\wanmpsvc.exe
c:\winsyscom.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WinRoll\winroll.exe
C:\Documents and Settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\common files\aol\1135890346\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135890346\ee\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sea-ah\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.1188.com/index.html
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
mSearchAssistant =
mCustomizeSearch =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\msagente\TXPlatform.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: REALBAR: {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: REALBAR: {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icqtoolbar\toolbaru.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exe
uRun: [SolidCapture] c:\program files\soliddocuments\solidcapture\solidcapture.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel\GoTrusted Secure Tunnel.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Wizard]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [FirstSteps]
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [URLLSTCK.exe] c:\program files\norton internet security professional\UrlLstCk.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [assistse] "c:\progra~1\3721\assistse.exe"
mRun: [YDTMain.exe] c:\progra~1\ydt\YDTMain.exe
mRun: [HostManager] c:\program files\common files\aol\1135890346\ee\AOLSoftware.exe
mRun: [CameraFixer] c:\windows\CameraFixer.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"
mRun: [LXCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCDtime.dll,_RunDLLEntry@16
mRun: [lxcdmon.exe] "c:\program files\lexmark 6300 series\lxcdmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 6300 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\antivir personaledition classic\avgnt.exe" /min
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HBService] explore.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Symantec Network Driver Update Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\sea-ah\startm~1\programs\startup\winroll.lnk - c:\program files\winroll\winroll.exe
StartupFolder: c:\documents and settings\sea-ah\start menu\programs\startup\winsco.exe
StartupFolder: c:\docume~1\sea-ah\startm~1\programs\startup\yzshadow.lnk - c:\program files\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolbro~1.lnk - c:\program files\aol\broadband checkup\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\tdk systems\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\tdk systems\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\tdk systems\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
AppInit_DLLs: mduaey.dll,aaa.dll,HBmhly.dll ringtte.dll biroas.dll lensch.dll wllame.dll eskisl.dll cupops.dll johandy.dll jolndyo.dll catower.dll
SSODL: nwapi32dj.dll - {A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9} - c:\windows\system32\nwapi32dj.dll
SEH: MICROSOFT: {28766e1c-74b0-4417-8c75-f12ae309ef35} - c:\windows\system32\wzcfsw.dll
SEH: MICROSOFT: {272a3236-188a-4e8a-8675-868af8a8d151} - c:\windows\system32\dhyszj.dll
SEH: {a2c3ba54-df75-4881-8eb3-e54b26bbbbc9} - c:\windows\system32\nwapi32dj.dll
SEH: {730b78a6-9b9c-4c44-8645-1873bdcfd3b1} - 730B78A6.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 HBKernel;HBKernel Driver;c:\windows\system32\drivers\HBKernel.sys [2008-8-29 39920]
R2 v?s;v???s?;c:\windows\system32\QQmusic.exe [2008-8-27 36864]
R2 WinSYSCOM;COM+ Windows System;C:\winsyscom.exe [2008-7-19 87040]
S?3 Ndispror;Network Monitor Protocol Driver;c:\windows\system32\drivers\winsyy.sys [2008-7-19 21248]
S1 avgio;avgio;\??\c:\program files\antivir personaledition classic\avgio.sys --> c:\program files\antivir personaledition classic\avgio.sys [?]
S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\antivir personaledition classic\sched.exe --> c:\program files\antivir personaledition classic\sched.exe [?]
S2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\antivir personaledition classic\avguard.exe --> c:\program files\antivir personaledition classic\avguard.exe [?]
S3 avgntflt;avgntflt;\??\c:\program files\antivir personaledition classic\avgntflt.sys --> c:\program files\antivir personaledition classic\avgntflt.sys [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys --> c:\windows\system32\drivers\gttap1.sys [?]
S3 iXPT;iXPT;c:\windows\system32\iXPT.sys [2008-8-31 5632]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2003-11-7 14156]
S3 RESSDT;RESSDT;\??\c:\windows\system32\ssdtti.sys --> c:\windows\system32\ssdtti.sys [?]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2003-11-9 231040]

=============== Created Last 30 ================

2009-05-29 20:00 1,033,216 a------- c:\windows\urrf.exe

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2006-02-22 09:29 867 a------- c:\program files\INSTALL.LOG
2006-02-09 00:31 2,725,829 a------- c:\program files\MpfPlus_Aol_UK.exe
2005-09-01 04:02 1,112 a------- c:\docume~1\sea-ah\applic~1\ViewerApp.dat
2003-12-09 07:54 220 ---sh--- c:\windows\dwin.sys
2008-08-31 01:10 164,926 a--sh--- c:\windows\system32\730B78A6.dll
2007-04-16 23:52 7,680 a--sh--- c:\windows\system32\hrafh.dll
2007-04-16 23:52 7,680 a--sh--- c:\windows\system32\nmsdjh.dll
2008-08-27 09:07 36,864 ---sh--- c:\windows\system32\QQmusic.exe
2008-08-30 06:13 10,163 ---sh--- c:\windows\system32\rddhl.dll
2008-08-28 08:32 9,660 ---sh--- c:\windows\system32\rdmsgl.dll
2007-04-16 23:52 31,512 ---sh--- c:\windows\system32\xdhuk.dll
2004-08-17 20:00 379,392 ---sh--- c:\windows\system32\yiue.dll
2007-04-16 23:52 44,824 ---sh--- c:\windows\system32\zdfgf.dll

============= FINISH: 6:02:15.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 07 June 2009 - 04:52 PM

Hey folks,

Is this problem a lost cause, any ideas before I go ahead and wipe my machine.
I thiank I have something called TXplatform and I know there is other infections in there.
Any help be gratefully appreciated

Cheers Gareth



Hello gtredx69,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman

Edited by The weatherman, 07 June 2009 - 05:07 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 14 June 2009 - 03:18 PM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#4 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 16 June 2009 - 02:13 PM

Hi Syler

Thanks for having a look at this. If you are looking for history of this machine, I do not know much as it was given to me in an attempt to fix it up. It was plagued big style, b4 couldn't use start menu and process were running at 100%. I have cleared or seem to have cleared or temp fixed things but I know the machine isn't fully clean yet.

Anyways thanks for helping attached is what you asked for.

Cheers Gareth

Attached Files

  • Attached File  info.txt   40.09KB   7 downloads
  • Attached File  log.txt   35.1KB   6 downloads


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 16 June 2009 - 07:30 PM

Hi Gareth,

The computer is very badly infected and will take some cleaning!, you may want to consider formatting, although
I would be happy to give it a try, if you can't or don't want to format. Also can you please copy and paste any logs
in your replies rather than attaching them unless asked, cheers.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please read and follow these next steps.


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Bearshare and Bitcomet). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Also

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now.


Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

BearShare (Optional)
BitComet 0.70 (Optional)
ICQ Toolbar (See here)
My Search Bar
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Symantec Network Driver Update
Viewpoint Media Player


Additional instructions can be found here if needed.

Next

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • Combofix.txt
  • Gmer log
Thanks

unite.jpg


#6 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 21 June 2009 - 10:41 AM

Hi
Well I had a few problems, suppose its to be expected.

Unable to remove MySearchBar, Window opens with title res://C:\progra~1\MyWay\mybar\1.bin\mybar.dll/101... then closes
Unable to remove ICQ Toolbar, screen just flickers and nothing
Symantec Network Driver update not on add/remove.

I was able to get the GMER log and after a few goes got the ComboFix. Thou it does run in chinese language even the the default os set to English United Kingdom. But it still runs through the process ok.

-----------------------------------------------------------------------ComboFix Log----------------------------------------------------------------------------------------------
ComboFix 09-06-20.04 - Sea-ah 21/06/2009 23:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.767.427 [GMT 8:00]
m: c:\documents and settings\Sea-ah\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {82CA4BCC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8380CBBC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000206-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2FB6C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EA0C1C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82ECB054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82F5B2A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83238DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83298464-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8329DDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832C6374-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832DD784-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {832EDA8C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8330AA5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83313054-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83315C44-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8331B5E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8331FB64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833206DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8332A87C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8332D65C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8333835C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833408AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83345054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833487FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83355B64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83366564-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8338BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8339E624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833B38BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {833E332C-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8343A644-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8343ADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8344DDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8347DA74-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8348B4EC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834959D4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834B1424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834B67E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834E19BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {834F8A34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835077DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8352C84C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8353C6FC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83541B1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8355563C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356095C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83568C1C-FFA4-00F6-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356946C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8356FAA4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835964A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83597594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83599DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835B7874-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835BC784-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835BE424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C5594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C5DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835C6C1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835F0514-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835F24FC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835FE584-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {835FF8DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83613664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83616DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8361A664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836255E4-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8362D964-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836385BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83656DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8365F7BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83661DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8368293C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836905E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836972F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836A4594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836AC424-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836B093C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836C36EC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836D02BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E0C24-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E1484-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E872C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836E9C1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836EB29C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836EF4C4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F4A34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F6814-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {836F7754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83705054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83705A5C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8370692C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83706A34-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8370D25C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837173AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837185D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837225AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8372F43C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83730594-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83731C0C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837342DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837367D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837398D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837453DC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8374E214-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8374FB64-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837505BC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83757624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83759DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8375B5DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8375BAAC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83760914-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D4AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D654-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8376D98C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837756FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837758EC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83775C1C-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837768D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83779A5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377B2DC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377B444-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377BDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8377E93C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837845BC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83786C0C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83787754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837898CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378A7AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378B5E4-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8378C49C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837903BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379238C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837999A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379DDDC-FFA4-0118-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8379EDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A05E4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A198C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A1C5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A2A6C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A2B5C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A3234-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A6384-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837A6DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AA7D4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837ACDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837AFDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B43CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B4424-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B4754-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837B9664-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837BADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C02F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C0DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C7DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837C9BF4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CDC1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CEDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837CFDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837D2B54-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837DA444-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837DF8AC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E03CC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E621C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837E8DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837F4254-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837F87E4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837FBA34-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {837FFC64-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83804A7C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381045C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83810DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381430C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83815054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83815304-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381BDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8381F8DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8382972C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8382C2BC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83830884-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83834DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83837944-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8384672C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83849C1C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83852DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8385EDDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8385FBAC-FFA4-00DF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838603B4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838612CC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8386F224-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83885A5C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8388A26C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A22D4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A3BB4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838A49DC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838B4404-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838B8DDC-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838BCDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838CF594-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838D2994-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838D9054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E2DB4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E3894-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E4054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838E798C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838EC934-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838F6B8C-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838F7054-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {838FE6F4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8395C624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839652C4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8398F394-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83994624-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839A3474-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839BC8A4-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839BDC1C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839CADDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839FA054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {839FA7FC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A09AF4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A0EDDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A1685C-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A17594-FFA4-00E3-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A25054-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A29D74-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83A8B8A4-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {83B07DDC-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0107-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-0118-0D24-347CA8A3377C}
* \гys٭I
.

((((((((((((((((((((((((((((((((((((((( QRɮ )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\win.txt
.
---- eB檺G -------
.

.
((((((((((((((((((((((((((((((((((((((( X/A )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENTSERVICE
-------\Legacy_CNSMINKP
-------\Legacy_HBKERNEL
-------\Legacy_KERNEL32
-------\Legacy_MFC42
-------\Service_CnsMinKP
-------\Service_HBKernel
-------\Service_RESSDT


((((((((((((((((((((((((( 2009-05-21 2009-06-21 sɮ )))))))))))))))))))))))))))))))
.

2009-06-17 19:36 . 2007-06-13 10:23 1033216 ----a-w- c:\windows\zepp.exe
2009-06-16 18:59 . 2009-06-16 19:08 -------- d-----w- C:\rsit
2009-06-03 23:00 . 2009-06-04 09:30 115263 ----a-w- C:\Fport.exe
2009-05-29 12:00 . 2007-06-13 10:23 1033216 ----a-w- c:\windows\urrf.exe

.
(((((((((((((((((((((((((((((((((((((((( bTӤ뤺Qק諸ɮ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 15:28 . 2009-06-21 15:28 -------- d-----w- c:\program files\Dynamic Toolbar
2009-06-17 19:28 . 2005-11-23 21:38 -------- d-----w- c:\program files\WinRoll
2009-06-17 19:24 . 2004-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-17 19:17 . 2004-09-27 22:51 -------- d-----w- c:\program files\BitComet
2009-06-17 19:17 . 2005-10-08 01:40 -------- d-----w- c:\program files\BearShare
2009-05-26 05:20 . 2008-06-02 17:07 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2008-06-02 17:07 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-08 16:31 . 2006-02-08 16:31 2725829 ----a-w- c:\program files\MpfPlus_Aol_UK.exe
2008-07-24 15:17 . 2008-06-10 16:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 15:17 . 2008-06-10 16:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 15:17 . 2008-06-10 16:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 15:17 . 2008-06-10 16:32 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 15:17 . 2008-06-10 16:32 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2003-12-08 23:54 . 2003-12-08 23:54 220 --sh--w- c:\windows\dwin.sys
2007-04-16 15:52 . 2007-04-16 15:52 7680 --sha-w- c:\windows\system32\hrafh.dll
2007-04-16 15:52 . 2007-04-16 15:52 7680 --sha-w- c:\windows\system32\nmsdjh.dll
2007-04-16 15:52 . 2007-04-16 15:52 31512 --sh--w- c:\windows\system32\xdhuk.dll
2004-08-17 12:00 . 2004-08-17 12:00 379392 --sh--w- c:\windows\system32\yiue.dll
2007-04-16 15:52 . 2007-04-16 15:52 44824 --sh--w- c:\windows\system32\zdfgf.dll
.

((((((((((((((((((((((((((((((((((((( nnJI ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*`N* ťջPXkʬٵnN|Q
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"HostManager"="c:\program files\Common Files\AOL\1135890346\ee\AOLSoftware.exe" [2006-11-17 50736]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-06 190024]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-03-21 78848]

c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\
winsco.exe [2008-7-24 88576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-3-29 156784]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2004-11-2 217088]
BTTray.lnk - c:\program files\TDK Systems\Bluetooth Software\BTTray.exe [2003-11-17 503869]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-7 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21726:TCP"= 21726:TCP:BitComet 21726 TCP
"21726:UDP"= 21726:UDP:BitComet 21726 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:BitComet 11090 UDP

R2 WinSYSCOM;COM+ Windows System;C:\winsyscom.exe [19/07/2008 18:55 87040]
S?3 Ndispror;Network Monitor Protocol Driver;c:\windows\system32\drivers\winsyy.sys [19/07/2008 18:56 21248]
S2 vs?s;vs???s?;c:\windows\system32\QQmusic.exe --> c:\windows\system32\QQmusic.exe [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 iXPT;iXPT;c:\windows\system32\iXPT.sys [31/08/2008 01:10 5632]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [07/11/2003 06:58 14156]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [09/11/2003 22:06 231040]
.
pȡ ̪e

2008-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 06:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
HKCU-Run-SolidCapture - c:\program files\SolidDocuments\SolidCapture\solidcapture.exe
HKCU-Run-GoTrusted - c:\program files\GoTrusted.com\GoTrusted Secure Tunnel\GoTrusted Secure Tunnel.exe
HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security Professional\UrlLstCk.exe
HKLM-Run-YDTMain.exe - c:\progra~1\YDT\YDTMain.exe
HKLM-Run-avgnt - c:\program files\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-Wizard - (no file)
HKLM-Run-FirstSteps - (no file)
HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE
ShellExecuteHooks-{730B78A6-9B9C-4C44-8645-1873BDCFD3B1} - 730B78A6.dll


.
------- ӥ~y -------
.
uStart Page = hxxp://www.1188.com/index.html
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 23:27
Windows 5.1.2600 Service Pack 2 NTFS

yQêi{ ...

yQêҰʲ ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

yQê ...

y
Qêɮ: 0

**************************************************************************
.
--------------------- Bi{UʺA챵w ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ LBi{ ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\TDK Systems\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\scardsvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\wanmpsvc.exe
c:\program files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\lxcdcoms.exe
c:\program files\Common Files\AOL\1135890346\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
.
**************************************************************************
.
ɶ: 2009-06-21 23:33 - qwsҰ
ComboFix-quarantined-files.txt 2009-06-21 15:33

Pre-Run: 8,174,227,456 bytes free
Post-Run: 8,474,697,728 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
433 --- E O F --- 2008-08-17 22:39



-----------------------------------------------------------------------------------GMER Log---------------------------------------------------------------------------------------
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-19 15:18:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF7742B3A]
SSDT sptd.sys ZwEnumerateKey [0xF7742C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7742FF6]
SSDT sptd.sys ZwOpenKey [0xF7742A18]
SSDT sptd.sys ZwQueryKey [0xF77430C0]
SSDT sptd.sys ZwQueryValueKey [0xF7742F58]
SSDT sptd.sys ZwSetValueKey [0xF7743148]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD9453.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F60FB4D0 5 Bytes [62, B5, 37, F6, D8]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 6 F60FB4D6 10 Bytes [8B, 94, 70, 24, A0, 14, F3, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F60FB4E1 31 Bytes [A0, 0F, F6, E2, 9B, 91, FA, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F774BDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F776171E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F774C3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F774C2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F774C482] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7761032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F774BF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7760C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F774BE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F773EA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F773EB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F773EAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F773F6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F773F5A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7761864] sptd.sys
IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7750F78] sptd.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7760C76] sptd.sys
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7761864] sptd.sys
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F773E020] sptd.sys
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F773E020] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1072] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe[1428] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT c:\program files\common files\aol\1135890346\ee\aolsoftware.exe[3068] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 843C2398
Device \FileSystem\Fastfat \FatCdrom 83F9A4A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 843C2A40
Device \Driver\Cdrom \Device\CdRom0 840E6518
Device \FileSystem\Rdbss \Device\FsWrap 83FBF2E0
Device \Driver\Cdrom \Device\CdRom1 840E6518
Device \Driver\Cdrom \Device\CdRom2 840E6518
Device \Driver\Cdrom \Device\CdRom3 840E6518
Device \Driver\NetBT \Device\NetBt_Wins_Export 83F98478
Device \Driver\NetBT \Device\NetbiosSmb 83F98478
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4A46DF7-89C6-4461-B4DA-F3E069CD60C8} 83F98478
Device \Driver\USBSTOR \Device\00000089 83E382E0
Device \Driver\Disk \Device\Harddisk0\DR0 843C25D0
Device \Driver\Disk \Device\Harddisk1\DR2 843C25D0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+3 843C25D0
Device \Driver\00000078 \Device\0000005f sptd.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83FA40E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83FA40E8
Device \FileSystem\Npfs \Device\NamedPipe 83FEE310
Device \Driver\Ftdisk \Device\FtControl 843C2A40
Device \FileSystem\Msfs \Device\Mailslot 83FB10E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CE0D0780-3491-40E7-B4E2-EF10CAEB0569} 83F98478
Device \Driver\USBSTOR \Device\0000008c 83E382E0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 83FB9EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 83FB9EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 83FB9EB0
Device \FileSystem\Fastfat \Fat 83F9A4A0
Device \FileSystem\Cdfs \Cdfs 83F9F2E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xCC 0x9F 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0xC5 0xAD 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0x1A 0xB4 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF3 0x39 0x12 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8B 0x4D 0x59 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1550121562
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 357669777
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1479062309
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xCC 0x9F 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0xC5 0xAD 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0x1A 0xB4 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF3 0x39 0x12 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8B 0x4D 0x59 0x82 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xCC 0x9F 0x06 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0xC5 0xAD 0xF3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0x1A 0xB4 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF3 0x39 0x12 0x0F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8B 0x4D 0x59 0x82 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- EOF - GMER 1.0.15 ----


Cheers
Gareth

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 21 June 2009 - 08:34 PM

Hi Gareth,


Go to Start >> Run, type Service.msc

From the list of services find Windows Management Instrumentation
Right click it, then select Stop. A message will pop up click yes.

Now navigate to this folder and delete it.

C:\WINDOWS\system32\wbem\Repository <-- This folder

Now go back to Windows Management Instrumentation in the services list.
Right click it, then select Start. Exit services list, then restart your computer.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\zepp.exe
C:\Fport.exe
c:\windows\urrf.exe
c:\windows\dwin.sys
c:\windows\system32\hrafh.dll
c:\windows\system32\nmsdjh.dll
c:\windows\system32\xdhuk.dll
c:\windows\system32\yiue.dll
c:\windows\system32\zdfgf.dllc:\documents and settings\Sea-ah\Start Menu\Programs\Startup\
winsco.exe
C:\winsyscom.exe
c:\windows\system32\drivers\winsyy.sys
c:\windows\system32\QQmusic.exe
c:\windows\system32\iXPT.sys

Registry::

Driver::
WinSYSCOM
Ndispror
vs?s
iXPT

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then please post back here with the following:
  • Combofix.txt
  • MBAM log
Thanks

unite.jpg


#8 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 25 June 2009 - 11:28 AM

Hi,

Done as requested here is the logs


----------------------------------------------------------------ComboFix---------------------------------------------------------------------
ComboFix 09-06-20.04 - Sea-ah 25/06/2009 4:38.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.767.432 [GMT 8:00]
執行位置: c:\documents and settings\Sea-ah\Desktop\ComboFix.exe
Command switches used :: H:\CFScript.txt

FILE ::
"C:\Fport.exe"
"c:\windows\dwin.sys"
"c:\windows\system32\hrafh.dll"
"c:\windows\system32\nmsdjh.dll"
"c:\windows\system32\xdhuk.dll"
"c:\windows\system32\yiue.dll"
"c:\windows\system32\zdfgf.dllc:\documents and settings\Sea-ah\Start Menu\Programs\Startup\"
"c:\windows\urrf.exe"
"c:\windows\zepp.exe"
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dynamic Toolbar
C:\Fport.exe
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble16.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\celebs.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\gotb.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\highlight.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuff.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuffsm.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\movies.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\music.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\news.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\ngames.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\radio.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\REALBARTB0115.cfg
c:\program files\Dynamic Toolbar\REALBAR\Cache\rollingstone.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\sports.bmp
c:\windows\dwin.sys
c:\windows\system32\hrafh.dll
c:\windows\system32\nmsdjh.dll
c:\windows\system32\xdhuk.dll
c:\windows\system32\yiue.dll
c:\windows\urrf.exe
c:\windows\zepp.exe

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IXPT
-------\Legacy_NDISPROR
-------\Legacy_WINSYSCOM
-------\Service_iXPT
-------\Service_Ndispror
-------\Service_v?s
-------\Service_WinSYSCOM


((((((((((((((((((((((((( 2009-05-24 至 2009-06-24 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-06-24 20:44 . 2009-06-24 20:44 -------- d-----w- c:\program files\Dynamic Toolbar
2009-06-24 20:36 . 2009-06-24 20:36 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-16 18:59 . 2009-06-16 19:08 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 20:53 . 2009-06-24 20:50 21248 ----a-w- C:\winsyy.sys
2009-06-24 20:53 . 2009-06-24 20:50 17408 ----a-w- C:\winsys.exe
2009-06-24 20:50 . 2008-07-19 10:55 87615 ----a-w- C:\winsyscom.exe
2009-06-24 20:50 . 2009-06-24 20:50 121 ----a-w- C:\time.bat
2009-06-17 19:28 . 2005-11-23 21:38 -------- d-----w- c:\program files\WinRoll
2009-06-17 19:24 . 2004-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-17 19:17 . 2004-09-27 22:51 -------- d-----w- c:\program files\BitComet
2009-06-17 19:17 . 2005-10-08 01:40 -------- d-----w- c:\program files\BearShare
2009-05-26 05:20 . 2008-06-02 17:07 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2008-06-02 17:07 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-08 16:31 . 2006-02-08 16:31 2725829 ----a-w- c:\program files\MpfPlus_Aol_UK.exe
2008-07-24 15:17 . 2008-06-10 16:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 15:17 . 2008-06-10 16:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 15:17 . 2008-06-10 16:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 15:17 . 2008-06-10 16:32 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 15:17 . 2008-06-10 16:32 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-16 15:52 . 2007-04-16 15:52 44824 --sh--w- c:\windows\system32\zdfgf.dll
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"HostManager"="c:\program files\Common Files\AOL\1135890346\ee\AOLSoftware.exe" [2006-11-17 50736]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-06 190024]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-03-21 78848]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\
winsco.exe [2008-7-24 88576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-3-29 156784]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2004-11-2 217088]
BTTray.lnk - c:\program files\TDK Systems\Bluetooth Software\BTTray.exe [2003-11-17 503869]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-7 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21726:TCP"= 21726:TCP:BitComet 21726 TCP
"21726:UDP"= 21726:UDP:BitComet 21726 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:BitComet 11090 UDP

S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [07/11/2003 06:58 14156]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [09/11/2003 22:06 231040]
.
計劃任務 文件夾 裡的內容

2008-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 06:57]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{730B78A6-9B9C-4C44-8645-1873BDCFD3B1} - (no file)


.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.1188.com/index.html
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 04:49
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'explorer.exe'(1948)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\TDK Systems\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\scardsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcdcoms.exe
c:\program files\Common Files\AOL\1135890346\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
完成時間: 2009-06-24 4:55 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2009-06-24 20:55
ComboFix2.txt 2009-06-21 15:33

Pre-Run: 8,452,272,128 bytes free
Post-Run: 8,431,423,488 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
209 --- E O F --- 2008-08-17 22:39



--------------------------------------------------------------------Malwarebytes--------------------------------------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2330
Windows 5.1.2600 Service Pack 2

25/06/2009 05:40:46
mbam-log-2009-06-25 (05-40-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216417
Time elapsed: 42 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
c:\program files\dynamic toolbar\REALBAR (Adware.2020search) -> Quarantined and deleted successfully.
c:\program files\dynamic toolbar\REALBAR\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
c:\winsys.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Cheers Gareth

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 25 June 2009 - 02:53 PM

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\time.bat
C:\winsyscom.exe
C:\winsys.exe
C:\winsyy.sys
c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe
c:\windows\system32\zdfgf.dll

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#10 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 29 June 2009 - 12:02 PM

Hey

Having trouble removing Antivir, seems to be loaded into the machine, running in the background, but unable to uninstall it. Tried downloading a newer version it just says do I wish to remove the old version. Click yes then a pop up appears saying 'Cannot load master resource file' then quits.

Any ideas on what to do with that, so I can get a good clean copy working.

Also below is the Combofix log.

ComboFix 09-06-28.06 - Sea-ah 30/06/2009 0:41.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.767.458 [GMT 8:00]
執行位置: c:\documents and settings\Sea-ah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sea-ah\Desktop\CFScript.txt
* 成功創造新還原點

FILE ::
"c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe"
"C:\time.bat"
"c:\windows\system32\zdfgf.dll"
"C:\winsys.exe"
"C:\winsyscom.exe"
"C:\winsyy.sys"
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sea-ah\Start Menu\Programs\Startup\winsco.exe
c:\program files\Dynamic Toolbar
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\bubble16.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\celebs.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\gotb.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\highlight.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuff.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\hotstuffsm.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\movies.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\music.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\news.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\ngames.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\radio.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\REALBARTB0115.cfg
c:\program files\Dynamic Toolbar\REALBAR\Cache\rollingstone.bmp
c:\program files\Dynamic Toolbar\REALBAR\Cache\sports.bmp
C:\time.bat
c:\windows\system32\zdfgf.dll
C:\winsys.exe
C:\winsyscom.exe
C:\winsyy.sys

.
((((((((((((((((((((((((( 2009-05-28 至 2009-06-29 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-06-24 20:57 . 2009-06-24 20:57 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-24 20:36 . 2009-06-24 20:36 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-16 18:59 . 2009-06-16 19:08 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 20:57 . 2008-06-02 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 19:28 . 2005-11-23 21:38 -------- d-----w- c:\program files\WinRoll
2009-06-17 19:24 . 2004-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-17 19:17 . 2004-09-27 22:51 -------- d-----w- c:\program files\BitComet
2009-06-17 19:17 . 2005-10-08 01:40 -------- d-----w- c:\program files\BearShare
2009-06-17 03:27 . 2008-06-02 17:07 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 03:27 . 2008-06-02 17:07 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-08 16:31 . 2006-02-08 16:31 2725829 ----a-w- c:\program files\MpfPlus_Aol_UK.exe
2008-07-24 15:17 . 2008-06-10 16:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 15:17 . 2008-06-10 16:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 15:17 . 2008-06-10 16:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 15:17 . 2008-06-10 16:32 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 15:17 . 2008-06-10 16:32 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-21_15.27.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"HostManager"="c:\program files\Common Files\AOL\1135890346\ee\AOLSoftware.exe" [2006-11-17 50736]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-06 190024]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-03-21 78848]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-3-29 156784]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2004-11-2 217088]
BTTray.lnk - c:\program files\TDK Systems\Bluetooth Software\BTTray.exe [2003-11-17 503869]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-7 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21726:TCP"= 21726:TCP:BitComet 21726 TCP
"21726:UDP"= 21726:UDP:BitComet 21726 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:BitComet 11090 UDP

S0 amzs;amzs;c:\windows\system32\drivers\oygsrgps.sys --> c:\windows\system32\drivers\oygsrgps.sys [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [07/11/2003 06:58 14156]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [09/11/2003 22:06 231040]
.
計劃任務 文件夾 裡的內容

2008-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 06:57]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{730B78A6-9B9C-4C44-8645-1873BDCFD3B1} - (no file)


.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.1188.com/index.html
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 00:48
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
完成時間: 2009-06-29 0:51
ComboFix-quarantined-files.txt 2009-06-29 16:50
ComboFix2.txt 2009-06-24 20:55
ComboFix3.txt 2009-06-21 15:33

Pre-Run: 7,726,374,912 bytes free
Post-Run: 7,814,942,720 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
192 --- E O F --- 2008-08-17 22:39


Cheers Gareth

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 29 June 2009 - 04:53 PM

gtredx69, I found this on the Antivir problem does this help?


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\oygsrgps.sys

Driver::
amzs

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#12 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 30 June 2009 - 01:31 PM

Syler,

I followed the link for AntiVir and extracted the files to c:\temp and ran setup from basic folder but no luck still the same thing. I am gonna post on that form bout AntiVir see what they can do. I have disabled it now in Services.msc and tried installing but no good.

Anyways heres the ComboFix

ComboFix 09-06-29.07 - Sea-ah 01/07/2009 2:09.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.767.437 [GMT 8:00]
執行位置: c:\documents and settings\Sea-ah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sea-ah\Desktop\CFScript.txt
* 成功創造新還原點

FILE ::
"c:\windows\system32\drivers\oygsrgps.sys"
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_amzs


((((((((((((((((((((((((( 2009-05-28 至 2009-06-30 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-06-30 17:55 . 2009-05-14 03:34 59143 ----a-w- c:\temp\sweb.zip
2009-06-30 17:55 . 2009-06-03 09:05 17961 ----a-w- c:\temp\build.dat
2009-06-30 17:55 . 2009-02-10 03:41 538 ----a-w- c:\temp\prodinfo.dat
2009-06-30 17:55 . 2009-02-04 07:32 802 ----a-w- c:\temp\setupprf.dat
2009-06-30 17:55 . 2009-05-15 08:39 2438913 ----a-w- c:\temp\rcimage.dll
2009-06-30 17:55 . 2009-04-17 03:19 86785 ----a-w- c:\temp\rctext.dll
2009-06-30 17:55 . 2009-02-13 08:01 79105 ----a-w- c:\temp\updext.dll
2009-06-30 17:55 . 2009-04-01 08:41 45825 ----a-w- c:\temp\rchelp.dll
2009-06-30 17:55 . 2009-05-11 03:34 11009 ----a-w- c:\temp\avevtrc.dll
2009-06-30 17:55 . 2009-06-03 09:05 -------- d-----w- c:\temp\basic
2009-06-24 20:57 . 2009-06-24 20:57 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-24 20:36 . 2009-06-24 20:36 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-16 18:59 . 2009-06-16 19:08 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 20:57 . 2008-06-02 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 19:28 . 2005-11-23 21:38 -------- d-----w- c:\program files\WinRoll
2009-06-17 19:24 . 2004-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-17 19:17 . 2004-09-27 22:51 -------- d-----w- c:\program files\BitComet
2009-06-17 19:17 . 2005-10-08 01:40 -------- d-----w- c:\program files\BearShare
2009-06-17 03:27 . 2008-06-02 17:07 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 03:27 . 2008-06-02 17:07 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-08 16:31 . 2006-02-08 16:31 2725829 ----a-w- c:\program files\MpfPlus_Aol_UK.exe
2008-07-24 15:17 . 2008-06-10 16:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-24 15:17 . 2008-06-10 16:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-24 15:17 . 2008-06-10 16:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-24 15:17 . 2008-06-10 16:32 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-24 15:17 . 2008-06-10 16:32 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-21_15.27.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"HostManager"="c:\program files\Common Files\AOL\1135890346\ee\AOLSoftware.exe" [2006-11-17 50736]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 180269]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-06 190024]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-03-21 78848]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-3-29 156784]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2004-11-2 217088]
BTTray.lnk - c:\program files\TDK Systems\Bluetooth Software\BTTray.exe [2003-11-17 503869]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-2-7 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21726:TCP"= 21726:TCP:BitComet 21726 TCP
"21726:UDP"= 21726:UDP:BitComet 21726 UDP
"11090:TCP"= 11090:TCP:BitComet 11090 TCP
"11090:UDP"= 11090:UDP:BitComet 11090 UDP

S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [07/11/2003 06:58 14156]
S3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [09/11/2003 22:06 231040]
.
計劃任務 文件夾 裡的內容

2008-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 06:57]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{730B78A6-9B9C-4C44-8645-1873BDCFD3B1} - (no file)


.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.1188.com/index.html
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sea-ah\Application Data\Mozilla\Firefox\Profiles\w9ze3qxs.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 02:19
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\TDK Systems\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\scardsvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\wanmpsvc.exe
c:\program files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\lxcdcoms.exe
c:\program files\Common Files\AOL\1135890346\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
完成時間: 2009-06-30 2:26 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2009-06-30 18:26
ComboFix2.txt 2009-06-29 16:51
ComboFix3.txt 2009-06-24 20:55
ComboFix4.txt 2009-06-21 15:33

Pre-Run: 7,670,833,152 bytes free
Post-Run: 7,710,670,848 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
207 --- E O F --- 2008-08-17 22:39




Cheers Gareth

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 30 June 2009 - 01:40 PM

Hi Gareth,

How is your computer running now apart from the Avira problem?

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image


Please run a BitDefender Online Scan
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then please post back with hte Bitdefender report and a fresh Rsit log.

Thanks

unite.jpg


#14 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:01:22 AM

Posted 30 June 2009 - 03:37 PM

Hi Syler,

Well the PC is running far better, its quite responsive, load times are well reduced. Thuo it seems still had a lot of infections that bitdefender fond.

Heres the report

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Tue, Jun 30, 2009 - 21:11:36

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;

Statistics
Time01:17:40
Files191216
Folders10332
Boot Sectors0
Archives3238
Packed Files11706

Results
Identified Viruses 24
Infected Files 125
Suspect Files 0
Warnings0
Disinfected56
Deleted Files69

Engines Info
Virus Definitions3811256
Engine buildAVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008
17:19:14)
Scan plugins17
Archive plugins44
Unpack plugins7
E-mail plugins6
System plugins4

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned Extensions*;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
C:\eee.exeInfected with: Win32.Klest.A.Gen
C:\eee.exeDisinfected
C:\eee.exeInfected with: Dropped:Trojan.Generic.865821
C:\eee.exeDisinfection failed
C:\eee.exeDeleted
C:\FirstSteps.exeInfected with: Win32.Klest.A.Gen
C:\FirstSteps.exeDisinfected
C:\Jetpack6\Register2.exeInfected with: Win32.Klest.A.Gen
C:\Jetpack6\Register2.exeDisinfected
C:\Jetpack6\UNWISE.EXEInfected with: Win32.Klest.A.Gen
C:\Jetpack6\UNWISE.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\BACKLOG.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\BACKLOG.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\IMAGE32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\IMAGE32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\LOGBOOK.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\LOGBOOK.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\LOGGER.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\LOGGER.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\MSSHLIB\Setup.exeInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\NU\MSSHLIB\Setup.exeDisinfected
C:\My Documents\Norton Utilities 2002\NU\NCOMPARE.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NCOMPARE.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NDD32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NDD32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NORTON.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NORTON.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NPROTECT.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NPROTECT.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NREGEDIT.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NREGEDIT.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NREGXPRT.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NREGXPRT.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NUCD.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\NUCD.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\NUCOM\REGWDOC.EXEInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\NU\NUCOM\REGWDOC.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\OPTWIZ.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\OPTWIZ.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\REGSVR32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\REGSVR32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\REGTRK.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\REGTRK.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\RESCUE\CloneDlg.exeInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\NU\RESCUE\CloneDlg.exeDisinfected
C:\My Documents\Norton Utilities 2002\NU\RESCUE\Rescue32.exeInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\NU\RESCUE\Rescue32.exeDisinfected
C:\My Documents\Norton Utilities 2002\NU\RESCUE\Setup.exeInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\RESCUE\Setup.exeDisinfected
C:\My Documents\Norton Utilities 2002\NU\SD32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SD32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\Setup.exeInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\Setup.exeDisinfected
C:\My Documents\Norton Utilities 2002\NU\SI32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SI32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\SIREGIST.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SIREGIST.EXEDisinfected
C:\My Documents\Norton Utilities
2002\NU\SMARTDRV\SMARTUPD.EXEInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\NU\SMARTDRV\SMARTUPD.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\SPDSTART.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SPDSTART.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\SYMUNDO.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SYMUNDO.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\SYSCHECK.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SYSCHECK.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\SYSDOC32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\SYSDOC32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\UE32.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\UE32.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\WDSCAN.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\WDSCAN.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\WINDOC.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\WINDOC.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\WIPEINFO.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\WIPEINFO.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\WIPINFNT.EXEInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\WIPINFNT.EXEDisinfected
C:\My Documents\Norton Utilities 2002\NU\_ISDel.exeInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NU\_ISDel.exeDisinfected
C:\My Documents\Norton Utilities 2002\NUSetup.exeInfected with:
Win32.Klest.A.Gen
C:\My Documents\Norton Utilities 2002\NUSetup.exeDisinfected
C:\My Documents\Norton Utilities
2002\Support\ComCtl32\50comupd.exeInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\ComCtl32\50comupd.exeDisinfected
C:\My Documents\Norton Utilities 2002\Support\EDisk\NED.exeInfected
with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\EDisk\NED.exeDisinfected
C:\My Documents\Norton Utilities
2002\Support\Integrat\NMAIN.EXEInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\Integrat\NMAIN.EXEDisinfected
C:\My Documents\Norton Utilities
2002\Support\LiveReg\lrsetup.exeInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\LiveReg\lrsetup.exeDisinfected
C:\My Documents\Norton Utilities
2002\Support\LUpdate\lusetup.exeInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\LUpdate\lusetup.exeDisinfected
C:\My Documents\Norton Utilities
2002\Support\sevinst\sevinst.exeInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\sevinst\sevinst.exeDisinfected
C:\My Documents\Norton Utilities
2002\Support\Wintdist\wintdist.exeInfected with: Win32.Klest.A.Gen
C:\My Documents\Norton Utilities
2002\Support\Wintdist\wintdist.exeDisinfected
C:\norton\norton\nokia\pc_suite_61_release_13.exeInfected with:
Win32.Klest.A.Gen
C:\norton\norton\nokia\pc_suite_61_release_13.exeDisinfected
C:\norton\norton\Norton Personal Firewall & Internet Security
2003.exeInfected with: Win32.Klest.A.Gen
C:\norton\norton\Norton Personal Firewall & Internet Security
2003.exeDisinfected
C:\norton\norton\Norton Utilities 2002- XP compatible-serial
included.exeInfected with: Win32.Klest.A.Gen
C:\norton\norton\Norton Utilities 2002- XP compatible-serial
included.exeDisinfected
C:\norton\norton\[AntiVirus] Norton AntiVirus 2003 Professional
Edition.exeInfected with: Win32.Klest.A.Gen
C:\norton\norton\[AntiVirus] Norton AntiVirus 2003 Professional
Edition.exeDisinfected
C:\Program Files\Common Files\Real\Toolbar\RealBar.dllDetected with:
Adware.Generic.9654
C:\Program Files\Common Files\Real\Toolbar\RealBar.dllDeleted
C:\Program Files\DAEMON Tools\SetupDTSB.exeInfected with:
Gen:Adware.Heur.7035CA6868
C:\Program Files\DAEMON Tools\SetupDTSB.exeDisinfection failed
C:\Program Files\DAEMON Tools\SetupDTSB.exeDeleted
C:\Program Files\Symantec\Symantec 2004 Professional\Internet
Security\Norton Internet Security 2004
Pro.bin=>CRACK/KEYGEN.EXEInfected with: Packer.FSG.A
C:\Program Files\Symantec\Symantec 2004 Professional\Internet
Security\Norton Internet Security 2004
Pro.bin=>CRACK/KEYGEN.EXEDisinfection failed
C:\Program Files\Symantec\Symantec 2004 Professional\Internet
Security\Norton Internet Security 2004
Pro.bin=>CRACK/KEYGEN.EXEDeleted
C:\Program Files\Symantec\Symantec 2004 Professional\Internet
Security\Norton Internet Security 2004 Pro.binUpdate failed
C:\Program Files\Symantec\Symantec 2004
Professional\SystemWorks\Norton SystemWorks 2004
Pro.bin=>CRACK/KEYGEN.EXEInfected with: Packer.FSG.A
C:\Program Files\Symantec\Symantec 2004
Professional\SystemWorks\Norton SystemWorks 2004
Pro.bin=>CRACK/KEYGEN.EXEDisinfection failed
C:\Program Files\Symantec\Symantec 2004
Professional\SystemWorks\Norton SystemWorks 2004
Pro.bin=>CRACK/KEYGEN.EXEDeleted
C:\Program Files\Symantec\Symantec 2004
Professional\SystemWorks\Norton SystemWorks 2004 Pro.binUpdate
failed
C:\SBSI\Setup.exeInfected with: Win32.Klest.A.Gen
C:\SBSI\Setup.exeDisinfected
C:\temp\ext2782\update\update.exeInfected with: Win32.Klest.A.Gen
C:\temp\ext2782\update\update.exeDisinfected
C:\UNWISE.EXEInfected with: Win32.Klest.A.Gen
C:\UNWISE.EXEDisinfected
C:\unzipped\dreamweaver 8\dreamweaver 8\Dreamweaver8-en.exeInfected
with: Win32.Klest.A.Gen
C:\unzipped\dreamweaver 8\dreamweaver
8\Dreamweaver8-en.exeDisinfected
C:\unzipped\dreamweaver 8\dreamweaver 8\keygen.exeInfected with:
Win32.Klest.A.Gen
C:\unzipped\dreamweaver 8\dreamweaver 8\keygen.exeDisinfected
C:\unzipped\fport\Fport-2.0\Fport.exeInfected with:
Win32.Klest.A.Gen
C:\unzipped\fport\Fport-2.0\Fport.exeDisinfected
C:\WINDOWS\amea.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\amea.exeDisinfection failed
C:\WINDOWS\amea.exeDeleted
C:\WINDOWS\asqa.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\asqa.exeDisinfection failed
C:\WINDOWS\asqa.exeDeleted
C:\WINDOWS\czsa.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\czsa.exeDisinfection failed
C:\WINDOWS\czsa.exeDeleted
C:\WINDOWS\ebht.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\ebht.exeDisinfection failed
C:\WINDOWS\ebht.exeDeleted
C:\WINDOWS\edmx.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\edmx.exeDisinfection failed
C:\WINDOWS\edmx.exeDeleted
C:\WINDOWS\ffyc.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\ffyc.exeDisinfection failed
C:\WINDOWS\ffyc.exeDeleted
C:\WINDOWS\fjms.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\fjms.exeDisinfection failed
C:\WINDOWS\fjms.exeDeleted
C:\WINDOWS\fmkx.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\fmkx.exeDisinfection failed
C:\WINDOWS\fmkx.exeDeleted
C:\WINDOWS\gfih.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\gfih.exeDisinfection failed
C:\WINDOWS\gfih.exeDeleted
C:\WINDOWS\haou.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\haou.exeDisinfection failed
C:\WINDOWS\haou.exeDeleted
C:\WINDOWS\ijwu.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\ijwu.exeDisinfection failed
C:\WINDOWS\ijwu.exeDeleted
C:\WINDOWS\leep.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\leep.exeDisinfection failed
C:\WINDOWS\leep.exeDeleted
C:\WINDOWS\ncuh.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\ncuh.exeDisinfection failed
C:\WINDOWS\ncuh.exeDeleted
C:\WINDOWS\nykn.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\nykn.exeDisinfection failed
C:\WINDOWS\nykn.exeDeleted
C:\WINDOWS\pjck.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\pjck.exeDisinfection failed
C:\WINDOWS\pjck.exeDeleted
C:\WINDOWS\qidv.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\qidv.exeDisinfection failed
C:\WINDOWS\qidv.exeDeleted
C:\WINDOWS\system32\aoiq26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\aoiq26.exeDeleted
C:\WINDOWS\system32\aolkua.dllInfected with: Backdoor.Generic.83602
C:\WINDOWS\system32\aolkua.dllDeleted
C:\WINDOWS\system32\bdzr26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\bdzr26.exeDeleted
C:\WINDOWS\system32\clxb26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\clxb26.exeDeleted
C:\WINDOWS\system32\config\systemprofile\vistaXA.exeInfected with:
Gen:Trojan.Heur.PT.0020011111
C:\WINDOWS\system32\config\systemprofile\vistaXA.exeDisinfection
failed
C:\WINDOWS\system32\config\systemprofile\vistaXA.exeDeleted
C:\WINDOWS\system32\drivers\winsyy.sysInfected with:
Rootkit.Tearspear.A
C:\WINDOWS\system32\drivers\winsyy.sysDeleted
C:\WINDOWS\system32\follwel.dllInfected with: Trojan.Generic.368144
C:\WINDOWS\system32\follwel.dllDeleted
C:\WINDOWS\system32\gmjd4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\gmjd4.exeDeleted
C:\WINDOWS\system32\hqeh26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\hqeh26.exeDeleted
C:\WINDOWS\system32\icwv26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\icwv26.exeDeleted
C:\WINDOWS\system32\ikmy4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\ikmy4.exeDeleted
C:\WINDOWS\system32\iXPT.sysInfected with:
Trojan.PWS.OnlineGames.ZTU
C:\WINDOWS\system32\iXPT.sysDeleted
C:\WINDOWS\system32\jbto4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\jbto4.exeDeleted
C:\WINDOWS\system32\jixes.dllInfected with: Trojan.Generic.328430
C:\WINDOWS\system32\jixes.dllDeleted
C:\WINDOWS\system32\jordspa.dllInfected with: Trojan.Generic.322676
C:\WINDOWS\system32\jordspa.dllDeleted
C:\WINDOWS\system32\ktgi26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\ktgi26.exeDeleted
C:\WINDOWS\system32\kzri26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\kzri26.exeDeleted
C:\WINDOWS\system32\lole4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\lole4.exeDeleted
C:\WINDOWS\system32\lvci4.exeInfected with: Trojan.PWS.WoW.NDL
C:\WINDOWS\system32\lvci4.exeDeleted
C:\WINDOWS\system32\msbod.dllInfected with: Trojan.Generic.319181
C:\WINDOWS\system32\msbod.dllDeleted
C:\WINDOWS\system32\msisipv6.dllInfected with:
Trojan.Dropper.Agent.TXI
C:\WINDOWS\system32\msisipv6.dllDeleted
C:\WINDOWS\system32\mvot4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\mvot4.exeDeleted
C:\WINDOWS\system32\nbex26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\nbex26.exeDeleted
C:\WINDOWS\system32\npgd4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\npgd4.exeDeleted
C:\WINDOWS\system32\nwapi32dj.dllInfected with: Trojan.PWS.Lmir.UMH
C:\WINDOWS\system32\nwapi32dj.dllDeleted
C:\WINDOWS\system32\offeceo.dllInfected with:
Trojan.PWS.OnlineGames.ZQO
C:\WINDOWS\system32\offeceo.dllDeleted
C:\WINDOWS\system32\reab4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\reab4.exeDeleted
C:\WINDOWS\system32\scardsvc.exeInfected with: Trojan.IEFake.A
C:\WINDOWS\system32\scardsvc.exeDeleted
C:\WINDOWS\system32\sctzxy.dllInfected with: Trojan.Downloader.JKGK
C:\WINDOWS\system32\sctzxy.dllDeleted
C:\WINDOWS\system32\ugso26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\ugso26.exeDeleted
C:\WINDOWS\system32\utuu4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\utuu4.exeDeleted
C:\WINDOWS\system32\vistaXA.exeInfected with:
Gen:Trojan.Heur.PT.0020011111
C:\WINDOWS\system32\vistaXA.exeDisinfection failed
C:\WINDOWS\system32\vistaXA.exeDeleted
C:\WINDOWS\system32\vjxx4.exeInfected with:
Trojan.PWS.OnlineGames.ZUG
C:\WINDOWS\system32\vjxx4.exeDeleted
C:\WINDOWS\system32\vnfy26.exeInfected with: Trojan.Generic.581074
C:\WINDOWS\system32\vnfy26.exeDeleted
C:\WINDOWS\system32\wincecomm.exeInfected with: Trojan.IEFake.A
C:\WINDOWS\system32\wincecomm.exeDeleted
C:\WINDOWS\system32\zipyqld.dllInfected with: Trojan.Generic.357688
C:\WINDOWS\system32\zipyqld.dllDeleted
C:\WINDOWS\system32\zvsory.dllInfected with: Trojan.Generic.344040
C:\WINDOWS\system32\zvsory.dllDeleted
C:\WINDOWS\tabq.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\tabq.exeDisinfection failed
C:\WINDOWS\tabq.exeDeleted
C:\WINDOWS\vbvk.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\vbvk.exeDisinfection failed
C:\WINDOWS\vbvk.exeDeleted
C:\WINDOWS\vbyx.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\vbyx.exeDisinfection failed
C:\WINDOWS\vbyx.exeDeleted
C:\WINDOWS\vkwi.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\vkwi.exeDisinfection failed
C:\WINDOWS\vkwi.exeDeleted
C:\WINDOWS\vmds.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\vmds.exeDisinfection failed
C:\WINDOWS\vmds.exeDeleted
C:\WINDOWS\vuyn.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\vuyn.exeDisinfection failed
C:\WINDOWS\vuyn.exeDeleted
C:\WINDOWS\whzq.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\whzq.exeDisinfection failed
C:\WINDOWS\whzq.exeDeleted
C:\WINDOWS\xpej.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\xpej.exeDisinfection failed
C:\WINDOWS\xpej.exeDeleted
C:\WINDOWS\yakp.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\yakp.exeDisinfection failed
C:\WINDOWS\yakp.exeDeleted
C:\WINDOWS\yrtd.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\yrtd.exeDisinfection failed
C:\WINDOWS\yrtd.exeDeleted
C:\WINDOWS\ywsv.exeInfected with: Trojan.Crypt.DJ
C:\WINDOWS\ywsv.exeDisinfection failed
C:\WINDOWS\ywsv.exeDeleted






------------------------------------------------------------------RsitLog---------------------------------------------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sea-ah at 2009-06-30 21:35:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 767 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:42, on 30/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
c:\program files\common files\aol\1135890346\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1135890346\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sea-ah\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sea-ah.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: YzShadow.lnk = C:\Program Files\YzShadow\YzShadow.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12189 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-07-07 439872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-07-07 439872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-06-11 55296]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-01-10 71216]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"HostManager"=C:\Program Files\Common Files\AOL\1135890346\ee\AOLSoftware.exe [2006-11-17 50736]
"CameraFixer"=C:\WINDOWS\CameraFixer.exe [2005-10-03 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-08 180269]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2006-04-07 190024]
"LXCDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16 []
"lxcdmon.exe"=C:\Program Files\Lexmark 6300 Series\lxcdmon.exe [2005-06-25 200704]
"EzPrint"=C:\Program Files\Lexmark 6300 Series\ezprint.exe [2005-07-05 94208]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-11-14 286720]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-08-09 4617720]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe
AOL Broadband Check-Up.lnk - C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
BTTray.lnk - C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Sea-ah\Start Menu\Programs\Startup
YzShadow.lnk - C:\Program Files\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{730B78A6-9B9C-4C44-8645-1873BDCFD3B1}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL9~1.0"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL9~1.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-01 02:26:43 ----D---- C:\WINDOWS\temp
2009-07-01 02:26:41 ----A---- C:\ComboFix.txt
2009-06-30 19:50:50 ----D---- C:\WINDOWS\BDOSCAN8
2009-06-30 19:50:43 ----D---- C:\WINDOWS\LastGood
2009-06-30 19:50:10 ----SD---- C:\ComboFix
2009-06-18 03:33:49 ----A---- C:\Boot.bak
2009-06-18 03:33:36 ----RASHD---- C:\cmdcons
2009-06-18 03:31:09 ----D---- C:\WINDOWS\ERDNT
2009-06-17 02:59:43 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-07-01 02:27:09 ----AD---- C:\Program Files
2009-07-01 02:19:41 ----A---- C:\WINDOWS\system.ini
2009-07-01 02:19:32 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2009-07-01 02:19:26 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt
2009-07-01 02:17:44 ----D---- C:\WINDOWS\system32\config
2009-07-01 02:13:27 ----D---- C:\WINDOWS\AppPatch
2009-07-01 02:13:13 ----D---- C:\Program Files\Common Files
2009-07-01 02:08:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 01:55:50 ----D---- C:\temp
2009-06-30 21:10:52 ----D---- C:\WINDOWS
2009-06-30 21:10:35 ----AD---- C:\WINDOWS\system32
2009-06-30 21:07:26 ----D---- C:\WINDOWS\system32\drivers
2009-06-30 20:50:29 ----A---- C:\UNWISE.EXE
2009-06-30 20:50:22 ----D---- C:\SBSI
2009-06-30 20:39:19 ----D---- C:\Program Files\DAEMON Tools
2009-06-30 20:29:06 ----D---- C:\Jetpack6
2009-06-30 20:28:46 ----A---- C:\FirstSteps.exe
2009-06-30 19:50:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-30 19:50:49 ----HD---- C:\WINDOWS\inf
2009-06-30 19:50:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 19:50:35 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-30 19:50:23 ----SHD---- C:\System Volume Information
2009-06-30 19:50:12 ----D---- C:\WINDOWS\Prefetch
2009-06-30 01:00:40 ----SHD---- C:\WINDOWS\Installer
2009-06-30 01:00:37 ----SHD---- C:\Config.Msi
2009-06-30 01:00:37 ----D---- C:\WINDOWS\WinSxS
2009-06-30 01:00:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-30 00:49:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-25 04:57:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-25 04:36:55 ----D---- C:\WINDOWS\system32\wbem
2009-06-18 04:05:51 ----D---- C:\WINDOWS\Minidump
2009-06-18 03:38:31 ----D---- C:\Documents and Settings
2009-06-18 03:33:49 ----RASH---- C:\boot.ini
2009-06-18 03:28:24 ----D---- C:\Program Files\WinRoll
2009-06-18 03:24:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-18 03:17:26 ----D---- C:\Program Files\BitComet
2009-06-18 03:17:19 ----D---- C:\Program Files\BearShare
2009-06-04 06:59:44 ----D---- C:\unzipped
2009-06-04 06:07:38 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [2002-08-29 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-08-13 594432]
R3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys [2003-11-17 21861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-11-17 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-11-17 146684]
R3 catchme;catchme; \??\C:\DOCUME~1\Sea-ah\LOCALS~1\Temp\catchme.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-06-25 223128]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-05-20 68352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-07-16 221736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-08-20 548952]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-07-02 39348]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-11 33588]
S1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 BTWUSB;%BTWUSB.SvcDesc%; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-11-17 51848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 gttap1;GoTrusted TAP Adapter; C:\WINDOWS\system32\DRIVERS\gttap1.sys []
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-15 12640]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2005-05-20 13056]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-05-20 54528]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2002-11-08 52238]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2002-11-08 14156]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-07-02 1301128]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-07-02 167384]
S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-07-02 86128]
S3 SNPHV71;PC Camera (602a VGA); C:\WINDOWS\System32\DRIVERS\snphv71.sys [2002-11-09 231040]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 btwdins;Bluetooth Service; C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe [2003-11-17 135168]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-11 32256]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-23 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
R3 lxcd_device;lxcd_device; C:\WINDOWS\system32\lxcdcoms.exe [2005-06-22 491520]
S2 AOLService;AOL Spyware Protection Service; C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-07-02 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-09-02 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2003-12-09 65625]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2003-12-09 65622]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe []
S4 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe []

-----------------EOF-----------------

Cheers Gareth

Edited by gtredx69, 30 June 2009 - 03:38 PM.


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:22 AM

Posted 30 June 2009 - 04:13 PM

Bitdefender did find alot! quite a bit of old stuff there, lets clean it up.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}"=-
    "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
    :Files
    C:\FirstSteps.exe
    C:\Jetpack6
    C:\My Documents\Norton Utilities 2002
    C:\norton
    C:\Program Files\Symantec
    C:\SBSI
    C:\temp
    C:\UNWISE.EXE
    C:\unzipped
    :Commands
    [Purity]
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply
Next

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then please post back here with the following:
  • OTM results
  • Rooter.txt
  • ESET results
Thanks

Edited by syler, 30 June 2009 - 04:15 PM.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users