Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Globalroot\systemroot\system32\SKYNET???


  • This topic is locked This topic is locked
5 replies to this topic

#1 mls82178

mls82178

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 25 June 2009 - 11:44 AM

Ok, first of all I am having to run in safe mode because I can not seem to get the computer to boot up in normal mode. This is my bestfriend's computer, kids were home alone yesterday and decided to do whatever it is that they did and when she started the computer up this morning, all she kept getting was a ton of error messages anytime any kind of program was started up, they were all the same error message, only difference is what it said in the title bar at top, and that only changed depending on program (ie logonUI.exe bad image, userinit.exe bad image, explorer.exe bad image etc) and were all followed by the following message
"globalroot\systemroot\system32\SKYNETcviotqox.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support"
The PC owner said before she called me up for tech support she ran Norton AntiVirus and it came up with quite a few things that she deleted, unfortunately she is quite ignorant when it comes to computer problems and solutions and did not write down any of the things she deleted. :) So now I am just hoping I can get some help because while I am not quite as "unknowing" as she is about computers, this problem really has me stumped.
I did download the DDS tool and the ComboFix, I have not used the ComboFix, won't til I am told to do so but I did use the DDS tool, log is below and attached.
Also, after giving her a really hard time about LimeWire, I uninstalled it :thumbup2:
As of right now the computer isn't running slower or having any pop ups, just all the errors popping up when a program tries to start and I can't get the computer to start up in normal mode.


DDS LOG



DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Family at 12:18:35.67 on Thu 06/25/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1589 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Family\Desktop\bleeping computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090128
uSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [DSS] c:\windows\bbstore\dss\DSSAGENT.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cftmon] c:\windows\system32\dxcsv.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [RtHDVCpl] RtHDVCpl.exe
StartupFolder: c:\users\family\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} - hxxp://p.playfirst.com/play/game/emerald-city-confidential/EmeraldCityConfidential_Web.1.0.0.9.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: CLKERN.DLL,c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-23 101936]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-28 30192]
S4 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-6-4 78104]

=============== Created Last 30 ================

2009-06-25 11:31 4,838 a------- c:\windows\system32\PerfStringBackup.TMP
2009-06-24 20:27 0 a------- c:\windows\NancyDrewCrystalSkull.INI
2009-06-24 20:08 <DIR> --dsh--- c:\users\family\appdata\roaming\.#
2009-06-24 16:06 <DIR> --d----- c:\users\family\appdata\roaming\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\programdata\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\progra~2\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\program files\WildGames
2009-06-24 15:04 <DIR> --d----- c:\program files\Cracklock
2009-06-24 11:33 <DIR> --d----- c:\program files\WinAce
2009-06-24 10:31 220 a------- c:\windows\system32\winset.ini
2009-06-24 10:31 138,752 a------- c:\windows\kbffe6705.exe
2009-06-24 10:31 69,697 a------- c:\windows\ence6030.exe
2009-06-24 10:31 889,078 a------- c:\windows\mdhhg0806.exe
2009-06-24 10:31 93,696 a------- c:\windows\nwuhr2244.exe
2009-06-24 10:25 434,271 a------- c:\program files\Uninstall Fun Web Products.dll
2009-06-24 10:04 <DIR> --d----- c:\program files\DNA
2009-06-24 09:28 <DIR> --d----- c:\program files\Nancy Drew
2009-06-23 14:24 <DIR> --d----- c:\programdata\Fashion Finder
2009-06-23 14:24 <DIR> --d----- c:\progra~2\Fashion Finder
2009-06-18 17:40 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-06-16 13:21 <DIR> --d----- c:\programdata\GameHouse
2009-06-16 13:21 <DIR> --d----- c:\progra~2\GameHouse
2009-06-15 08:33 <DIR> --d----- c:\programdata\PlayfulAge
2009-06-15 08:33 <DIR> --d----- c:\progra~2\PlayfulAge
2009-06-15 08:15 <DIR> --d----- c:\program files\iWin Games
2009-06-11 16:40 <DIR> --d----- c:\program files\Unity
2009-06-11 15:14 <DIR> --d----- c:\windows\pss
2009-06-11 15:11 <DIR> --d----- c:\program files\CCleaner
2009-06-11 07:58 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 07:58 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 07:58 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-11 07:57 828,416 a------- c:\windows\system32\wininet.dll
2009-06-11 07:57 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-10 07:50 2,035 a------- c:\windows\checkip.dat
2009-06-09 11:09 <DIR> --d----- c:\users\family\appdata\roaming\FashionCraze
2009-06-09 08:40 <DIR> --d----- c:\programdata\Fashion Solitaire 1.2
2009-06-09 08:40 <DIR> --d----- c:\progra~2\Fashion Solitaire 1.2
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-08 09:07 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-08 09:05 1,055,232 a------- c:\windows\system32\VSSVC.exe
2009-06-08 09:04 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-07 18:14 <DIR> --d----- c:\users\family\appdata\roaming\BeachPartyCraze
2009-06-06 16:13 <DIR> --d----- c:\program files\Creative Wonders
2009-06-06 12:45 391 a------- c:\windows\Disney.ini
2009-06-06 12:45 <DIR> --d----- c:\program files\Disney Interactive
2009-06-03 09:27 <DIR> --d----- c:\users\family\appdata\roaming\Merscom
2009-06-03 09:27 <DIR> --d----- c:\programdata\Merscom
2009-06-03 09:27 <DIR> --d----- c:\progra~2\Merscom
2009-06-02 19:37 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-02 19:35 165,376 a------- c:\windows\system32\drivers\atksgt.sys
2009-06-02 19:35 18,048 a------- c:\windows\system32\drivers\lirsgt.sys
2009-06-02 19:28 <DIR> --d----- c:\program files\Darkstar One
2009-06-02 15:04 <DIR> --d----- c:\users\family\appdata\roaming\YoudaGames
2009-05-27 09:52 <DIR> --d----- c:\users\family\{130b779e-6163-4869-9445-edf92bd4470d}
2009-05-27 09:51 920,088 a------- c:\windows\system32\igxpun.exe
2009-05-27 09:51 <DIR> --d----- c:\windows\system32\x64
2009-05-27 09:51 319,456 a------- c:\windows\system32\difxapi.dll
2009-05-27 09:00 <DIR> --d----- c:\program files\Coupons
2009-05-26 13:56 <DIR> --d----- c:\users\family\appdata\roaming\Shockwave 3 Days Zoo Mystery
2009-05-26 13:48 <DIR> --d----- c:\users\family\appdata\roaming\TikGames
2009-05-26 13:48 <DIR> --d----- c:\programdata\TikGames
2009-05-26 13:48 <DIR> --d----- c:\progra~2\TikGames

==================== Find3M ====================

2009-06-08 09:27 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 09:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 09:27 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 09:20 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-07 20:20 34 a------- c:\users\family\jagex_runescape_preferences.dat
2009-04-13 21:03 860 a------- c:\users\family\appdata\roaming\wklnhst.dat
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-30 00:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-30 00:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-30 00:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-30 00:42 80,720 a------- c:\windows\system32\mscories.dll
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:19:54.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mls82178

mls82178
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 26 June 2009 - 07:01 AM

I managed to stop getting the errors popping up anytime a program was trying to start, however I still cannont get the computer to boot up in normal mode, still having to start up in safe mode and I could really use some help. I ran the DDS tool again and am attaching the files.
Is there anyone that can help me :thumbup2:

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Family at 7:54:59.31 on Fri 06/26/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1674 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Family\Desktop\bleeping computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090128
uSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=11"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [DSS] c:\windows\bbstore\dss\DSSAGENT.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} - hxxp://p.playfirst.com/play/game/emerald-city-confidential/EmeraldCityConfidential_Web.1.0.0.9.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: CLKERN.DLL,c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-23 101936]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-28 30192]
S3 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-6-4 78104]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-06-26 07:54 <DIR> --ds---- C:\ComboFix
2009-06-26 07:54 318,976 a------- c:\windows\system32\CF1404.exe
2009-06-25 14:01 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-25 14:01 <DIR> --d----- c:\users\family\appdata\roaming\Spyware Terminator
2009-06-25 14:01 <DIR> --d----- c:\programdata\Spyware Terminator
2009-06-25 14:01 <DIR> --d----- c:\program files\Spyware Terminator
2009-06-25 14:01 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-06-24 20:27 0 a------- c:\windows\NancyDrewCrystalSkull.INI
2009-06-24 20:08 <DIR> --dsh--- c:\users\family\appdata\roaming\.#
2009-06-24 16:06 <DIR> --d----- c:\users\family\appdata\roaming\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\programdata\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\progra~2\WildTangent
2009-06-24 16:01 <DIR> --d----- c:\program files\WildGames
2009-06-24 15:04 <DIR> --d----- c:\program files\Cracklock
2009-06-24 11:33 <DIR> --d----- c:\program files\WinAce
2009-06-24 10:31 220 a------- c:\windows\system32\winset.ini
2009-06-24 10:31 138,752 a------- c:\windows\kbffe6705.exe
2009-06-24 10:31 69,697 a------- c:\windows\ence6030.exe
2009-06-24 10:31 889,078 a------- c:\windows\mdhhg0806.exe
2009-06-24 10:31 93,696 a------- c:\windows\nwuhr2244.exe
2009-06-24 10:25 434,271 a------- c:\program files\Uninstall Fun Web Products.dll
2009-06-24 10:04 <DIR> --d----- c:\program files\DNA
2009-06-24 09:28 <DIR> --d----- c:\program files\Nancy Drew
2009-06-23 14:24 <DIR> --d----- c:\programdata\Fashion Finder
2009-06-23 14:24 <DIR> --d----- c:\progra~2\Fashion Finder
2009-06-18 17:40 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-06-16 13:21 <DIR> --d----- c:\programdata\GameHouse
2009-06-16 13:21 <DIR> --d----- c:\progra~2\GameHouse
2009-06-15 08:33 <DIR> --d----- c:\programdata\PlayfulAge
2009-06-15 08:33 <DIR> --d----- c:\progra~2\PlayfulAge
2009-06-15 08:15 <DIR> --d----- c:\program files\iWin Games
2009-06-11 16:40 <DIR> --d----- c:\program files\Unity
2009-06-11 15:14 <DIR> --d----- c:\windows\pss
2009-06-11 15:11 <DIR> --d----- c:\program files\CCleaner
2009-06-11 07:58 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 07:58 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 07:58 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-11 07:57 828,416 a------- c:\windows\system32\wininet.dll
2009-06-11 07:57 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-10 07:50 2,035 a------- c:\windows\checkip.dat
2009-06-09 11:09 <DIR> --d----- c:\users\family\appdata\roaming\FashionCraze
2009-06-09 08:40 <DIR> --d----- c:\programdata\Fashion Solitaire 1.2
2009-06-09 08:40 <DIR> --d----- c:\progra~2\Fashion Solitaire 1.2
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-08 09:21 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-08 09:07 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-08 09:05 1,055,232 a------- c:\windows\system32\VSSVC.exe
2009-06-08 09:04 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-07 18:14 <DIR> --d----- c:\users\family\appdata\roaming\BeachPartyCraze
2009-06-06 16:13 <DIR> --d----- c:\program files\Creative Wonders
2009-06-06 12:45 391 a------- c:\windows\Disney.ini
2009-06-06 12:45 <DIR> --d----- c:\program files\Disney Interactive
2009-06-03 09:27 <DIR> --d----- c:\users\family\appdata\roaming\Merscom
2009-06-03 09:27 <DIR> --d----- c:\programdata\Merscom
2009-06-03 09:27 <DIR> --d----- c:\progra~2\Merscom
2009-06-02 19:37 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-02 19:35 165,376 a------- c:\windows\system32\drivers\atksgt.sys
2009-06-02 19:35 18,048 a------- c:\windows\system32\drivers\lirsgt.sys
2009-06-02 19:28 <DIR> --d----- c:\program files\Darkstar One
2009-06-02 15:04 <DIR> --d----- c:\users\family\appdata\roaming\YoudaGames
2009-05-27 09:52 <DIR> --d----- c:\users\family\{130b779e-6163-4869-9445-edf92bd4470d}
2009-05-27 09:51 920,088 a------- c:\windows\system32\igxpun.exe
2009-05-27 09:51 <DIR> --d----- c:\windows\system32\x64
2009-05-27 09:51 319,456 a------- c:\windows\system32\difxapi.dll
2009-05-27 09:00 <DIR> --d----- c:\program files\Coupons

==================== Find3M ====================

2009-06-08 09:27 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 09:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 09:27 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 09:20 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-07 20:20 34 a------- c:\users\family\jagex_runescape_preferences.dat
2009-04-13 21:03 860 a------- c:\users\family\appdata\roaming\wklnhst.dat
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-30 00:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-30 00:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-30 00:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-30 00:42 80,720 a------- c:\windows\system32\mscories.dll
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:56:25.05 ===============

Attached Files



#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 28 June 2009 - 09:03 PM

Hello mls82178,

Posted Image

Sorry about the delay.:thumbup2:

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 mls82178

mls82178
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 30 June 2009 - 09:46 AM

My apologies for not getting back with you sooner. As I stated this is my friends computer and I am only here during the week, normal business hours. I did disable all the protective software, although I think the windows security may have still been running after scanning over the logs but hopefully they still worked properly.

On Friday I was able to get the computer to start up in normal mode, it seems to be running fine and I have not noticed any errors nor has norton popped up with anything, however she said that when she started the computer up today there was something from norton, it was a file that was left alone by norton also, but says it is a "Backdoor.Tidserv!inf" and it was found in C:\Users\Family\Desktop\brendas stuff\Brenda Tarner\Local Settings\Temp\

Here are the logs starting with combo fix

ComboFix 09-06-29.04 - Family 06/30/2009 10:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1250 [GMT -4:00]
Running from: c:\users\Family\Desktop\CHELLE\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Family\AppData\Roaming\.#
c:\windows\mdhhg0806.exe
c:\windows\system32\SKYNETwmeiyemo.dat
c:\windows\system32\SKYNETxtmvfdpi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETwijswure


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 14:18 . 2009-06-30 14:20 -------- d-----w- c:\users\Family\AppData\Local\temp
2009-06-30 13:52 . 2009-06-30 13:52 -------- d-----w- c:\users\Family\AppData\Local\Stardock_Corporation
2009-06-30 13:07 . 2009-06-30 13:07 -------- d-----w- c:\program files\Shockwave.com
2009-06-30 12:23 . 2009-06-30 12:23 -------- d-----w- c:\users\Family\AppData\Roaming\WildTangent
2009-06-30 12:16 . 2009-06-30 12:23 -------- d-----w- c:\programdata\WildTangent
2009-06-30 12:16 . 2009-06-30 12:23 -------- d-----w- c:\program files\WildGames
2009-06-26 17:29 . 2009-06-26 17:29 32768 ----a-w- c:\programdata\Symantec\SRTSP\Quarantine\AP2640D1E6.dll
2009-06-26 17:16 . 2009-05-13 12:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG.SYS
2009-06-26 17:16 . 2009-05-13 12:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX15.SYS
2009-06-26 17:16 . 2009-05-13 12:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\EECTRL.SYS
2009-06-26 17:16 . 2009-05-13 12:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ECMSVR32.DLL
2009-06-26 17:16 . 2009-05-13 12:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG32.DLL
2009-06-26 17:16 . 2009-05-13 12:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX32A.DLL
2009-06-26 17:16 . 2009-05-13 12:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ERASER.SYS
2009-06-26 17:16 . 2009-05-13 12:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\CCERASER.DLL
2009-06-26 15:09 . 2009-06-26 15:09 -------- d-----w- c:\users\Family\AppData\Roaming\WinPatrol
2009-06-26 15:09 . 2006-09-18 21:43 10 ----a-w- c:\users\Family\AppData\Roaming\WinPatrol\Config.sys
2009-06-26 15:09 . 2006-09-18 21:43 24 ----a-w- c:\users\Family\AppData\Roaming\WinPatrol\Autoexec.bat
2009-06-26 15:08 . 2009-06-26 15:08 -------- d-----w- c:\program files\BillP Studios
2009-06-26 15:05 . 2009-06-26 15:05 -------- d-----w- c:\users\Family\AppData\Roaming\Malwarebytes
2009-06-26 15:05 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 15:05 . 2009-06-26 15:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 15:05 . 2009-06-26 15:05 -------- d-----w- c:\programdata\Malwarebytes
2009-06-26 15:05 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 13:18 . 2009-06-26 14:00 -------- d-----w- c:\programdata\Norton
2009-06-26 13:18 . 2009-06-26 13:18 -------- d-----w- c:\programdata\NortonInstaller
2009-06-26 12:44 . 2009-06-26 12:44 -------- d-----w- c:\program files\Trend Micro
2009-06-25 22:33 . 2009-06-25 22:33 37376 ----a-w- c:\programdata\Symantec\SRTSP\Quarantine\APA7751A12.dll
2009-06-25 18:01 . 2009-06-26 14:00 -------- d-----w- c:\users\Family\AppData\Roaming\Spyware Terminator
2009-06-25 18:01 . 2009-06-25 18:01 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-06-25 18:01 . 2009-06-25 18:01 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-06-25 18:01 . 2009-06-25 18:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-25 18:01 . 2009-06-26 14:34 -------- d-----w- c:\programdata\Spyware Terminator
2009-06-25 18:01 . 2009-06-26 14:34 -------- d-----w- c:\program files\Spyware Terminator
2009-06-25 12:15 . 2009-06-26 12:25 680 ----a-w- c:\users\Family\AppData\Local\d3d9caps.dat
2009-06-25 12:11 . 2009-06-25 12:11 37376 ----a-w- c:\programdata\Symantec\SRTSP\Quarantine\APCD1D677A.dll
2009-06-25 11:45 . 2009-05-13 12:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVENG.SYS
2009-06-25 11:45 . 2009-05-13 12:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVEX15.SYS
2009-06-25 11:45 . 2009-05-13 12:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\EECTRL.SYS
2009-06-25 11:45 . 2009-05-13 12:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\ECMSVR32.DLL
2009-06-25 11:45 . 2009-05-13 12:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\CCERASER.DLL
2009-06-25 11:45 . 2009-05-13 12:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVENG32.DLL
2009-06-25 11:45 . 2009-05-13 12:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVEX32A.DLL
2009-06-25 11:45 . 2009-05-13 12:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\ERASER.SYS
2009-06-24 18:18 . 2009-06-24 18:18 390664 ----a-w- c:\users\Family\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-24 18:18 . 2009-06-24 18:18 390664 ----a-w- c:\users\Family\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe
2009-06-24 14:31 . 2009-06-24 14:31 138752 ----a-w- c:\windows\kbffe6705.exe
2009-06-24 14:31 . 2009-06-24 14:31 93696 ----a-w- c:\windows\nwuhr2244.exe
2009-06-24 14:04 . 2009-06-24 14:04 -------- d-----w- c:\program files\DNA
2009-06-18 21:40 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-12 18:36 . 2009-06-12 18:36 -------- d-----w- c:\users\Family\AppData\Local\Unity
2009-06-11 20:40 . 2009-06-11 20:40 -------- d-----w- c:\program files\Unity
2009-06-11 19:11 . 2009-06-11 19:11 -------- d-----w- c:\program files\CCleaner
2009-06-11 11:58 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 11:58 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 11:58 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 11:57 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 11:57 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-10 11:50 . 2009-06-10 11:52 2035 ----a-w- c:\windows\checkip.dat
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\windows\system32\ca-ES
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\windows\system32\eu-ES
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\windows\system32\vi-VN
2009-06-08 13:07 . 2009-06-08 13:07 -------- d-----w- c:\windows\system32\EventProviders
2009-06-08 13:05 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2009-06-08 13:04 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-02 23:37 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-02 23:35 . 2009-06-02 23:35 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-02 23:35 . 2009-06-02 23:35 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-02 23:28 . 2009-06-02 23:35 -------- d-----w- c:\program files\Darkstar One
2009-06-01 21:07 . 2009-06-01 21:07 -------- d-----w- c:\users\Family\AppData\Local\Game Mill Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:07 . 2009-01-28 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 13:18 . 2009-04-23 22:46 -------- d-----w- c:\programdata\Symantec
2009-06-12 13:00 . 2009-04-22 22:25 -------- d-----w- c:\programdata\Microsoft Help
2009-06-08 13:22 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-08 13:22 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-08 13:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-08 13:22 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-06-08 13:22 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-08 13:22 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-08 13:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-06 20:13 . 2009-05-09 11:41 684 ----a-w- c:\windows\EReg077.dat
2009-05-27 15:12 . 2009-02-27 01:02 101856 ----a-w- c:\users\Family\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 14:01 . 2009-05-27 14:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-27 14:00 . 2009-04-22 22:38 -------- d-----w- c:\program files\Microsoft
2009-05-27 13:57 . 2009-01-28 17:29 -------- d-----w- c:\program files\Microsoft Works
2009-05-17 23:30 . 2009-05-17 23:30 -------- d-----w- c:\programdata\WindowsSearch
2009-05-13 12:23 . 2009-04-23 22:48 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-13 12:23 . 2009-04-23 22:48 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-13 12:23 . 2009-04-23 22:48 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-13 12:23 . 2009-04-23 22:48 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-13 12:23 . 2009-04-23 22:48 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-13 12:23 . 2009-04-23 22:48 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-13 12:23 . 2009-04-23 22:48 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-13 12:23 . 2009-04-23 22:48 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-10 21:48 . 2009-05-10 21:48 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-05-10 21:44 . 2009-05-10 21:44 -------- d-----w- c:\program files\The Game Creators
2009-05-08 00:20 . 2009-03-30 19:36 34 ----a-w- c:\users\Family\jagex_runescape_preferences.dat
2009-04-23 22:47 . 2009-04-23 22:47 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-15 17:07 . 2009-04-23 22:50 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\NAVENG.SYS
2009-04-15 17:07 . 2009-04-23 22:50 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\NAVEX15.SYS
2009-04-15 17:07 . 2009-04-23 22:50 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\EECTRL.SYS
2009-04-15 17:07 . 2009-04-23 22:50 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\ECMSVR32.DLL
2009-04-15 17:07 . 2009-04-23 22:50 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\CCERASER.DLL
2009-04-15 17:07 . 2009-04-23 22:50 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\NAVENG32.DLL
2009-04-15 17:07 . 2009-04-23 22:50 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\NAVEX32A.DLL
2009-04-15 17:07 . 2009-04-23 22:50 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090423.004\ERASER.SYS
2009-04-14 01:03 . 2009-02-27 02:38 860 ----a-w- c:\users\Family\AppData\Roaming\wklnhst.dat
2009-04-11 06:33 . 2009-06-08 13:06 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-08 13:05 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-08 13:05 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-08 13:06 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-08 13:06 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-08 13:06 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-08 13:06 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-08 13:05 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-08 13:05 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-08 13:05 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-08 13:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-08 13:06 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-08 13:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-08 13:05 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-08 13:05 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-08 13:05 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-08 13:05 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-08 13:05 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-08 13:05 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-08 13:05 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-08 13:05 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-08 13:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-08 13:05 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-08 13:05 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-08 13:05 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-08 13:05 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-08 13:05 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-08 13:05 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-08 13:05 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-08 13:05 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-06-08 13:05 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-08 13:05 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-08 13:05 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-08 13:05 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-08 13:05 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-08 13:05 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-06-08 13:05 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-08 13:05 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-08 13:06 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-08 13:05 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-08 13:05 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-08 13:05 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-08 13:05 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-08 13:05 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-08 13:05 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-08 13:06 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-08 13:05 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-08 13:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-08 13:05 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-08 13:05 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-08 13:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-08 13:05 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-08 13:05 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-08 13:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-08 13:06 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-08 13:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-08 13:05 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-08 13:05 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-08 13:05 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-08 13:05 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-06-08 13:05 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-06-08 13:05 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-06-08 13:05 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-01-28 18:52 . 2009-01-28 18:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-28 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-28 17:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::98,b0,24,f5,3c,e8,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2019366059-2953910960-2924410392-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9F05C5BC-8B61-4ACD-9FF7-9F13E004E5BC}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{9D822DF4-6EBF-4401-8450-9D109CD35C27}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"TCP Query User{D72ADB65-6F8A-40D4-9AC7-4679D65A15C2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{699D7060-9DC1-4E5F-87F5-5A7D13C87B8E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{9204AFCF-184C-4A78-8589-93FCFDB0C604}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E77EAF58-828D-4B64-A5CB-06016E4BEE17}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B3B93FC-A3B6-4E48-8385-58790E623C79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F169A981-373E-4ED7-A636-3FCA39133F78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB0151DA-9CD6-488A-8C94-1BE0F74BF244}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D56022A0-E64C-4312-BDC8-C02258186394}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{D5852DA2-0720-4CEE-879B-CDFACA8F4088}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{CE62997F-F52E-4221-998E-D7E01B309244}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B2789743-4C8E-4B4C-A161-7ABEDE3997F6}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{43AF6058-59A9-455C-B29A-DC90B28BDEA2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{1D0BAC94-2DC7-49C7-B49C-6AF5F23BCBA6}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/23/2009 6:50 PM 101936]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/28/2009 1:26 PM 30192]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} - hxxp://p.playfirst.com/play/game/emerald-city-confidential/EmeraldCityConfidential_Web.1.0.0.9.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 10:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-30 10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 14:24

Pre-Run: 190,705,680,384 bytes free
Post-Run: 190,481,555,456 bytes free

308 --- E O F --- 2009-06-26 15:54


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:26 AM, on 6/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} (CPlayFirstEmeraldCitControl Object) - http://p.playfirst.com/play/game/emerald-c...Web.1.0.0.9.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5611 bytes

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 30 June 2009 - 03:45 PM

Hello,

No need to be sorry at all. :thumbup2:

Please make sure MBAM is updated and have a scan with it and let it clean what it finds. Post the report in your reply and let me know if the errorsmessages are still happening.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 06 July 2009 - 06:52 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users