Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rustock.M problem - Infected .sys files


  • This topic is locked This topic is locked
16 replies to this topic

#1 Borky

Borky

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 July 2009 - 01:30 PM

Hey,

For about a day or two now everytime I log into my PC in Normal Mode I am greeted with an AVG warning, saying that it has found infected files, Null.sys, Beep.sys and glaide32.sys, all of which have been infected with Rustock.M and all in the Windows/System32/Drivers directory. If not it comes up with a fake anti-virus scanner. These can be gotten rid of with a quick scan from Malewarebytes' anti-malware and AVG in safe mode, or even moving them to the virus vault when the warning appears. Howerver when I switch my PC off and switch it on again I am yet again told that infected files have been found, or again the fake anti-virus software appears. I've done this so many times now and I'm not sure what else to do.

This is the DDS report. *Note this scan was done in safe mode.

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by User at 19:02:03.98 on 29/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.916 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Documents and Settings\User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.co.uk/ie
uStart Page = hxxp://www.uk.emachines.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\program files\qt lite\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [12294684] c:\documents and settings\all users\application data\12294684\12294684.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ikowin32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\a0m505zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin6.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-23 108552]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2009-2-4 12160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-23 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-23 27784]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-23 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-23 298776]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2009-2-4 7040]

=============== Created Last 30 ================

2009-07-29 12:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12294684
2009-07-20 11:50 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{E27DB915-174B-4B55-B47A-B9060965E98F}
2009-07-20 00:09 32 a------- c:\windows\CD_Start.INI
2009-07-16 17:12 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-16 17:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-16 17:03 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-16 17:02 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-07-16 17:01 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-16 17:01 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-16 17:01 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-16 17:01 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-16 17:01 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-07-16 17:01 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-07-16 16:29 <DIR> --d----- c:\documents and settings\user\Nokia
2009-07-16 16:28 <DIR> --d----- c:\program files\common files\PCSuite
2009-07-16 16:28 <DIR> --d----- c:\program files\common files\Nokia
2009-07-02 09:36 <DIR> --d----- c:\program files\Bethesda Softworks
2009-07-01 20:02 23 a------- c:\windows\BlendSettings.ini

==================== Find3M ====================

2009-07-28 14:32 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-26 12:46 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 12:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 22:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 22:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 22:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 22:02 685,056 a------- c:\windows\system32\DivX.dll
2007-05-24 14:58 249,856 a------- c:\windows\inf\wg311v3\InsDrv2k.exe
2006-12-04 11:38 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2005-12-29 18:07 282,624 a----r-- c:\windows\inf\wg311v3\WG311v3XP.sys

============= FINISH: 19:03:10.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 30 July 2009 - 10:25 AM

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.


NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 30 July 2009 - 11:51 AM

Hey,

Hope I did it right!

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 30 July 2009 - 04:00 PM

Can you run SysProt in Normal Mode?.. SysProt will not give any valuable information in Safe Mode :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 30 July 2009 - 05:21 PM

Hey, sorry about that,

I re-did the scan in normal mode, hope I have done it right this time.

Apologies if I haven't...

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 30 July 2009 - 05:33 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 31 July 2009 - 08:18 AM

Hey,

This is the log

ComboFix 09-07-29.04 - User 31/07/2009 13:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.791 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\RarSFX1\install.exe
c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\Local Settings\Temp\RarSFX1\install.exe
c:\recycler\S-1-5-21-3711010583-172883471-653975880-1003
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\tmp31.tmp
c:\windows\system32\tmp32.tmp
c:\windows\TEMP\wpv701248906516.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-31 13:02 . 2009-07-31 13:05 61696 ----a-w- c:\windows\system32\drivers\938067b8.sys
2009-07-31 13:01 . 2009-07-31 13:04 -------- d-sh--w- c:\windows\system32\lowsec
2009-07-20 10:50 . 2009-07-20 10:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E27DB915-174B-4B55-B47A-B9060965E98F}
2009-07-16 16:03 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-16 16:02 . 2009-07-16 16:02 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-16 16:01 . 2009-02-09 07:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-16 16:01 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-07-16 16:01 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-07-16 16:01 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-16 15:57 . 2009-07-16 15:52 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-07-16 15:53 . 2009-07-16 15:53 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-16 15:53 . 2009-07-16 15:53 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Nokia
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Application Data\Datalayer
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-02 08:36 . 2009-07-02 08:36 -------- d-----w- c:\program files\Bethesda Softworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 13:05 . 2005-04-25 23:05 296448 ----a-w- c:\windows\system32\sdra64.exe
2009-07-31 12:42 . 2008-09-23 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-28 13:32 . 2009-01-02 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-26 11:46 . 2008-09-23 22:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 17:30 . 2009-01-31 13:09 -------- d-----w- c:\documents and settings\User\Application Data\SPORE
2009-07-23 12:30 . 2009-02-12 17:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-19 23:17 . 2008-09-22 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 22:40 . 2009-06-24 15:50 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-07-17 12:51 . 2008-12-20 11:52 -------- d-----w- c:\program files\Nokia
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-16 16:04 . 2008-12-20 12:15 -------- d-----w- c:\program files\DIFX
2009-07-16 15:57 . 2008-12-20 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-16 15:51 . 2008-09-23 22:01 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2009-06-24 15:50 . 2009-06-24 15:50 -------- d-----w- c:\program files\uTorrent
2009-06-24 11:04 . 2008-09-27 14:07 -------- d-----w- c:\program files\LimeWire
2009-06-23 14:50 . 2009-06-23 14:50 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-06-23 14:50 . 2009-06-23 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 12:58 . 2009-06-23 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 12:44 . 2008-10-04 23:29 -------- d-----w- c:\program files\MP3 Music Search
2009-06-22 13:30 . 2009-06-22 13:29 -------- d-----w- c:\program files\InterActual
2009-06-21 11:09 . 2008-09-23 22:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 07:46 . 2009-04-03 18:18 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-19 12:34 . 2009-04-12 12:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-19 12:32 . 2009-02-17 15:19 -------- d-----w- c:\program files\DivX
2009-06-17 10:27 . 2009-06-23 12:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-06-23 12:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2005-04-25 23:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-25 23:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 15:18 . 2005-04-25 23:48 -------- d-----w- c:\program files\Java
2009-06-10 15:16 . 2009-06-10 15:16 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 07:28 . 2009-06-10 07:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:28 . 2009-06-10 07:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:28 . 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:28 . 2009-06-10 07:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 07:28 . 2009-06-10 07:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 07:28 . 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 07:28 . 2009-06-10 07:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 05:03 . 2009-04-30 21:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 05:03 . 2009-04-30 21:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 05:03 . 2009-04-03 18:19 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 05:03 . 2009-03-27 09:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 05:03 . 2009-03-27 09:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 05:03 . 2006-08-11 19:43 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 05:03 . 2006-08-11 19:42 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 05:03 . 2005-04-25 16:19 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 05:03 . 2005-04-25 16:19 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 21:29 . 2009-04-08 21:03 -------- d-----w- c:\program files\LEGO Company
2009-06-03 19:09 . 2005-04-25 23:05 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 10:33 . 2009-03-05 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-11 11:47 . 2009-05-11 11:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 11:14 . 2008-09-23 22:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 11:14 . 2008-09-23 22:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2005-04-25 23:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 21:41 . 2009-06-23 15:02 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
ikowin32.exe [2008-4-14 22528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2007-11-21 1507328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 11:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Call of duty\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2008 23:16 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2008 23:16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/09/2008 23:16 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2008 23:16 298776]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [04/02/2009 00:03 12160]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [04/02/2009 00:03 7040]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uk.emachines.com/
uSearch Bar = hxxp://www.google.co.uk/ie
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0m505zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 14:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\lowsec
c:\windows\system32\sdra64.exe 296448 bytes executable


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\938067b8]
"ImagePath"="\SystemRoot\System32\drivers\938067b8.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3410061513-2169000172-1683617960-1007\Software\SecuROM\License information*]
"datasecu"=hex:97,eb,82,37,1e,48,7f,e7,67,7e,e2,6a,8d,8e,9c,c5,78,6e,e8,b6,7c,
53,68,92,6c,10,41,98,87,d9,7c,48,96,25,a1,2a,28,2c,79,65,a7,ba,14,ab,33,f1,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-31 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 13:11

Pre-Run: 24,309,874,688 bytes free
Post-Run: 24,427,917,312 bytes free

288 --- E O F --- 2009-07-31 12:41

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 31 July 2009 - 09:33 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Rootkit::
c:\windows\system32\sdra64.exe

File::
c:\windows\system32\drivers\938067b8.sys
c:\windows\system32\sdra64.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ikowin32.exe

Folder::
c:\windows\system32\lowsec

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 31 July 2009 - 11:58 AM

Hey again,

First is the HJT report, the CF log is lower down, underneath this.

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uk.emachines.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\qt lite\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

..................................................................................................................................................................................
CFLog

ComboFix 09-07-29.04 - User 31/07/2009 17:29.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.892 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\documents and settings\User\Start Menu\Programs\Startup\ikowin32.exe"
"c:\windows\system32\drivers\938067b8.sys"
"c:\windows\system32\sdra64.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\Start Menu\Programs\Startup\ikowin32.exe
c:\windows\system32\drivers\938067b8.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32
-------\Service_938067b8


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-20 10:50 . 2009-07-20 10:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E27DB915-174B-4B55-B47A-B9060965E98F}
2009-07-16 16:03 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-16 16:02 . 2009-07-16 16:02 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-16 16:01 . 2009-02-09 07:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-16 16:01 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-07-16 16:01 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-07-16 16:01 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-16 15:57 . 2009-07-16 15:52 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-07-16 15:53 . 2009-07-16 15:53 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-16 15:53 . 2009-07-16 15:53 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Nokia
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Application Data\Datalayer
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-02 08:36 . 2009-07-02 08:36 -------- d-----w- c:\program files\Bethesda Softworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 12:42 . 2008-09-23 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-28 13:32 . 2009-01-02 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-26 11:46 . 2008-09-23 22:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 17:30 . 2009-01-31 13:09 -------- d-----w- c:\documents and settings\User\Application Data\SPORE
2009-07-23 12:30 . 2009-02-12 17:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-19 23:17 . 2008-09-22 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 22:40 . 2009-06-24 15:50 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-07-17 12:51 . 2008-12-20 11:52 -------- d-----w- c:\program files\Nokia
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-16 16:04 . 2008-12-20 12:15 -------- d-----w- c:\program files\DIFX
2009-07-16 15:57 . 2008-12-20 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-16 15:51 . 2008-09-23 22:01 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2009-06-24 15:50 . 2009-06-24 15:50 -------- d-----w- c:\program files\uTorrent
2009-06-24 11:04 . 2008-09-27 14:07 -------- d-----w- c:\program files\LimeWire
2009-06-23 14:50 . 2009-06-23 14:50 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-06-23 14:50 . 2009-06-23 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 12:58 . 2009-06-23 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 12:44 . 2008-10-04 23:29 -------- d-----w- c:\program files\MP3 Music Search
2009-06-22 13:30 . 2009-06-22 13:29 -------- d-----w- c:\program files\InterActual
2009-06-21 11:09 . 2008-09-23 22:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 07:46 . 2009-04-03 18:18 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-19 12:34 . 2009-04-12 12:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-19 12:32 . 2009-02-17 15:19 -------- d-----w- c:\program files\DivX
2009-06-17 10:27 . 2009-06-23 12:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-06-23 12:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2005-04-25 23:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-25 23:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 15:18 . 2005-04-25 23:48 -------- d-----w- c:\program files\Java
2009-06-10 15:16 . 2009-06-10 15:16 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 07:28 . 2009-06-10 07:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:28 . 2009-06-10 07:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:28 . 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:28 . 2009-06-10 07:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 07:28 . 2009-06-10 07:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 07:28 . 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 07:28 . 2009-06-10 07:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 05:03 . 2009-04-30 21:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 05:03 . 2009-04-30 21:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 05:03 . 2009-04-03 18:19 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 05:03 . 2009-03-27 09:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 05:03 . 2009-03-27 09:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 05:03 . 2006-08-11 19:43 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 05:03 . 2006-08-11 19:42 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 05:03 . 2005-04-25 16:19 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 05:03 . 2005-04-25 16:19 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 21:29 . 2009-04-08 21:03 -------- d-----w- c:\program files\LEGO Company
2009-06-03 19:09 . 2005-04-25 23:05 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 10:33 . 2009-03-05 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-11 11:47 . 2009-05-11 11:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 11:14 . 2008-09-23 22:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 11:14 . 2008-09-23 22:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2005-04-25 23:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 21:41 . 2009-06-23 15:02 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-31_13.01.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 16:37 . 2009-07-31 16:37 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
- 2009-07-31 13:00 . 2009-07-31 13:00 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
+ 2005-04-25 23:31 . 2009-07-31 16:05 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-04-25 23:31 . 2009-07-31 16:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-25 23:31 . 2009-07-31 16:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2007-11-21 1507328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 11:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Call of duty\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2008 23:16 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2008 23:16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/09/2008 23:16 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2008 23:16 298776]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [04/02/2009 00:03 12160]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [04/02/2009 00:03 7040]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uk.emachines.com/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0m505zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3410061513-2169000172-1683617960-1007\Software\SecuROM\License information*]
"datasecu"=hex:97,eb,82,37,1e,48,7f,e7,67,7e,e2,6a,8d,8e,9c,c5,78,6e,e8,b6,7c,
53,68,92,6c,10,41,98,87,d9,7c,48,96,25,a1,2a,28,2c,79,65,a7,ba,14,ab,33,f1,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3068)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-31 17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 16:47
ComboFix2.txt 2009-07-31 13:11

Pre-Run: 24,390,352,896 bytes free
Post-Run: 24,355,528,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

303 --- E O F --- 2009-07-31 12:41

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 31 July 2009 - 04:54 PM

Erm.. This is weird.. Can you run ComboFix again (just double-click it) and post the log here? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 06:01 AM

Hey, this is the latest log.

ComboFix 09-07-31.04 - User 01/08/2009 11:48.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.805 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-20 10:50 . 2009-07-20 10:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E27DB915-174B-4B55-B47A-B9060965E98F}
2009-07-16 16:03 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-16 16:02 . 2009-07-16 16:02 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-16 16:01 . 2009-02-09 07:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-16 16:01 . 2009-02-09 07:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-16 16:01 . 2009-02-09 07:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-07-16 16:01 . 2009-02-09 07:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-07-16 16:01 . 2009-02-09 07:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-16 15:57 . 2009-07-16 15:52 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe
2009-07-16 15:53 . 2009-07-16 15:53 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-16 15:53 . 2009-07-16 15:53 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-16 15:53 . 2009-07-16 15:53 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Nokia
2009-07-16 15:29 . 2009-07-16 15:29 -------- d-----w- c:\documents and settings\User\Application Data\Datalayer
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-16 15:28 . 2009-07-17 12:51 -------- d-----w- c:\program files\Common Files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 10:42 . 2009-02-12 17:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 12:42 . 2008-09-23 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-28 13:32 . 2009-01-02 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-26 11:46 . 2008-09-23 22:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 17:30 . 2009-01-31 13:09 -------- d-----w- c:\documents and settings\User\Application Data\SPORE
2009-07-19 23:17 . 2008-09-22 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 22:40 . 2009-06-24 15:50 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-07-17 12:51 . 2008-12-20 11:52 -------- d-----w- c:\program files\Nokia
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-16 16:12 . 2009-07-16 16:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-16 16:04 . 2008-12-20 12:15 -------- d-----w- c:\program files\DIFX
2009-07-16 15:57 . 2008-12-20 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-16 15:51 . 2008-09-23 22:01 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2009-07-02 08:36 . 2009-07-02 08:36 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-26 16:50 . 2005-04-25 23:06 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2005-04-25 23:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 15:50 . 2009-06-24 15:50 -------- d-----w- c:\program files\uTorrent
2009-06-24 11:04 . 2008-09-27 14:07 -------- d-----w- c:\program files\LimeWire
2009-06-23 14:50 . 2009-06-23 14:50 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-06-23 14:50 . 2009-06-23 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 12:58 . 2009-06-23 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 12:44 . 2008-10-04 23:29 -------- d-----w- c:\program files\MP3 Music Search
2009-06-22 13:30 . 2009-06-22 13:29 -------- d-----w- c:\program files\InterActual
2009-06-21 11:09 . 2008-09-23 22:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 07:46 . 2009-04-03 18:18 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-19 12:34 . 2009-04-12 12:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-19 12:32 . 2009-02-17 15:19 -------- d-----w- c:\program files\DivX
2009-06-17 10:27 . 2009-06-23 12:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-06-23 12:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2005-04-25 23:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-25 23:05 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 10:00 . 2009-06-12 10:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 15:18 . 2005-04-25 23:48 -------- d-----w- c:\program files\Java
2009-06-10 15:16 . 2009-06-10 15:16 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 07:28 . 2009-06-10 07:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:28 . 2009-06-10 07:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:28 . 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:28 . 2009-06-10 07:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 07:28 . 2009-06-10 07:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 07:28 . 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 07:28 . 2009-06-10 07:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 05:03 . 2009-04-30 21:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 05:03 . 2009-04-30 21:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 05:03 . 2009-04-03 18:19 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 05:03 . 2009-03-27 09:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 05:03 . 2009-03-27 09:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 05:03 . 2006-08-11 19:43 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 05:03 . 2006-08-11 19:42 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 05:03 . 2006-08-11 19:42 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 05:03 . 2005-04-25 16:19 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 05:03 . 2005-04-25 16:19 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 21:29 . 2009-04-08 21:03 -------- d-----w- c:\program files\LEGO Company
2009-06-03 19:09 . 2005-04-25 23:05 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 10:33 . 2009-03-05 18:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-11 18:25 . 2009-05-11 18:25 290816 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-11 11:47 . 2009-05-11 11:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 11:14 . 2008-09-23 22:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 11:14 . 2008-09-23 22:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2005-04-25 23:05 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 21:41 . 2009-06-23 15:02 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-31_13.01.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 10:42 . 2009-08-01 10:42 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
+ 2008-09-23 21:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2008-09-23 21:35 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-02-20 08:10 . 2009-04-29 04:46 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2005-04-25 23:31 . 2009-07-31 16:05 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 98304 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-25 23:31 . 2009-07-31 16:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-25 23:31 . 2009-07-31 16:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-04-25 23:31 . 2009-07-31 13:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-04-25 23:06 . 2009-06-26 16:50 620032 c:\windows\system32\urlmon.dll
- 2005-04-25 23:06 . 2009-04-29 04:46 620032 c:\windows\system32\urlmon.dll
- 2008-06-23 15:09 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-23 15:09 . 2009-06-26 16:50 666624 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:15 . 2009-06-26 16:50 620032 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:15 . 2009-04-29 04:46 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2005-04-25 23:05 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
+ 2005-04-25 23:05 . 2009-07-18 16:05 3069440 c:\windows\system32\mshtml.dll
+ 2008-06-26 08:15 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:09 . 2009-07-18 16:05 3069440 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-31 17:00 . 2009-07-31 17:00 15705600 c:\windows\Installer\15476b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2007-11-21 1507328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 11:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Call of duty\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2008 23:16 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2008 23:16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/09/2008 23:16 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2008 23:16 298776]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [04/02/2009 00:03 12160]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [04/02/2009 00:03 7040]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uk.emachines.com/
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0m505zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 11:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3410061513-2169000172-1683617960-1007\Software\SecuROM\License information*]
"datasecu"=hex:97,eb,82,37,1e,48,7f,e7,67,7e,e2,6a,8d,8e,9c,c5,78,6e,e8,b6,7c,
53,68,92,6c,10,41,98,87,d9,7c,48,96,25,a1,2a,28,2c,79,65,a7,ba,14,ab,33,f1,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-01 11:58
ComboFix-quarantined-files.txt 2009-08-01 10:58
ComboFix2.txt 2009-07-31 16:47
ComboFix3.txt 2009-07-31 13:11

Pre-Run: 24,296,013,824 bytes free
Post-Run: 24,256,479,232 bytes free

276 --- E O F --- 2009-07-31 17:00

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 01 August 2009 - 07:01 AM

Much better.. Lets do an online scan to see what's left..

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 August 2009 - 06:37 AM

Hey, my computer isn't getting countless warnings from AVG now, but it did get 3 during the ESET scan, which were healed, and I am also getting an allow or deny warning from Spybot S&D Resident, asking about C:\WINDOWS\System32\userinit.exe, saying 'Value changed'. Should I allow or deny this? I did have a warning before as well about Winlogon, saying'Value Deleted', which got Denied when I tried to close it. :thumbup2:

Anyway, here is the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=1e8714c6745bab478323e52a7424e7bd
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-01 02:06:42
# local_time=2009-08-01 03:06:42 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 5268301250000
# scanned=40466
# found=0
# cleaned=0
# scan_time=2359
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=1e8714c6745bab478323e52a7424e7bd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-08-02 11:09:36
# local_time=2009-08-02 12:09:36 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 6026043125000
# scanned=97423
# found=2
# cleaned=2
# scan_time=4176
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir a variant of Win32/Rustock trojan (cleaned by deleting - quarantined) B0DF85426E9A5E7F1BCE0CF8FC70850F C
C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}\RP3\A0000199.exe Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) A67F73D164A6BBA47503E055EFBE81B7 C

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 03 August 2009 - 09:39 PM

psst.. to be honest, I never use Spybot S&D before.. And I never suggested it to anyone.. I know its a good program, but I'm not using it..

Please run DDS again and post the result here for my final review.. :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 04 August 2009 - 04:03 AM

Hello,

So here is the DDS log


DDS (Ver_09-07-30.01) - NTFSx86
Run by User at 9:58:59.21 on 04/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.791 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uk.emachines.com/
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\qt lite\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\a0m505zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin6.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-23 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-23 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-23 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-23 298776]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2009-2-4 12160]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2009-2-4 7040]
S3 mbr;mbr;\??\c:\docume~1\user\locals~1\temp\mbr.sys --> c:\docume~1\user\locals~1\temp\mbr.sys [?]

=============== Created Last 30 ================

2009-08-01 14:21 <DIR> --d----- c:\program files\ESET
2009-08-01 11:47 <DIR> --ds---- C:\Combo-Fix
2009-07-31 17:23 <DIR> a-dshr-- C:\cmdcons
2009-07-31 17:20 219,648 a------- c:\windows\PEV.exe
2009-07-31 14:07 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-31 13:49 161,792 a------- c:\windows\SWREG.exe
2009-07-31 13:49 98,816 a------- c:\windows\sed.exe
2009-07-20 11:50 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{E27DB915-174B-4B55-B47A-B9060965E98F}
2009-07-20 00:09 32 a------- c:\windows\CD_Start.INI
2009-07-16 17:12 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-16 17:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-16 17:03 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-16 17:02 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-07-16 17:01 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-07-16 17:01 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-07-16 17:01 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-07-16 17:01 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-07-16 17:01 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-07-16 17:01 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-07-16 16:29 <DIR> --d----- c:\documents and settings\user\Nokia
2009-07-16 16:28 <DIR> --d----- c:\program files\common files\PCSuite
2009-07-16 16:28 <DIR> --d----- c:\program files\common files\Nokia

==================== Find3M ====================

2009-07-28 14:32 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-26 12:46 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 17:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 17:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 12:47 1,302,600 a------- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 12:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2007-05-24 14:58 249,856 a------- c:\windows\inf\wg311v3\InsDrv2k.exe
2006-12-04 11:38 212,992 a------- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2005-12-29 18:07 282,624 a----r-- c:\windows\inf\wg311v3\WG311v3XP.sys

============= FINISH: 10:01:59.96 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users