Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GlobalRoot Error


  • Please log in to reply
2 replies to this topic

#1 KingMedabe

KingMedabe

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 17 August 2009 - 06:18 PM

Everytime I open Internet Explorer I get a box that comes up and says

iexplore.exe - bad image

globalroot\systemroot\system32\esqulwptbedckeiqyxqfitvyyhdwtwxwpuvnd.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

I read another thread on here that said it was most likely a trojan rootkit that hid itself in the computer. I don't know if this helps but


DDS (Ver_09-07-30.01) - NTFSx86
Run by Joe G at 17:38:55.46 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.867 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\JOEG~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Joe G\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joe G\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page =
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB00982: {fcbccb87-9224-4b8d-b117-f56d924beb18} - TBSB00982 Class
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} -
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\joe g\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Skytel] Skytel.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 85.255.112.165,85.255.112.216
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joeg~1\appdata\roaming\mozilla\firefox\profiles\f1led2tu.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\joe g\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-3-30 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-14 51200]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 0313711242253422mcinstcleanup;McAfee Application Installer Cleanup (0313711242253422);c:\users\joeg~1\appdata\local\temp\031371~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\joeg~1\appdata\local\temp\031371~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 EraserSvc10910;Symantec Eraser Service;"c:\program files\norton 360\engine\3.0.0.134\ccsvchst.exe" /h cccommon --> c:\program files\norton 360\engine\3.0.0.134\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]

=============== Created Last 30 ================

2009-08-17 01:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 01:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-17 01:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-17 01:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-17 01:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 01:08 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 01:08 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-17 01:08 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-17 01:08 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-17 01:08 242,988,925 a------- c:\windows\MEMORY.DMP
2009-08-17 01:05 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-08-17 01:05 <DIR> --d----- c:\program files\Kaspersky Lab
2009-08-17 01:05 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-08-17 00:56 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-08-17 00:56 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-08-17 00:05 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-16 01:50 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-16 01:50 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-16 01:50 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-16 01:50 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-16 01:50 270,848 a------- c:\windows\system32\schannel.dll
2009-08-16 01:50 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 01:50 72,704 a------- c:\windows\system32\secur32.dll
2009-08-16 01:50 9,728 a------- c:\windows\system32\lsass.exe
2009-08-16 01:40 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-08-11 14:16 71,680 a------- c:\windows\system32\atl.dll
2009-08-11 14:16 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 14:16 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 14:16 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 14:16 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 14:16 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 14:16 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 14:16 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 14:16 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 14:16 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 14:16 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-07 00:44 <DIR> --d----- c:\program files\Skype
2009-08-02 23:17 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-07-31 12:15 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-31 12:15 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-31 12:15 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-31 11:56 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-31 11:54 109,032 a------- c:\windows\system32\drivers\ataport.sys
2009-07-31 11:53 258,048 a------- c:\windows\system32\winspool.drv
2009-07-31 11:52 978,944 a------- c:\windows\system32\crypt32.dll
2009-07-30 19:33 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-07-30 19:33 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-07-30 19:32 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-07-30 19:32 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-07-30 19:29 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-07-28 16:35 915,456 a------- c:\windows\system32\wininet.dll
2009-07-28 16:35 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-07-28 16:34 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-07-28 16:34 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-28 16:34 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-28 16:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-28 16:34 57,667 a------- c:\windows\system32\ieuinit.inf
2009-07-28 16:30 <DIR> --d----- c:\program files\Western Digital
2009-07-28 02:18 <DIR> --d----- c:\users\joeg~1\appdata\roaming\Flock
2009-07-28 02:17 <DIR> --d----- c:\program files\Flock
2009-07-27 20:01 <DIR> --d----- c:\program files\iPod
2009-07-27 20:01 <DIR> --d----- c:\program files\iTunes
2009-07-27 19:35 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-27 19:35 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-27 19:35 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-27 19:35 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-27 19:35 23,552 a------- c:\windows\system32\lpk.dll
2009-07-27 19:35 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-17 01:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-17 01:07 86,016 a------- c:\windows\inf\infstor.dat
2009-08-17 01:07 51,200 a------- c:\windows\inf\infpub.dat
2009-08-16 22:30 2,046 a------- c:\program files\Google Chrome.lnk
2009-07-31 12:15 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-11 21:50 1,464 a------- c:\users\joeg~1\appdata\roaming\wklnhst.dat
2009-01-04 00:58 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-04 00:58 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-30 14:57 980 a------- c:\program files\MCExpBarUser.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:41:41.77 ===============


I tried installing combofix but when I went to open it, another box comes up saying that cobofix has stopped working. This also happens with Malwarebytes'

What do I do?

BC AdBot (Login to Remove)

 


#2 KingMedabe

KingMedabe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 17 August 2009 - 06:20 PM

Also I may add that I currently do not have virus software because I was in the middle of getting ready to try something new when I discovered the problem, While attempting to install the new antivirus, the old one was deleted but the new one never successfully installed

#3 KingMedabe

KingMedabe
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 August 2009 - 12:24 AM

Good news, I figured out how to correctly download combofix and it worked. Here is my log just incase anyone wants to know

ComboFix 09-08-10.06 - Joe G 08/18/2009 0:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1207 [GMT -5:00]
Running from: c:\users\Joe G\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-141806619-494589831-3591745405-500
c:\users\Joe G\AppData\Roaming\.#
c:\windows\Installer\3d74b.msi
c:\windows\System32\drivers\ESQULwtigxjqpmirpmibtetupwqxfaqxpkxea.sys
c:\windows\system32\ESQULtnvfvinrqkqkauxfrbamsuwonmuqlxxl.dll
c:\windows\System32\ESQULwptbedckeiqyxqfitvyyhdwtwxwpuvnd.dll
c:\windows\system32\ESQULzcounter


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 05:11 . 2009-08-18 05:13 -------- d-----w- c:\users\Joe G\AppData\Local\temp
2009-08-18 05:11 . 2009-08-18 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 05:11 . 2009-08-18 05:11 -------- d-----w- c:\users\Angie\AppData\Local\temp
2009-08-18 02:58 . 2009-08-18 02:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-17 22:50 . 2009-08-18 03:28 -------- d-----w- c:\program files\SpywareBlaster
2009-08-17 22:46 . 2009-08-17 23:49 -------- d-----w- c:\program files\McAfee
2009-08-17 06:08 . 2009-08-17 23:48 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-17 06:08 . 2009-08-17 23:48 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-17 05:56 . 2009-08-17 05:56 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2009-08-17 05:05 . 2009-08-17 05:14 -------- d--h--w- c:\windows\msdownld.tmp
2009-08-17 03:39 . 2009-08-17 03:39 -------- d-----w- c:\users\Joe G\AppData\Local\Mozilla
2009-08-16 06:50 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 06:50 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 06:50 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 06:50 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 06:50 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 06:50 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 06:50 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-16 06:50 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 19:16 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 19:16 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 19:16 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 19:16 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 19:16 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 19:16 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 19:16 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 19:16 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-07 05:44 . 2009-08-07 05:44 -------- d-----w- c:\program files\Skype
2009-08-03 04:17 . 2009-08-03 04:17 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-08-03 04:17 . 2009-08-03 04:17 -------- d-----w- c:\program files\Google
2009-07-31 17:15 . 2009-07-31 17:16 -------- d-----w- c:\windows\system32\ca-ES
2009-07-31 17:15 . 2009-07-31 17:16 -------- d-----w- c:\windows\system32\eu-ES
2009-07-31 17:15 . 2009-07-31 17:16 -------- d-----w- c:\windows\system32\vi-VN
2009-07-31 16:56 . 2009-07-31 16:56 -------- d-----w- c:\windows\system32\EventProviders
2009-07-31 16:54 . 2009-04-11 06:32 43496 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-07-31 16:53 . 2009-04-11 06:28 177664 ----a-w- c:\windows\system32\WSDMon.dll
2009-07-31 16:52 . 2009-04-11 06:32 35304 ----a-w- c:\windows\system32\drivers\crashdmp.sys
2009-07-31 00:32 . 2009-08-17 23:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-30 21:26 . 2009-08-18 04:03 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-28 21:35 . 2009-07-21 21:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-28 21:34 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-28 21:34 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-28 21:34 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-28 21:30 . 2009-07-28 21:30 -------- d-----w- c:\program files\Western Digital
2009-07-28 07:18 . 2009-07-28 07:18 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 07:18 . 2009-07-28 07:18 -------- d-----w- c:\users\Joe G\AppData\Roaming\Flock
2009-07-28 07:18 . 2009-07-28 07:18 -------- d-----w- c:\users\Joe G\AppData\Local\Flock
2009-07-28 07:17 . 2009-08-11 01:44 -------- d-----w- c:\program files\Flock
2009-07-28 06:58 . 2009-07-31 06:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 01:05 . 2009-08-12 18:01 -------- d-----w- c:\program files\Safari
2009-07-28 01:01 . 2009-07-28 01:01 -------- d-----w- c:\program files\iPod
2009-07-28 01:01 . 2009-07-28 01:02 -------- d-----w- c:\program files\iTunes
2009-07-28 00:35 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 00:35 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-28 00:35 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-28 00:35 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-28 00:35 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-28 00:35 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 05:13 . 2009-03-28 16:39 -------- d-----w- c:\users\Joe G\AppData\Roaming\WTablet
2009-08-18 03:11 . 2008-03-14 05:54 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-18 03:05 . 2008-03-14 05:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 23:49 . 2008-03-14 06:04 -------- d-----w- c:\progra~2\McAfee
2009-08-17 23:48 . 2009-08-17 06:08 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-17 23:48 . 2009-08-17 06:08 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-17 03:30 . 2009-08-17 03:30 2046 ----a-w- c:\program files\Google Chrome.lnk
2009-08-17 02:57 . 2008-11-30 03:28 -------- d-----w- c:\progra~2\Lx_cats
2009-08-14 22:31 . 2008-11-30 19:37 680 ----a-w- c:\users\Joe G\AppData\Local\d3d9caps.dat
2009-08-13 18:04 . 2009-01-04 05:56 -------- d-----w- c:\users\Joe G\AppData\Roaming\Skype
2009-08-13 16:41 . 2009-01-04 05:58 -------- d-----w- c:\users\Joe G\AppData\Roaming\skypePM
2009-08-12 17:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-06 04:05 . 2009-06-26 16:04 -------- d-----w- c:\program files\Microsoft Games
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-31 17:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-31 17:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-31 17:03 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-31 16:20 . 2009-01-11 17:14 -------- d-----w- c:\program files\Java
2009-07-31 15:52 . 2009-05-13 22:29 -------- d-----w- c:\progra~2\Norton
2009-07-31 15:50 . 2009-05-13 22:30 -------- d-----w- c:\progra~2\Symantec
2009-07-31 15:48 . 2009-05-13 22:31 -------- d-----w- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-29 01:47 . 2008-11-28 10:19 -------- d-----w- c:\users\Joe G\AppData\Roaming\CyberLink
2009-07-28 01:01 . 2008-11-30 05:25 -------- d-----w- c:\program files\Common Files\Apple
2009-07-09 20:19 . 2008-11-30 06:08 -------- d-----w- c:\users\Joe G\AppData\Roaming\Hoyle Puzzle and Board Games
2009-07-07 05:33 . 2009-07-07 05:33 -------- d-----w- c:\program files\Adobe Media Player
2009-07-07 05:31 . 2008-12-02 00:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-07 05:30 . 2008-12-02 00:21 38208 ----a-w- c:\users\Joe G\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-27 04:25 . 2008-11-30 05:25 -------- d-----w- c:\progra~2\Apple
2009-06-26 01:11 . 2009-06-26 01:11 -------- d-----w- c:\program files\QuickTime
2009-06-20 00:05 . 2009-06-18 03:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-06-15 21:33 . 2009-04-15 02:26 91072 ----a-w- c:\users\Angie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-05 16:42 . 2009-06-05 16:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 16:42 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-30 20:18 . 2008-11-28 08:20 91072 ----a-w- c:\users\Joe G\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-21 16:33 . 2009-01-11 17:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-11-30 19:57 . 2008-11-30 19:57 980 ----a-w- c:\program files\MCExpBarUser.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\users\Joe G\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-11-30 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-28 4472832]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-28 1826816]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:huh::32,fd,c9,a4,03,12,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01E5B4F1-2553-486D-856D-9DD239B76417}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99FD2269-0AA1-4BA9-BF9C-FD76015CB876}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E82E77A9-2EAB-40F9-9A5C-C543B020A4D8}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{E06EC9EA-32B8-4FEA-9D87-CA7111A5507D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{585B3550-FEE7-4183-8F73-C4F66DE696B5}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{D9C84413-BEB2-4DAF-A817-A14CAA842BB7}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{6BE9D733-0D39-4B25-86BB-E6583DA443D3}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{3055A3D0-2A8B-402D-8076-E98029E9F9D7}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{97F2F3E6-4D43-4841-A7F4-373215E27BB8}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{B0FAE86D-1E75-47AF-A0A0-EDC699408A7E}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{38708B22-AFFE-4D25-A9C5-EF08ABD80386}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{AD7DA73E-B7D3-4898-87DB-1CEF62D08F10}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{C1379A16-C628-4612-BC76-033B9DF62CFD}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{D3552F31-F7F4-426E-BF5F-3B045057B816}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{6060B64C-C913-4048-B597-41E3D631CE50}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{8371D1F9-F7B1-482B-B971-3E37AD1F42E9}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{54BB6944-B01D-418B-9FD4-C7A3A04F9D81}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9674F897-DFBB-4B31-8B1D-88CDD4AEC7D8}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{3463C07B-9B1E-4ADC-BCE8-C37938044A55}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{2FFFF488-E560-46E0-9ACF-704ACDA83A23}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{B4CD9305-1DFD-43E6-A66A-3BEE8E669C45}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{E74D96D6-017B-4261-AF2F-4D1D27C507CD}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{D72A3295-2BD9-4E4A-9F8D-64A25EA78FA1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{56D6F6E0-BF71-435D-9C8D-1A1687918160}"= UDP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"{09FFE167-3161-4471-9E63-3CCF5FCF5AAB}"= TCP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"{226D3DF6-E06E-417E-BF1A-564D8B2DB602}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{77F3C261-C461-4018-82AF-8333E4AB58CB}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{52D47EB7-1A43-4082-AF55-34F4B416696C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D3FAF4F0-D462-42E9-BA9C-85CD72A374FC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7EA1C618-9144-46FA-A657-B546B3E8701E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E1758B5A-5390-450D-8023-52DE04E29646}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E1D5CED6-EE70-45CD-9384-80DECCBA76EB}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9FC8DB22-E749-4127-970B-B6D7EF191361}"= UDP:4000:Diablo II
"{309B22F7-766E-41EF-8F04-C8660DED13A0}"= UDP:6112:Diablo II
"{A702511A-D529-493A-A889-481D5475C4D4}"= UDP:6119:Diablo II
"{98339EE1-9F35-4921-9969-D2D6E5421FFB}"= TCP:6112:Diablo II
"{5D469E07-5946-446A-8C6E-F030DD1FAD9F}"= TCP:6119:Diablo II
"{03D05306-ABEC-44FA-8F83-B68510D19524}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6FD6B1B6-947B-4134-9992-D44FE8A8A630}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{865482CF-24BE-4672-A71C-393740F1EA6F}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{6DD8AD2A-A1E0-4582-97B0-6E01FFA3C9C0}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{04332E39-B7AD-4511-85AD-E1E366E5998D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CA7F2BD7-A312-4444-983A-C289CA6FFB8B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [3/30/2008 5:42 AM 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [3/14/2008 12:45 AM 51200]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [2/27/2008 6:07 PM 98984]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/22/2007 5:00 PM 180736]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 9:51 AM 43008]
S2 EraserSvc10910;Symantec Eraser Service;"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe" /h ccCommon --> c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)
WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\JOEG~1\AppData\Roaming\Mozilla\Firefox\Profiles\f1led2tu.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Joe G\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 00:13
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-141806619-494589831-3591745405-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,6f,d8,36,4a,1e,e0,da,f6,12,45,c5,f9,0a,ec,d8,99,38,54,aa,44,83,5b,
66,e6,5b,47,19,70,81,42,b9,45,55,d8,84,01,62,9f,0c,55,50,66,f0,20,ab,6e,fb,\
"??"=hex:e6,8c,4a,b0,88,18,95,47,a5,5c,2e,84,0f,f8,0a,21

[HKEY_USERS\S-1-5-21-141806619-494589831-3591745405-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,97,86,25,c7,5a,b6,84,d5,d6,3f,a5,3e,e2,9d,88,54,75,31,4e,41,
51,52,d3,73,8d,5b,f7,14,ba,f0,52,f9,fe,53,bb,e7,26,d5,b6,e1,d3,a9,df,be,63,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2660)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdncoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\Tablet.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\WTablet\TabUserW.exe
c:\windows\System32\Tablet.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\program files\Internet Explorer\ielowutil.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-18 0:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 05:18

Pre-Run: 18,152,525,824 bytes free
Post-Run: 18,052,452,352 bytes free

370 --- E O F --- 2009-08-16 06:51

And that's about it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users