Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Redirect to Advertisments (Please Help!)


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hemy12

Hemy12

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 18 October 2009 - 09:14 AM

I recently had the Antivirus Pro 2010 and XPSecurity viruses cleaned off my computer. However, now when I do a google search, I am most of the time redirected to some type of advertisement or I am re-directed to some strange search engines.

In order to remove any spyware that I might have, I ran the following programs in full scan mode.

Norton Internet Security 2009 (Anti-Virus)
Spyware Doctor Version 7.0.0.508
Ad-Aware Version 8.1.0
Spybot 1.6.2

I also downloaded a ran a program called Combofix. I have attached it's log as well as the hijacks.

I am still have problems after all I have done and I need some help. My only thought now is the format the hard drive and start from scratch which I really do not want to do.

Here is the Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:58 AM, on 10/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JJ\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) - file://E:\html\nafcom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 10421 bytes

Edited by Hemy12, 18 October 2009 - 03:38 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:03 AM

Posted 28 October 2009 - 08:49 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

I also downloaded a ran a program called Combofix. I have attached it's log as well as the hijacks.

Didn't see ComboFix log attached. Please attach the log if you have run the program.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Hemy12

Hemy12
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 02 November 2009 - 08:41 PM

I have attached is the Log for the script that you gave me. I will need to run the combofix again because I think i delated the LOG. I will probably post that in a few days. I think I am going to have to re-install everything. With my zeal to clean my system I think I damaged the registry and some how I deleted rundll32.exe. The attached log is in the attachment section.

DDS (Ver_09-10-26.01) - NTFSx86
Run by JJ at 20:33:12.53 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.219 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HPMediaSmartServicesGatewayService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\Gateway\HP MediaSmart Services Gateway.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JJ\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Videoraptor_WebRipPlugin Class: {3c0372c2-04c3-4100-bab1-1d42c552bc48} - c:\program files\rapidsolution\rs audials one\videoraptor\plugins\ie\VR_WebRipIePlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [gStart] c:\garmin\gStart.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [RealPlayer0] "c:\program files\common files\real\update_ob\realsched.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Transcode360] c:\program files\transcode360\Transcode360Tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [CinemaNowMediaManagerApp] c:\program files\cinemanow\cinemanow media manager\CinemanowShell.exe -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp mediasmart\gateway\HP MediaSmart Services Gateway.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech harmony remote software 7\HarmonyRemote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file://e:\html\nafcom.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-17 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-17 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-10-10 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-10-10 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSXpx86.sys [2009-10-22 329080]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-10-17 112592]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2008-2-28 133496]
R2 HP MediaSmart Services Gateway;HP MediaSmart Services Gateway;c:\program files\hewlett-packard\hp mediasmart\gateway\HPMediaSmartServicesGatewayService.exe [2008-3-24 65536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-10-10 115560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-17 358600]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-10 102448]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-10-10 26144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-10 1684736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2009-11-01 20:57:02 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-01 20:57:01 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-01 20:56:58 63984 ------w- c:\windows\system32\pxwma.dll
2009-11-01 20:35:23 27936 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-11-01 20:33:52 0 d-----w- c:\program files\RapidSolution
2009-11-01 20:33:52 0 d-----w- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-11-01 20:33:24 0 d-----w- c:\program files\PixiePack Codec Pack
2009-11-01 16:44:23 0 d-----w- c:\program files\Audible
2009-10-31 22:34:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 04:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\CinemaNow
2009-10-31 04:04:59 0 d-----w- c:\docume~1\alluse~1\applic~1\mpDRM
2009-10-31 04:04:57 0 d-----w- c:\program files\common files\mpDRM
2009-10-31 04:04:54 0 d-----w- c:\docume~1\alluse~1\applic~1\fluxDVD
2009-10-31 04:04:53 0 d-----w- c:\program files\common files\fluxDVD
2009-10-31 04:04:46 0 d-----w- c:\program files\CinemaNow
2009-10-31 04:03:02 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-31 04:02:20 0 d-----w- c:\program files\Microsoft ASP.NET
2009-10-31 04:01:01 0 d-----w- c:\program files\Windows Media Connect 2
2009-10-22 03:52:11 384512 ----a-w- c:\windows\system32\BTMIGetKey.dll
2009-10-22 03:52:10 0 d-----w- c:\program files\HIP
2009-10-20 19:45:11 3250 ----a-w- c:\windows\system32\wbem\Outlook_01ca51bdd6119228.mof
2009-10-18 19:39:16 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-10-18 19:39:13 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-10-18 19:39:12 0 d-----w- c:\program files\ffdshow
2009-10-18 15:26:58 0 d-----w- C:\Temp
2009-10-18 15:21:50 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-10-18 15:21:50 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-10-18 15:21:39 0 d-----w- c:\program files\Xilisoft
2009-10-18 00:30:07 0 d-sh--w- c:\documents and settings\jj\IECompatCache
2009-10-17 23:06:19 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-17 23:06:19 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-17 22:56:39 0 d-sha-r- C:\cmdcons
2009-10-17 22:55:36 236544 ----a-w- c:\windows\PEV.exe
2009-10-17 22:40:28 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-17 22:34:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-17 22:32:52 98816 ----a-w- c:\windows\sed.exe
2009-10-17 22:32:52 161792 ----a-w- c:\windows\SWREG.exe
2009-10-17 20:22:14 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 20:21:49 0 d-----w- c:\program files\Lavasoft
2009-10-17 19:43:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-17 19:43:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-17 19:40:31 0 d-----w- C:\ProfileClone-Temp
2009-10-17 19:40:23 0 d-----w- c:\program files\EasySuite
2009-10-17 19:32:21 0 d-----w- c:\program files\CCleaner
2009-10-17 19:06:03 882 ----a-w- c:\windows\RegSDImport.xml
2009-10-17 19:06:03 880 ----a-w- c:\windows\RegISSImport.xml
2009-10-17 19:06:03 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-17 19:06:03 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-17 19:06:03 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-17 19:06:03 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-17 19:06:03 131 ----a-w- c:\windows\IDB.zip
2009-10-17 19:06:03 1152470 ----a-w- c:\windows\UDB.zip
2009-10-17 19:05:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-17 19:05:16 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-17 19:05:13 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-17 19:05:13 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-17 19:05:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-17 19:05:13 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-17 19:05:02 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-17 19:05:02 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-17 19:04:50 0 d-----w- c:\program files\Spyware Doctor
2009-10-17 19:04:50 0 d-----w- c:\program files\common files\PC Tools
2009-10-17 19:04:50 0 d-----w- c:\docume~1\jj\applic~1\PC Tools
2009-10-17 19:04:50 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-17 08:23:23 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-17 07:59:24 18248 ----a-w- c:\windows\system32\yjyb.dat
2009-10-17 07:59:24 10813 ----a-w- c:\docume~1\alluse~1\applic~1\getebicuti.dat
2009-10-16 00:08:00 0 d-----w- c:\program files\uTorrent
2009-10-16 00:07:29 0 d-----w- c:\docume~1\jj\applic~1\uTorrent
2009-10-15 01:11:02 0 d-----w- c:\docume~1\alluse~1\applic~1\WD_SmartWareCommon
2009-10-15 01:01:50 0 d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2009-10-15 01:01:49 0 d-----w- c:\docume~1\jj\applic~1\GARMIN
2009-10-15 00:59:11 0 d-----w- C:\Garmin
2009-10-15 00:53:15 0 d-----w- c:\docume~1\jj\applic~1\Western Digital
2009-10-15 00:53:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2009-10-15 00:52:50 0 d-----w- c:\program files\Western Digital
2009-10-15 00:44:21 0 d-----w- c:\documents and settings\jj\browser - logitech
2009-10-15 00:42:19 0 d-----w- c:\documents and settings\jj\Logitech
2009-10-15 00:41:57 0 d-----w- c:\program files\common files\Remote Control Software Common
2009-10-15 00:38:08 57344 ----a-w- c:\windows\system32\pt27f.dll
2009-10-15 00:38:08 31232 ----a-w- c:\windows\system32\pt27l.dll
2009-10-15 00:37:09 0 d-----w- c:\program files\common files\Brother
2009-10-15 00:37:07 0 d-----w- c:\program files\Brother
2009-10-14 00:16:38 0 d-----w- c:\program files\MediaMonkey
2009-10-13 09:06:58 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-13 09:06:58 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 09:06:58 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-12 00:48:34 0 d-----w- c:\program files\DVD Shrink
2009-10-12 00:13:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-12 00:13:07 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-12 00:12:44 0 d-----w- c:\program files\iPod
2009-10-12 00:12:42 0 d-----w- c:\program files\iTunes
2009-10-12 00:12:42 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 00:12:30 0 d-----w- c:\program files\Bonjour
2009-10-12 00:11:50 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-12 00:11:50 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-11 18:54:56 97 ----a-w- c:\windows\system32\mhncache.dat
2009-10-11 17:47:31 0 d-----w- c:\program files\Transcode360
2009-10-11 16:19:18 0 d-----w- c:\program files\MCEDev.com
2009-10-11 16:11:39 0 d-----w- c:\program files\Microsoft SQL Server
2009-10-11 16:07:12 13172 ----a-w- c:\windows\system32\tsx.dbl
2009-10-11 15:59:38 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-10-11 15:59:28 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-10-11 15:59:28 89088 ----a-w- c:\windows\system32\atl71.dll
2009-10-11 15:59:28 671744 ----a-w- c:\windows\system32\DolbyHph.dll
2009-10-11 15:59:28 60416 ----a-w- c:\windows\system32\DSETUP.dll
2009-10-11 15:59:28 4608 ----a-w- c:\windows\system32\drivers\nvport.sys
2009-10-11 15:59:28 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-11 15:59:28 0 d-----w- c:\program files\NVIDIA Corporation
2009-10-11 15:57:20 0 d-----w- c:\program files\Microsoft
2009-10-11 14:57:37 3250 ----a-w- c:\windows\system32\wbem\Outlook_01ca4a832c5a0a30.mof
2009-10-11 13:14:42 0 d-----r- C:\Audio Books
2009-10-11 04:40:35 0 d-----w- c:\program files\common files\xing shared
2009-10-11 04:40:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-11 04:40:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-11 04:40:19 0 d-----w- c:\program files\common files\Real
2009-10-11 04:33:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-11 04:33:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-11 04:32:21 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-11 04:32:13 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-11 04:32:13 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-11 04:32:13 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-11 04:32:13 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-11 04:32:13 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-11 04:32:13 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-11 04:32:09 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-11 04:32:00 0 d-----w- c:\program files\HP
2009-10-11 04:20:43 376 ----a-w- c:\windows\ODBC.INI
2009-10-11 04:20:33 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-11 04:20:06 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-11 04:19:45 0 d-----w- c:\windows\SHELLNEW
2009-10-11 04:05:21 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-11 04:04:46 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-11 04:04:46 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-11 04:04:44 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-11 04:04:44 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-11 03:53:17 0 d-----w- c:\windows\system32\scripting
2009-10-11 03:53:17 0 d-----w- c:\windows\system32\en
2009-10-11 03:53:17 0 d-----w- c:\windows\system32\bits
2009-10-11 03:53:17 0 d-----w- c:\windows\l2schemas
2009-10-11 03:51:59 0 d-----w- c:\windows\ServicePackFiles
2009-10-11 03:50:47 0 d-----w- c:\windows\network diagnostic
2009-10-11 03:05:57 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-11 02:50:27 0 d-sh--w- c:\documents and settings\jj\PrivacIE
2009-10-11 02:49:18 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-11 02:49:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 02:49:14 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 02:49:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-11 02:49:14 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 02:49:14 0 d-----w- c:\program files\Symantec
2009-10-11 02:49:14 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-11 02:48:57 0 d-----w- c:\windows\system32\drivers\NIS
2009-10-11 02:48:56 0 d-----w- c:\program files\Norton Internet Security
2009-10-11 02:48:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-11 02:48:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-11 02:48:42 0 d-----w- c:\program files\NortonInstaller
2009-10-11 02:48:42 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-11 02:47:59 0 d-sh--w- c:\documents and settings\jj\IETldCache
2009-10-11 02:46:24 0 d-----w- c:\docume~1\jj\applic~1\Windows Search
2009-10-11 02:46:14 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-11 02:46:07 0 d-----w- c:\windows\ie8updates
2009-10-11 02:45:38 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-11 02:45:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-11 02:45:38 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-11 02:45:38 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-11 02:45:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-11 02:45:38 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-11 02:44:50 0 dc-h--w- c:\windows\ie8
2009-10-11 02:10:53 0 d-----w- c:\windows\system32\XPSViewer
2009-10-11 02:10:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-11 02:10:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-11 02:10:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-11 02:10:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-11 02:10:31 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-11 02:10:31 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-11 02:10:31 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-11 02:10:31 0 d-----w- C:\d028aba0cce31baf53
2009-10-11 02:06:38 0 d-----w- c:\docume~1\jj\applic~1\Windows Desktop Search
2009-10-11 02:06:28 0 d--h--w- c:\windows\system32\GroupPolicy
2009-10-11 02:06:28 0 d-----w- c:\program files\Windows Desktop Search
2009-10-11 02:02:18 0 d-----w- c:\windows\RegisteredPackages
2009-10-11 02:00:20 0 d-----w- c:\windows\system32\URTTemp
2009-10-11 01:55:00 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-11 01:55:00 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-10-11 01:55:00 136192 ------w- c:\windows\system32\aaclient.dll
2009-10-11 00:33:59 0 d-----w- c:\windows\system32\NtmsData
2009-10-11 00:21:53 0 d-----w- c:\documents and settings\all users\Symantec Temporary Files
2009-10-11 00:18:50 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-11 00:18:33 13646 ----a-w- c:\windows\system32\wpa.bak
2009-10-11 00:18:07 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-11 00:18:06 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-11 00:17:50 0 d-----w- c:\windows\system32\PreInstall
2009-10-11 00:17:48 0 d--h--w- c:\windows\$hf_mig$
2009-10-11 00:17:42 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-11 00:14:01 0 d-----w- c:\program files\VIA
2009-10-11 00:09:43 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-11 00:09:43 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2009-10-11 00:09:34 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-11 00:09:18 0 d-----w- C:\NVIDIA
2009-10-11 00:05:29 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-10-11 00:05:29 0 d-----w- c:\program files\EVGA
2009-10-11 00:05:00 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-11 00:04:01 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-11 00:04:01 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-10-11 00:03:03 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-10-11 00:03:03 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-10-11 00:03:03 0 d-----w- c:\windows\system32\Lang
2009-10-11 00:00:59 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-11 00:00:54 0 d-----w- c:\program files\Realtek
2009-10-10 23:33:23 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-10 23:33:13 0 d--h--w- c:\program files\WindowsUpdate
2009-10-10 23:32:13 0 d-----w- c:\program files\common files\MSSoap
2009-10-10 23:28:26 0 d-----w- c:\program files\Online Services
2009-10-10 23:27:58 0 d-----w- c:\program files\Windows Plus
2009-10-10 23:25:45 0 d-----w- c:\program files\Messenger
2009-10-10 23:25:39 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-10 23:24:47 0 d-----w- c:\program files\Windows NT
2009-10-10 18:02:49 0 d-----w- c:\program files\common files\ODBC
2009-10-10 18:02:47 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-10 18:02:21 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-01 20:56:45 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-10-17 07:59:24 17372 ----a-w- c:\program files\common files\elenuvivy.db
2009-10-11 04:32:33 69443 ----a-w- c:\windows\hpoins05.dat
2009-10-10 23:28:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 14:28:58 405504 ----a-w- c:\windows\vncutil.exe
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 02:39:52 286720 ----a-w- c:\windows\system32\HPZc3212.dll
2009-08-26 19:04:30 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 20:01:10 18702336 ----a-w- c:\windows\RTHDCPL.EXE
2009-08-05 20:10:22 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

============= FINISH: 20:34:54.76 ===============

Attached Files


Edited by Hemy12, 02 November 2009 - 08:45 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:03 AM

Posted 03 November 2009 - 01:53 AM

Hi,

If rundll32.exe has been removed we can attempt to restore it either from system itself or if not available then from XP Pro cd (assuming you have it handy). However, I'd need to see ComboFix log first. See if you can find any ComboFix.txt files there in your hard drive.

Edited by Blade81, 03 November 2009 - 01:54 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:03 AM

Posted 10 November 2009 - 12:49 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users