Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected. dds.scr wont run!


  • This topic is locked This topic is locked
3 replies to this topic

#1 c12i513

c12i513

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 28 December 2009 - 11:05 PM

downloaded rsit.exe to run a scan. prompted me to open a file named connie.exe , canceled it and now this


Logfile of random's system information tool 1.06 (written by random/random)
Run by connie at 2009-12-28 20:02:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (4%) free of 71 GB
Total RAM: 1022 MB (29% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\gbpdblay.job
C:\WINDOWS\tasks\Ghipqqzbrd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"Ink Monitor"=C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [2001-12-07 258118]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"=C:\Documents and Settings\connie\Application Data\Mozilla\Firefox\Profiles\szpus4l7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=C:\Documents and Settings\connie\Application Data\Mozilla\Firefox\Profiles/szpus4l7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20bb6f73]
C:\WINDOWS\system32\irfgcvma.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qxkov]
C:\Documents and Settings\connie\qxkov.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2008-09-30 967048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZagrebLand]
C:\DOCUME~1\connie\LOCALS~1\Temp\c.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zeldar]
C:\DOCUME~1\connie\LOCALS~1\Temp\h.exe [2009-12-21 203264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

C:\Documents and Settings\connie\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
PowerReg SchedulerV2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUnMCSm
"notification packages"=scecli
C:\WINDOWS\system32\hagebuzi.dll
C:\WINDOWS\system32\wamejulu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Documents and Settings\connie\My Documents\My Received Files\LimeWire\LimeWire.exe"="C:\Documents and Settings\connie\My Documents\My Received Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1bb4252-0a74-11dc-9948-000c416a366b}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7238290-266b-11db-970d-000c416a366b}]
shell\AutoRun\command - E:\LaunchU3.exe


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-28 19:59:57 ----D---- C:\rsit
2009-12-28 19:45:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-28 19:45:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-28 19:45:53 ----A---- C:\WINDOWS\system32\java.exe
2009-12-28 19:45:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-27 18:53:32 ----D---- C:\WINDOWS\Prefetch
2009-12-27 18:42:42 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-27 18:26:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-27 18:26:01 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-27 18:25:47 ----RA---- C:\WINDOWS\SET16E.tmp
2009-12-27 18:25:46 ----RA---- C:\WINDOWS\SET16B.tmp
2009-12-27 18:25:39 ----RA---- C:\WINDOWS\SET128.tmp
2009-12-27 18:25:34 ----RA---- C:\WINDOWS\SET11C.tmp
2009-12-27 18:25:34 ----RA---- C:\WINDOWS\SET119.tmp
2009-12-27 10:13:26 ----D---- C:\WINDOWS\dell
2009-12-22 16:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-21 22:33:15 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-21 20:35:56 ----D---- C:\Program Files\ESET
2009-12-21 20:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-12-21 16:51:44 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-12-21 16:51:44 ----A---- C:\WINDOWS\BDTSupport.dll
2009-12-21 16:51:43 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-12-21 16:51:43 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-12-21 16:42:39 ----D---- C:\spoolerlogs
2009-12-11 18:41:20 ----RASH---- C:\WINDOWS\system32\ssmysth.dll
2009-12-01 14:40:09 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-12-01 14:40:09 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2009-12-01 14:40:04 ----D---- C:\Program Files\Cheat Engine

======List of files/folders modified in the last 1 months======

2009-12-28 20:02:54 ----D---- C:\Program Files\Spyware Doctor
2009-12-28 20:02:34 ----D---- C:\WINDOWS\Temp
2009-12-28 19:57:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-28 19:54:52 ----D---- C:\Program Files\Mozilla Firefox
2009-12-28 19:49:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 19:46:49 ----SHD---- C:\WINDOWS\Installer
2009-12-28 19:45:53 ----D---- C:\WINDOWS\system32
2009-12-28 19:45:20 ----D---- C:\Program Files\Java
2009-12-28 19:40:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-28 19:37:48 ----D---- C:\WINDOWS\Registration
2009-12-28 19:36:59 ----D---- C:\WINDOWS
2009-12-28 19:36:42 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-12-28 19:35:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-28 19:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-28 19:10:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 19:03:51 ----SD---- C:\WINDOWS\Tasks
2009-12-28 19:02:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-28 19:01:52 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 19:01:52 ----D---- C:\WINDOWS\repair
2009-12-27 19:50:08 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-27 19:50:00 ----D---- C:\WINDOWS\Help
2009-12-27 19:49:39 ----HD---- C:\WINDOWS\inf
2009-12-27 19:46:28 ----D---- C:\WINDOWS\mui
2009-12-27 19:46:07 ----D---- C:\WINDOWS\security
2009-12-27 19:03:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-27 18:58:44 ----SH---- C:\boot.ini
2009-12-27 18:58:44 ----A---- C:\WINDOWS\win.ini
2009-12-27 18:58:44 ----A---- C:\WINDOWS\system.ini
2009-12-27 18:55:38 ----A---- C:\WINDOWS\setuplog.txt
2009-12-27 18:54:11 ----SHD---- C:\System Volume Information
2009-12-27 18:54:11 ----D---- C:\WINDOWS\system32\Restore
2009-12-27 18:52:50 ----D---- C:\WINDOWS\system32\config
2009-12-27 18:52:50 ----D---- C:\Program Files\Windows Media Player
2009-12-27 18:46:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-27 18:44:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-27 18:44:50 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-27 18:43:23 ----D---- C:\WINDOWS\system32\ias
2009-12-27 18:42:46 ----RD---- C:\WINDOWS\Web
2009-12-27 18:42:46 ----RD---- C:\Program Files
2009-12-27 18:42:42 ----SD---- C:\WINDOWS\occache
2009-12-27 18:42:34 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-27 18:42:03 ----D---- C:\WINDOWS\system32\oobe
2009-12-27 18:41:49 ----D---- C:\Program Files\Outlook Express
2009-12-27 18:41:49 ----D---- C:\Program Files\Common Files\System
2009-12-27 18:41:42 ----D---- C:\Program Files\Internet Explorer
2009-12-27 18:38:32 ----D---- C:\WINDOWS\system32\Com
2009-12-27 18:36:55 ----D---- C:\WINDOWS\ehome
2009-12-27 18:36:48 ----D---- C:\WINDOWS\system32\wbem
2009-12-27 18:31:15 ----D---- C:\drivers
2009-12-27 18:25:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-27 10:20:28 ----D---- C:\WINDOWS\system32\Setup
2009-12-27 10:20:28 ----D---- C:\WINDOWS\system
2009-12-27 10:20:18 ----D---- C:\WINDOWS\system32\usmt
2009-12-27 10:20:08 ----D---- C:\WINDOWS\AppPatch
2009-12-27 10:19:58 ----D---- C:\WINDOWS\ime
2009-12-27 10:19:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-27 10:19:57 ----D---- C:\WINDOWS\Media
2009-12-27 10:19:43 ----D---- C:\WINDOWS\PeerNet
2009-12-27 10:19:27 ----D---- C:\WINDOWS\system32\npp
2009-12-27 10:19:19 ----D---- C:\WINDOWS\msagent
2009-12-27 10:16:02 ----D---- C:\WINDOWS\twain_32
2009-12-27 10:15:12 ----D---- C:\WINDOWS\system32\icsxml
2009-12-27 10:14:34 ----D---- C:\WINDOWS\system32\1033
2009-12-27 10:13:26 ----D---- C:\WINDOWS\WinSxS
2009-12-27 10:13:26 ----D---- C:\WINDOWS\Driver Cache
2009-12-22 16:02:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-21 22:36:14 ----A---- C:\WINDOWS\imsins.BAK
2009-12-21 22:32:14 ----RSD---- C:\WINDOWS\assembly
2009-12-21 20:17:08 ----D---- C:\Temp
2009-12-21 17:06:08 ----D---- C:\Program Files\Common Files\PC Tools
2009-12-21 16:41:40 ----D---- C:\Documents and Settings\connie\Application Data\LimeWire
2009-12-18 16:54:04 ----SD---- C:\Documents and Settings\connie\Application Data\Microsoft
2009-12-18 15:55:17 ----D---- C:\WINDOWS\pss
2009-12-07 15:03:44 ----D---- C:\Documents and Settings\connie\Application Data\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-23 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-08-01 851642]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\system32\Drivers\EPLPDX02.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-12-26 47360]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 amdk66;amdk66; C:\WINDOWS\system32\drivers\amdk66.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-04-13 239488]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-10 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-10 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-07-25 266295]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-08-09 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-28 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE []
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-16 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-04-23 79360]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-04-20 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------


Running Windows XP Media Center
DEll computer/ please help

BC AdBot (Login to Remove)

 


#2 c12i513

c12i513
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 30 December 2009 - 11:37 PM

oh my goodness! how come noone wants to help me? did i forget to post something? This is my combofix log...


ComboFix 09-12-27.04 - connie 12/28/2009 20:39:18.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.539 [GMT -8:00]
Running from: c:\documents and settings\connie\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\connie\Application Data\ezpinst.log
c:\documents and settings\connie\Application Data\inst.exe
c:\documents and settings\connie\Application Data\IUpd721
c:\documents and settings\connie\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\connie\Application Data\onload.exe
c:\documents and settings\connie\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Cheat Engine\dbk32.sys
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\bin
c:\windows\system32\ki3
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\Tasks\gbpdblay.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-29 03:59 . 2009-12-29 04:00 -------- d-----w- C:\rsit
2009-12-29 03:45 . 2009-12-29 03:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 02:58 . 2009-12-28 02:58 -------- d-----w- c:\documents and settings\connie\Local Settings\Application Data\ESET
2009-12-28 02:26 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-28 02:26 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-27 18:13 . 2009-12-27 18:13 -------- d-----w- c:\windows\dell
2009-12-22 04:35 . 2009-12-22 04:35 -------- d-----w- c:\program files\ESET
2009-12-22 04:35 . 2009-12-22 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-22 00:51 . 2009-10-08 19:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-22 00:51 . 2009-10-08 19:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-22 00:51 . 2008-11-26 20:08 131 ----a-w- c:\windows\IDB.zip
2009-12-22 00:51 . 2009-10-08 19:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-22 00:51 . 2009-10-08 19:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-12-22 00:51 . 2009-10-02 22:19 1152470 ----a-w- c:\windows\UDB.zip
2009-12-22 00:43 . 2009-09-24 16:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-22 00:43 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-22 00:43 . 2009-09-24 00:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-22 00:42 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-22 00:42 . 2009-12-22 00:42 -------- d-----w- C:\spoolerlogs
2009-12-19 03:00 . 2009-12-19 03:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-12 02:41 . 2009-12-12 02:41 132096 --sha-r- c:\windows\system32\ssmysth.dll
2009-12-01 22:40 . 2007-12-27 01:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-12-01 22:40 . 2007-12-27 01:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-12-01 22:40 . 2009-12-29 04:45 -------- d-----w- c:\program files\Cheat Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 04:53 . 2007-09-26 07:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 04:52 . 2007-03-27 04:06 -------- d-----w- c:\program files\Spyware Doctor
2009-12-29 03:45 . 2006-05-24 04:01 -------- d-----w- c:\program files\Java
2009-12-29 03:05 . 2006-05-26 23:28 137672 ----a-w- c:\documents and settings\connie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-29 02:56 . 2005-08-16 09:41 88699 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-28 03:03 . 2008-12-18 05:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 02:38 . 2005-08-16 09:38 34380 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-22 01:06 . 2007-03-27 00:27 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-22 00:41 . 2008-06-13 22:00 -------- d-----w- c:\documents and settings\connie\Application Data\LimeWire
2009-12-19 02:12 . 2006-05-26 23:28 5330 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-07 23:03 . 2007-08-05 02:30 -------- d-----w- c:\documents and settings\connie\Application Data\Vso
2009-12-04 00:14 . 2008-12-18 05:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13 . 2008-12-18 05:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 20:53 . 2009-10-15 20:53 34101504 ----a-w- c:\documents and settings\connie\Application Data\sdsetup.exe
2007-02-20 17:03 . 2007-02-20 17:03 56 --sha-r- c:\windows\system32\19DAE9F73E.sys
2007-05-04 22:41 . 2006-05-26 23:28 88 --sha-r- c:\windows\system32\5938C91371.sys
1997-07-22 02:30 . 1997-07-22 02:30 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 10:00 . 1997-06-23 10:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 19:06 . 1997-06-23 19:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 19:06 . 1997-06-23 19:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 19:06 . 1997-06-23 19:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-23 1243088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-04 429392]

c:\documents and settings\connie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg SchedulerV2.exe [2009-7-1 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-5-29 135680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 01:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2008-10-01 01:01 967048 ----a-w- c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\connie\\My Documents\\My Received Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [12/17/2008 8:12 PM 39472]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/21/2009 4:43 PM 207280]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/21/2009 4:51 PM 112592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/8/2008 4:05 PM 358600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/19/2008 6:25 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2008 9:06 PM 19160]
S1 amdk66;amdk66; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2008 9:06 PM 276816]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\connie\Application Data\Mozilla\Firefox\Profiles\szpus4l7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\connie\Application Data\Mozilla\Firefox\Profiles\szpus4l7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-FFTI - c:\documents and settings\connie\Application Data\Mozilla\Firefox\Profiles\szpus4l7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-20bb6f73 - c:\windows\system32\irfgcvma.dll
MSConfigStartUp-qxkov - c:\documents and settings\connie\qxkov.exe
MSConfigStartUp-ZagrebLand - c:\docume~1\connie\LOCALS~1\Temp\c.exe
MSConfigStartUp-Zeldar - c:\docume~1\connie\LOCALS~1\Temp\h.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 20:53
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-28 21:04:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-29 05:04

Pre-Run: 4,054,003,712 bytes free
Post-Run: 9,972,625,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /noexecute=optin

- - End Of File - - 50A76E202911B16FC48A11051267DFDC

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:23 PM

Posted 07 January 2010 - 08:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:23 PM

Posted 16 January 2010 - 08:44 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users