Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix


  • This topic is locked This topic is locked
2 replies to this topic

#1 jhubb

jhubb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:36 PM

Posted 16 February 2010 - 02:40 PM

ComboFix 10-02-12.01 - JHubbard 02/16/2010 14:04:16.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2961 [GMT -5:00]
Running from: c:\documents and settings\JHubbard\Desktop\CAT.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\GBD
c:\windows\GBD\0Setup.exe WHAT FILE IS THIS.. GOOGLE NOTHING. I JUST DID A REFORMAT AND COMBO FIX FOUND THIS

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 18:50 . 2010-02-16 18:50 -------- d-----w- c:\documents and settings\JHubbard\stuff
2010-02-16 18:50 . 2010-02-16 18:50 -------- d-----w- c:\documents and settings\JHubbard\saved
2010-02-16 18:14 . 2010-02-16 18:14 -------- d-----w- C:\documents
2010-02-16 18:05 . 2010-02-16 18:05 -------- d-----w- c:\documents and settings\JHubbard\3
2010-02-16 18:05 . 2010-02-16 18:05 -------- d-----w- c:\documents and settings\JHubbard\2
2010-02-16 18:05 . 2010-02-16 18:05 -------- d-----w- c:\documents and settings\JHubbard\1
2010-02-16 06:31 . 2010-02-16 06:34 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-16 06:31 . 2010-02-16 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-16 06:31 . 2010-02-16 06:31 -------- d-----w- c:\program files\Nero
2010-02-11 02:02 . 2010-02-11 02:02 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\NVIDIA Corporation
2010-02-11 02:01 . 2010-02-11 02:01 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-02-10 21:54 . 2010-02-10 21:54 -------- d-----w- c:\program files\MSXML 4.0
2010-02-10 21:42 . 2010-02-11 00:44 -------- d-----w- c:\windows\nview
2010-02-10 15:13 . 2010-02-10 15:13 -------- d-----w- c:\documents and settings\JHubbard\.AMD Power Monitor Settings
2010-02-10 05:39 . 2010-02-10 05:39 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\Ahead
2010-02-10 05:27 . 2010-02-10 05:27 -------- d-----w- c:\program files\Common Files\LightScribe
2010-02-10 05:26 . 2010-02-10 05:26 -------- d-----w- c:\documents and settings\JHubbard\Application Data\Ahead
2010-02-10 05:25 . 2010-02-10 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-02-10 03:36 . 2010-02-10 03:36 -------- d-----w- c:\program files\TeamViewer
2010-02-10 01:03 . 2010-02-10 01:03 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\Symantec
2010-02-10 01:03 . 2009-04-21 03:12 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-10 01:02 . 2009-09-17 23:38 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-10 01:02 . 2010-02-10 01:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-10 01:02 . 2010-02-10 01:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-10 01:02 . 2007-03-22 01:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-02-10 01:02 . 2007-03-22 01:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-02-10 01:02 . 2007-03-22 01:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-02-10 01:01 . 2006-05-16 17:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe
2010-02-10 01:01 . 2010-02-10 01:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-10 01:01 . 2010-02-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-10 01:01 . 2010-02-10 01:02 -------- d-----w- c:\program files\Symantec
2010-02-10 01:01 . 2009-09-18 06:54 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\Setup.exe
2010-02-10 01:01 . 2009-09-17 23:27 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe
2010-02-10 01:01 . 2009-07-16 07:21 3557096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE
2010-02-10 01:01 . 2009-07-16 07:21 927096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LuCheck.exe
2010-02-10 00:33 . 2006-03-24 00:53 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-02-10 00:27 . 2010-02-10 00:27 -------- d-sh--w- c:\documents and settings\JHubbard\IECompatCache
2010-02-09 21:59 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-09 21:59 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-09 21:58 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-09 21:58 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-09 21:58 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-09 21:58 . 2009-12-08 18:43 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-09 21:35 . 2006-07-02 03:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-02-09 17:58 . 2010-02-09 17:58 -------- d-----w- c:\program files\Common Files\ActivIdentity
2010-02-09 17:58 . 2010-02-09 17:58 -------- d-----w- c:\program files\ActivIdentity
2010-02-09 17:57 . 2010-02-09 17:57 -------- d-sh--w- c:\windows\ftpcache
2010-02-09 07:29 . 2010-02-16 07:15 -------- d-----w- c:\documents and settings\JHubbard\Application Data\vlc
2010-02-09 07:17 . 2010-02-09 07:17 -------- d-----w- c:\program files\VideoLAN
2010-02-09 05:22 . 2010-02-09 05:22 -------- d-----w- c:\windows\system32\Lang
2010-02-09 05:13 . 2010-02-09 05:13 -------- d-----w- c:\windows\system32\RTCOM
2010-02-09 05:13 . 2006-03-09 09:45 364544 ----a-r- c:\windows\RtlUpd.exe
2010-02-09 05:13 . 2005-05-03 10:43 69632 ----a-r- c:\windows\ALCMTR.EXE
2010-02-09 05:13 . 2006-05-04 08:26 2808832 ----a-r- c:\windows\ALCWZRD.EXE
2010-02-09 05:13 . 2006-05-04 08:35 9709568 ----a-r- c:\windows\RTLCPL.EXE
2010-02-09 05:13 . 2006-05-04 08:22 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2010-02-09 05:12 . 2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe
2010-02-09 05:12 . 2006-03-10 11:32 2158592 ----a-r- c:\windows\MicCal.exe
2010-02-09 05:12 . 2006-05-27 02:47 16208384 ----a-r- c:\windows\RTHDCPL.EXE
2010-02-09 05:12 . 2006-05-26 05:20 4279296 ----a-r- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-09 05:10 . 2008-04-14 05:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-02-09 05:10 . 2008-04-14 05:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-02-09 05:10 . 2001-08-17 18:46 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-02-09 05:10 . 2001-08-17 18:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-02-09 05:10 . 2008-04-14 05:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-02-09 05:10 . 2008-04-14 05:16 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-02-09 05:10 . 2010-02-09 05:11 40136 ----a-w- c:\windows\system32\drivers\ET5Drv.sys
2010-02-09 05:06 . 2010-02-09 05:07 16608 ----a-w- c:\windows\gdrv.sys
2010-02-09 05:05 . 2010-02-09 05:05 -------- d-----w- c:\program files\DIFX
2010-02-09 05:04 . 2010-02-09 05:06 -------- d-----w- c:\program files\GIGABYTE
2010-02-09 05:04 . 1998-10-03 00:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-02-09 05:03 . 2010-02-09 05:03 -------- d-----w- c:\windows\NV1756728.TMP
2010-02-09 03:36 . 2010-02-09 03:36 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\wj32
2010-02-08 23:25 . 2010-02-09 03:11 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\ApplicationHistory
2010-02-08 23:02 . 2010-02-08 23:02 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-08 23:02 . 2010-02-08 23:02 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 23:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-08 23:02 . 2010-02-08 23:02 -------- d-----w- C:\c588842c3c34d91562322ff3e7c8
2010-02-08 23:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-08 23:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-08 23:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-08 23:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-08 23:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-08 23:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-08 23:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-08 23:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-08 23:00 . 2010-02-08 23:00 -------- d-----w- c:\windows\system32\URTTemp
2010-02-08 05:59 . 2010-02-08 05:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2010-02-08 03:55 . 2006-03-22 06:24 52736 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2010-02-08 03:55 . 2006-03-22 06:22 208384 ----a-w- c:\windows\system32\fdco1.dll
2010-02-08 03:55 . 2010-02-08 03:55 -------- d-----w- c:\windows\NV5442260.TMP
2010-02-08 03:55 . 2006-03-24 00:51 208896 ----a-w- c:\windows\system32\nvunrm.exe
2010-02-08 03:55 . 2006-03-22 06:23 109568 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-02-08 03:55 . 2006-03-22 06:23 1068800 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2010-02-08 03:55 . 2006-03-22 06:23 261120 ----a-w- c:\windows\system32\drivers\nvsnpu.sys
2010-02-08 03:55 . 2006-03-22 06:21 10240 ----a-w- c:\windows\system32\bdco1.dll
2010-02-08 03:55 . 2006-03-14 13:45 35840 ----a-w- c:\windows\system32\nvconrm.dll
2010-02-08 03:55 . 2006-03-22 06:24 18944 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2010-02-05 23:00 . 2006-04-14 06:00 208896 ------w- c:\windows\system32\nvuide.exe
2010-02-05 22:59 . 2006-04-14 06:01 35840 ----a-w- c:\windows\system32\NVCOI.DLL
2010-02-05 22:55 . 2009-09-29 06:48 -------- d-----w- c:\windows\system32\drivers\32Bit
2010-02-05 22:49 . 2006-03-22 06:21 10240 ----a-w- c:\windows\system32\bdco1ins.dll
2010-02-05 22:29 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-05 22:29 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-05 21:44 . 2010-02-05 21:44 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\AOL
2010-02-05 21:44 . 2010-02-05 21:44 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\AIM
2010-02-05 21:44 . 2010-02-05 21:44 -------- d-----w- c:\documents and settings\JHubbard\Application Data\acccore
2010-02-05 21:43 . 2010-02-05 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-02-05 21:43 . 2010-02-05 21:43 -------- d-----w- c:\program files\AIM
2010-02-05 21:43 . 2010-02-05 21:43 -------- d-----w- c:\program files\Common Files\AOL
2010-02-05 20:47 . 2010-02-05 20:47 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\VS Revo Group
2010-02-05 20:47 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-05 20:47 . 2010-02-05 20:47 -------- d-----w- c:\program files\VS Revo Group
2010-02-05 20:36 . 2010-02-05 20:36 -------- d-----w- c:\documents and settings\JHubbard\Application Data\Logitech
2010-02-05 20:35 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-05 20:34 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-05 20:34 . 2009-07-20 17:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-05 20:34 . 2009-07-20 17:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-05 20:34 . 2009-07-20 17:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-05 20:34 . 2009-07-20 17:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-05 20:34 . 2010-02-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-05 19:34 . 2010-02-05 19:34 -------- d-----w- c:\program files\Logitech
2010-02-05 19:31 . 2010-02-11 17:42 -------- d-----w- c:\program files\Trend Micro
2010-02-05 19:29 . 2010-02-10 05:42 -------- d-----w- c:\documents and settings\JHubbard\Local Settings\Application Data\Adobe
2010-02-05 07:48 . 2010-02-05 07:48 -------- d-----w- c:\documents and settings\JHubbard\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 01:02 . 2010-02-10 01:02 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-10 01:02 . 2010-02-10 01:02 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-05 22:30 . 2010-02-05 22:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-02-05 20:35 . 2010-02-05 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-05 20:35 . 2010-02-05 06:24 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-05 20:35 . 2010-02-05 20:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-05 20:34 . 2010-02-05 20:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-05 20:34 . 2010-02-05 20:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-05 06:25 . 2010-02-05 06:25 -------- d-----w- c:\documents and settings\JHubbard\Application Data\Leadertech
2010-02-05 06:09 . 2010-02-05 04:59 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-05 05:00 . 2010-02-05 05:00 -------- d-----w- c:\program files\microsoft frontpage
2010-02-05 04:59 . 2010-02-05 04:59 2678 ----a-w- c:\windows\java\Packages\Data\TFL7VR7B.DAT
2010-02-05 04:59 . 2010-02-05 04:59 558142 ----a-w- c:\windows\java\Packages\Y8GICD7N.ZIP
2010-02-05 04:59 . 2010-02-05 04:59 2678 ----a-w- c:\windows\java\Packages\Data\TNH7F53R.DAT
2010-02-05 04:59 . 2010-02-05 04:59 2678 ----a-w- c:\windows\java\Packages\Data\EP75ZJXN.DAT
2010-02-05 04:59 . 2010-02-05 04:59 2678 ----a-w- c:\windows\java\Packages\Data\7N5BV7XV.DAT
2010-02-05 04:59 . 2010-02-05 04:59 2678 ----a-w- c:\windows\java\Packages\Data\1FTN7X3J.DAT
2010-02-05 04:59 . 2010-02-05 04:59 155995 ----a-w- c:\windows\java\Packages\1FTN9FB7.ZIP
2010-02-05 04:58 . 2010-02-05 04:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-12 04:03 . 2009-07-08 14:07 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2009-07-08 14:07 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-07-08 14:07 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-07-08 14:07 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-07-08 14:07 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2009-07-08 14:07 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2009-07-08 14:07 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2009-07-08 14:07 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2009-07-08 14:07 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2009-07-08 14:07 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2003-11-08 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:20 . 2009-12-22 05:20 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14 . 2003-11-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2010-02-05 04:57 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-11-08 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2003-11-08 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-11-08 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2010-02-05 05:45 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2010-02-05 05:45 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2003-11-08 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-11-08 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-11-08 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-11-08 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2010-02-09 207680]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 21:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 21:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JHubbard^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\JHubbard\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-r- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 08:26 2808832 ----a-r- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 14:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ----a-r- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-05-04 08:22 86016 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UpdateCenterService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"nvsvc"=2 (0x2)
"LBTServ"=3 (0x3)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/5/2010 3:35 PM 10384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/16/2010 1:54 AM 102448]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [9/15/2009 1:59 PM 38248]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 4:44 AM 57600]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/5/2010 3:47 PM 27064]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\JHubbard\Application Data\Mozilla\Firefox\Profiles\rj9mt1hw.default\
FF - prefs.js: browser.startup.homepage - hxxp://kucampus.kaplan.edu/Login/Login.aspx
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
SafeBoot-Symantec Antvirus
MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\msi.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

- - - - - - - > 'lsass.exe'(1300)
c:\windows\system32\nvLsp.dll
.
Completion time: 2010-02-16 14:07:21
ComboFix-quarantined-files.txt 2010-02-16 19:07

Pre-Run: 166,074,155,008 bytes free
Post-Run: 166,025,986,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - CE94518A00640BA0776F21FABF854AA1


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:36 AM

Posted 20 February 2010 - 07:25 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:36 AM

Posted 24 February 2010 - 07:50 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users