Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Being Attacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 cheesysalsa

cheesysalsa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 14 April 2010 - 05:53 PM

EDIT: Topic spit off from here: http://www.bleepingcomputer.com/forums/t/309771/computer-being-attacked/ ~BP

DDS:

CODE
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Bill at 17:48:29.42 on Wed 04/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3199.2587 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)   {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton AntiVirus *On-access scanning enabled* (Updated)   {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bill\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.6.0.32\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264182412622
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264182405405
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\qmwq7vvu.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-13 217032]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1106000.020\symds.sys [2010-3-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1106000.020\symefa.sys [2010-3-31 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-29 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1106000.020\cchpx86.sys [2010-3-31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1106000.020\ironx86.sys [2010-3-31 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-13 112592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-14 303952]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.6.0.32\ccsvchst.exe [2010-3-31 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-1-22 583640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-23 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100409.001\IDSXpx86.sys [2010-4-12 329592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-14 20824]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100414.004\NAVENG.SYS [2010-4-14 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100414.004\NAVEX15.SYS [2010-4-14 1324720]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-13 1142224]
S3 Vitality;Vitality;\??\c:\docume~1\bill\locals~1\temp\vitality.sys --> c:\docume~1\bill\locals~1\temp\vitality.sys [?]

=============== Created Last 30 ================

2010-04-14 20:47:40    0    d-----w-    c:\docume~1\bill\applic~1\Malwarebytes
2010-04-14 20:47:21    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:47:20    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-14 20:47:19    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-14 20:47:19    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-04-13 23:33:14    0    d-----w-    c:\docume~1\bill\applic~1\Office Genuine Advantage
2010-04-13 21:13:07    0    d-----w-    C:\schrauber16930s
2010-04-13 21:07:02    0    d-sha-r-    C:\cmdcons
2010-04-13 21:05:06    98816    ----a-w-    c:\windows\sed.exe
2010-04-13 21:05:06    77312    ----a-w-    c:\windows\MBR.exe
2010-04-13 21:05:06    261632    ----a-w-    c:\windows\PEV.exe
2010-04-13 21:05:06    161792    ----a-w-    c:\windows\SWREG.exe
2010-04-13 21:04:48    0    d-----w-    C:\schrauber
2010-04-13 20:59:35    96512    ----a-w-    c:\windows\system32\drivers\tsk4.tmp
2010-04-13 11:19:45    767952    ----a-w-    c:\windows\BDTSupport.dll
2010-04-13 11:19:44    882    ----a-w-    c:\windows\RegSDImport.xml
2010-04-13 11:19:44    879    ----a-w-    c:\windows\RegISSImport.xml
2010-04-13 11:19:44    1652688    ----a-w-    c:\windows\PCTBDCore.dll
2010-04-13 11:19:44    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2010-04-13 11:19:44    131    ----a-w-    c:\windows\IDB.zip
2010-04-13 11:19:44    1152444    ----a-w-    c:\windows\UDB.zip
2010-04-13 11:19:43    165840    ----a-w-    c:\windows\PCTBDRes.dll
2010-04-13 11:17:55    7387    ----a-w-    c:\windows\system32\drivers\pctgntdi.cat
2010-04-13 11:17:55    233136    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2010-04-13 11:17:46    88040    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-13 11:17:46    7412    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-13 11:17:46    7383    ----a-w-    c:\windows\system32\drivers\pctcore.cat
2010-04-13 11:17:46    217032    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2010-04-13 11:17:37    7383    ----a-w-    c:\windows\system32\drivers\pctplsg.cat
2010-04-13 11:17:37    70408    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2010-04-13 11:17:27    0    d-----w-    c:\program files\Spyware Doctor
2010-04-13 11:17:27    0    d-----w-    c:\docume~1\bill\applic~1\PC Tools
2010-04-13 11:17:27    0    d-----w-    c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-12 23:51:57    0    d-----w-    c:\windows\XSxS
2010-04-12 23:51:57    0    d-----w-    c:\program files\Xenocode
2010-04-12 23:15:46    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-04-12 23:10:11    0    d-----w-    c:\docume~1\bill\applic~1\CFBEBBED5F088241D7B8D75A508B9C1E
2010-04-12 22:34:08    0    d-----w-    c:\windows\RegisteredPackages
2010-04-12 19:57:18    5632    ----a-w-    c:\windows\system32\ptpusb.dll
2010-04-12 19:57:18    15104    -c--a-w-    c:\windows\system32\dllcache\usbscan.sys
2010-04-12 19:57:18    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2010-04-12 19:57:17    159232    ----a-w-    c:\windows\system32\ptpusd.dll
2010-03-28 01:40:04    0    d-----w-    c:\program files\SmartFTP Client
2010-03-28 01:39:45    0    d-----w-    c:\program files\SmartFTP Client 4.0 Setup Files
2010-03-25 20:13:59    0    d-----w-    c:\program files\common files\Software Update Utility
2010-03-18 17:58:00    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2010-03-18 17:58:00    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-18 02:53:42    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-03-18 02:53:42    69632    ----a-w-    c:\windows\system32\QuickTime.qts

==================== Find3M  ====================

2010-04-13 21:18:05    96512    ------w-    c:\windows\system32\drivers\atapi.sys
2010-04-13 12:20:01    23040    ----a-w-    c:\windows\system32\drivers\mouclass.sys
2010-03-05 22:24:04    28988    ----a-w-    c:\windows\fonts\VDUB___0.TTF
2010-03-05 22:23:52    81704    ----a-w-    c:\windows\fonts\Creaminal.TTF
2010-03-05 22:23:40    29272    ----a-w-    c:\windows\fonts\VENUSRIS.TTF
2010-03-05 22:23:24    31324    ----a-w-    c:\windows\fonts\bisque.ttf
2010-03-05 22:23:14    97932    ----a-w-    c:\windows\fonts\synthetique_tt.ttf
2010-03-05 22:19:30    44176    ----a-w-    c:\windows\fonts\brightlights.ttf
2010-03-05 22:19:24    82404    ----a-w-    c:\windows\fonts\SaginawBold.ttf
2010-03-05 22:19:22    82304    ----a-w-    c:\windows\fonts\SaginawLight.ttf
2010-03-05 22:19:18    82468    ----a-w-    c:\windows\fonts\SaginawMedium.ttf
2010-03-05 22:19:04    45744    ----a-w-    c:\windows\fonts\riesling.ttf
2010-03-05 22:18:56    50704    ----a-w-    c:\windows\fonts\BUDMO.TTF
2010-03-05 22:18:42    31528    ----a-w-    c:\windows\fonts\FASHIONV.TTF
2010-03-05 22:18:36    193592    ----a-w-    c:\windows\fonts\REBOARD FONT.ttf
2010-03-05 22:18:30    13668    ----a-w-    c:\windows\fonts\Gtown.ttf
2010-03-05 22:18:20    29684    ----a-w-    c:\windows\fonts\ACCENT_1.TTF
2010-03-05 22:18:12    102032    ----a-w-    c:\windows\fonts\MiasScribblings~.ttf
2010-02-25 06:24:37    916480    ------w-    c:\windows\system32\wininet.dll
2010-02-04 21:40:28    1180672    ----a-w-    c:\windows\system32\msvcr90d.dll
2010-01-23 16:26:57    60808    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2010-01-22 16:19:07    21640    ----a-w-    c:\windows\system32\emptyregdb.dat

============= FINISH: 17:50:20.76 ===============


Attach.txt:

CODE
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2010 10:23:38 AM
System Uptime: 4/14/2010 5:45:20 PM (0 hours ago)

Motherboard: www.abit.com.tw |  | IL9 Pro
Processor: Intel® Core™2 CPU          6400  @ 2.13GHz | CPU 1 | 2128/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 157.341 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_107D147B&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_107D147B&REV_01\3&11583659&0&FB
Service:

==== System Restore Points ===================

RP1: 4/13/2010 5:57:24 AM - System Checkpoint
RP2: 4/13/2010 3:14:41 PM - Software Distribution Service 3.0

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
AIM 7
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
Browser Defender 2.0.6.15
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike
Counter-Strike: Source
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
Download Updater (AOL LLC)
FileZilla Client 3.3.2
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Java™ 6 Update 16
Left 4 Dead 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.6.3)
MSVCRT
Norton AntiVirus
OGA Notifier 2.0.0048.0
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Segoe UI
Skins
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Spyware Doctor 7.0
Steam
TeamViewer 5
Topaz Adjust 3
Topaz Enhance
Topaz Vivacity
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB973687)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Movie Maker 2.0
WinRAR archiver
WolfTeam International

==== Event Viewer Messages From Past Week ========

4/14/2010 5:44:32 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NAV service.
4/13/2010 3:55:28 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
4/12/2010 6:19:17 PM, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/12/2010 6:19:17 PM, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


GMER is still scanning, will post in a second.

Combo Fix Log:

CODE
ComboFix 10-04-14.01 - Bill 04/14/2010  19:18:21.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3199.2787 [GMT -5:00]
Running from: c:\documents and settings\Bill\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

(((((((((((((((((((((((((   Files Created from 2010-03-15 to 2010-04-15  )))))))))))))))))))))))))))))))
.

2010-04-14 23:58 . 2010-04-14 23:58    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2010-04-14 23:53 . 2010-04-15 00:01    15944    ----a-w-    c:\windows\system32\drivers\hitmanpro35.sys
2010-04-14 23:53 . 2010-04-14 23:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-14 23:46 . 2010-04-14 23:48    --------    d-----w-    c:\program files\Hitman Pro 3.5
2010-04-14 23:15 . 2010-04-14 23:16    --------    d-----w-    c:\program files\Common Files\Adobe
2010-04-14 23:09 . 2010-04-14 23:09    --------    d-----w-    c:\documents and settings\Bill\Local Settings\Application Data\Adobe
2010-04-14 20:47 . 2010-04-14 20:47    --------    d-----w-    c:\documents and settings\Bill\Application Data\Malwarebytes
2010-04-14 20:47 . 2010-03-30 05:46    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:47 . 2010-04-14 20:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 20:47 . 2010-04-14 20:47    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-04-14 20:47 . 2010-03-30 05:45    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-14 20:07 . 2010-02-04 02:03    84912    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\NAVENG.SYS
2010-04-14 20:07 . 2010-02-04 02:03    1324720    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\NAVEX15.SYS
2010-04-14 20:07 . 2010-01-23 16:44    177520    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\NAVENG32.DLL
2010-04-14 20:07 . 2010-01-23 16:44    1647984    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\NAVEX32A.DLL
2010-04-14 20:07 . 2010-01-23 16:44    371248    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\EECTRL.SYS
2010-04-14 20:07 . 2010-01-23 16:44    2747440    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\CCERASER.DLL
2010-04-14 20:07 . 2010-01-23 16:44    259440    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\ECMSVR32.DLL
2010-04-14 20:07 . 2010-01-23 16:44    102448    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100414.004\ERASER.SYS
2010-04-13 23:33 . 2010-04-13 23:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-13 23:33 . 2010-04-13 23:33    --------    d-----w-    c:\documents and settings\Bill\Application Data\Office Genuine Advantage
2010-04-13 21:04 . 2010-04-13 21:07    --------    d-----w-    C:\schrauber
2010-04-13 20:34 . 2010-04-13 20:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2010-04-13 20:33 . 2010-04-13 20:34    --------    d-----w-    c:\documents and settings\Bill\Local Settings\Application Data\Adobe-BackupByPhotoshopPortable
2010-04-13 20:33 . 2010-04-13 20:33    --------    d-----w-    c:\documents and settings\Bill\Application Data\Adobe-BackupByPhotoshopPortable
2010-04-13 11:19 . 2010-01-22 14:55    767952    ----a-w-    c:\windows\BDTSupport.dll
2010-04-13 11:19 . 2010-01-22 14:56    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2010-04-13 11:19 . 2010-01-22 14:56    1652688    ----a-w-    c:\windows\PCTBDCore.dll
2010-04-13 11:19 . 2009-10-28 06:36    1152444    ----a-w-    c:\windows\UDB.zip
2010-04-13 11:19 . 2008-11-26 17:08    131    ----a-w-    c:\windows\IDB.zip
2010-04-13 11:19 . 2010-01-22 14:56    165840    ----a-w-    c:\windows\PCTBDRes.dll
2010-04-13 11:17 . 2010-02-05 14:17    233136    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2010-04-13 11:17 . 2010-03-10 16:36    217032    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2010-04-13 11:17 . 2009-11-23 18:54    88040    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-13 11:17 . 2010-02-05 14:25    70408    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2010-04-13 11:17 . 2010-04-13 20:59    --------    d-----w-    c:\program files\Spyware Doctor
2010-04-13 11:17 . 2010-04-13 11:17    --------    d-----w-    c:\documents and settings\Bill\Application Data\PC Tools
2010-04-13 11:17 . 2010-04-13 11:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\PC Tools
2010-04-13 11:13 . 2010-04-13 11:13    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2010-04-13 01:30 . 2010-04-13 01:30    --------    d-----w-    c:\program files\QuickTime
2010-04-13 01:30 . 2010-04-13 01:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-13 01:29 . 2010-04-13 01:29    --------    d-----w-    c:\program files\Common Files\Apple
2010-04-13 01:29 . 2010-04-13 01:29    --------    d-----w-    c:\documents and settings\Bill\Local Settings\Application Data\Apple
2010-04-13 01:29 . 2010-04-13 01:29    --------    d-----w-    c:\program files\Apple Software Update
2010-04-13 01:29 . 2010-04-13 01:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple
2010-04-13 01:29 . 2010-04-13 01:29    --------    d-----w-    c:\documents and settings\Bill\Local Settings\Application Data\Apple Computer
2010-04-13 01:08 . 2010-04-13 01:08    6894    ----a-r-    c:\documents and settings\Bill\Application Data\Microsoft\Installer\{2DE41DC3-6374-4639-9B59-F280411A4644}\_18be6784.exe
2010-04-13 01:08 . 2010-04-13 01:08    1078    ----a-r-    c:\documents and settings\Bill\Application Data\Microsoft\Installer\{2DE41DC3-6374-4639-9B59-F280411A4644}\_4ae13d6c.exe
2010-04-13 01:08 . 2010-04-13 01:08    1078    ----a-r-    c:\documents and settings\Bill\Application Data\Microsoft\Installer\{2DE41DC3-6374-4639-9B59-F280411A4644}\_2cd672ae.exe
2010-04-13 01:08 . 2010-04-13 01:08    1078    ----a-r-    c:\documents and settings\Bill\Application Data\Microsoft\Installer\{2DE41DC3-6374-4639-9B59-F280411A4644}\_294823.exe
2010-04-12 23:51 . 2010-04-12 23:52    --------    d-----w-    c:\windows\XSxS
2010-04-12 23:51 . 2010-04-12 23:51    --------    d-----w-    c:\program files\Xenocode
2010-04-12 23:51 . 2010-04-12 23:51    --------    d-----w-    c:\documents and settings\Bill\Local Settings\Application Data\Xenocode
2010-04-12 23:15 . 2010-04-12 23:15    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2010-04-12 23:15 . 2010-04-12 23:16    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-12 23:15 . 2010-04-14 23:45    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-04-12 23:10 . 2010-04-13 00:06    --------    d-----w-    c:\documents and settings\Bill\Application Data\CFBEBBED5F088241D7B8D75A508B9C1E
2010-04-12 20:05 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-12 20:05 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-12 20:05 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-12 20:05 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-12 20:05 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-12 19:59 . 2010-04-12 19:59    --------    d-----w-    c:\documents and settings\Bill\Application Data\DivX
2010-04-12 19:57 . 2008-04-14 03:15    15104    -c--a-w-    c:\windows\system32\dllcache\usbscan.sys
2010-04-12 19:57 . 2008-04-14 03:15    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2010-04-12 19:57 . 2001-08-18 01:36    5632    ----a-w-    c:\windows\system32\ptpusb.dll
2010-04-12 19:57 . 2008-04-14 08:42    159232    ----a-w-    c:\windows\system32\ptpusd.dll
2010-04-05 21:20 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-05 21:20 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-05 21:20 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-05 21:20 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-05 21:20 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-03-30 03:25 . 2010-03-24 20:38    536112    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-30 03:25 . 2010-03-24 20:38    201616    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-30 03:25 . 2010-03-24 20:38    1407888    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-30 03:25 . 2010-03-24 20:38    678960    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-30 03:25 . 2010-03-24 20:38    611216    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-28 01:40 . 2010-03-28 01:40    --------    d-----w-    c:\program files\SmartFTP Client
2010-03-28 01:39 . 2010-03-28 01:39    --------    d-----w-    c:\program files\SmartFTP Client 4.0 Setup Files
2010-03-25 20:13 . 2010-03-25 20:13    --------    d-----w-    c:\program files\Common Files\Software Update Utility
2010-03-18 17:58 . 2010-03-18 17:58    --------    d-----w-    c:\windows\Sun
2010-03-18 17:58 . 2010-03-18 17:57    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-18 17:57 . 2010-03-18 17:57    --------    d-----w-    c:\program files\Java
2010-03-18 17:57 . 2010-03-18 17:57    152576    ----a-w-    c:\documents and settings\Bill\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 00:31 . 2010-01-23 01:35    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 00:16 . 2010-04-13 20:59    96512    ----a-w-    c:\windows\system32\drivers\tsk4.tmp
2010-04-15 00:03 . 2010-04-15 00:03    96512    ----a-w-    c:\windows\system32\drivers\tsk5.tmp
2010-04-14 23:46 . 2010-01-23 15:41    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 22:37 . 2010-01-23 21:09    --------    d-----w-    c:\program files\Steam
2010-04-14 21:26 . 2010-03-08 01:12    --------    d-----w-    c:\documents and settings\Bill\Application Data\FileZilla
2010-04-13 21:41 . 2010-01-23 01:15    --------    d-----w-    c:\program files\Common Files\Adobe-BackupByPhotoshopPortable
2010-04-13 21:18 . 2008-04-14 12:00    96512    ------w-    c:\windows\system32\drivers\atapi.sys
2010-04-13 12:20 . 2008-04-13 22:09    23040    ----a-w-    c:\windows\system32\drivers\mouclass.sys
2010-04-13 11:19 . 2010-01-23 01:34    --------    d-----w-    c:\program files\Common Files\PC Tools
2010-03-25 20:24 . 2010-02-04 21:45    --------    d-----w-    c:\program files\TeamViewer
2010-03-25 20:23 . 2010-01-23 01:29    --------    d-----w-    c:\program files\CCleaner
2010-03-25 20:14 . 2010-02-12 20:30    --------    d-----w-    c:\program files\AIM
2010-03-15 19:49 . 2010-02-04 21:46    --------    d-----w-    c:\documents and settings\Bill\Application Data\TeamViewer
2010-03-13 16:10 . 2010-01-23 02:46    96072    ----a-w-    c:\documents and settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 14:37 . 2010-03-13 14:37    --------    d-----w-    c:\program files\Microsoft
2010-03-13 14:37 . 2010-03-13 14:37    --------    d-----w-    c:\program files\Windows Live
2010-03-13 14:37 . 2010-03-13 14:37    --------    d-----w-    c:\program files\Windows Live SkyDrive
2010-03-13 14:34 . 2010-03-13 14:34    --------    d-----w-    c:\program files\Common Files\Windows Live
2010-03-13 06:07 . 2010-03-13 06:07    185904    ----a-w-    c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-13 04:02 . 2010-03-13 04:02    --------    d--h--r-    c:\documents and settings\Bill\Application Data\SecuROM
2010-03-13 03:17 . 2010-03-13 03:17    --------    d-----w-    c:\program files\Microsoft Games for Windows - LIVE
2010-03-08 01:12 . 2010-03-08 01:12    --------    d-----w-    c:\program files\FileZilla FTP Client
2010-03-04 22:16 . 2010-03-04 22:16    --------    d-----w-    c:\documents and settings\Bill\Application Data\SmartFTP
2010-02-25 06:24 . 2009-09-08 19:22    916480    ------w-    c:\windows\system32\wininet.dll
2010-02-04 21:40 . 2010-02-05 22:26    1180672    ----a-w-    c:\windows\system32\msvcr90d.dll
2010-01-23 18:07 . 2010-01-22 16:21    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 16:26 . 2010-01-23 16:26    60808    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2010-01-23 16:26 . 2010-01-23 16:26    124976    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-23 01:33 . 2010-01-23 01:33    0    ----a-w-    c:\windows\nsreg.dat
2010-01-23 01:14 . 2010-01-23 01:14    1975408    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-01-23 01:14 . 2010-01-23 01:14    86016    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-22 16:40 . 2010-01-22 16:40    0    ----a-w-    c:\windows\ativpsrm.bin
2010-01-22 16:19 . 2010-01-22 16:19    21640    ----a-w-    c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((   SnapShot@2010-04-13_21.34.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-15 00:33 . 2010-04-15 00:33    16384              c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2010-04-15 00:31 . 2010-04-15 00:31    16384              c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2010-01-23 15:46 . 2010-04-14 23:46    35088              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    35088              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    18704              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    18704              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    20240              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    20240              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    888080              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    888080              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    272648              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    272648              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    922384              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    922384              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    845584              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    845584              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    217864              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    217864              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    184080              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    184080              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    159504              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    159504              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-21 06:02 . 2010-02-21 06:02    4195840              c:\windows\Installer\53bb3.msp
+ 2010-03-12 04:59 . 2010-03-12 04:59    5031424              c:\windows\Installer\53b9d.msp
- 2010-01-23 15:46 . 2010-03-11 04:02    1172240              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    1172240              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-23 15:46 . 2010-03-11 04:02    1165584              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-01-23 15:46 . 2010-04-14 23:46    1165584              c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-18 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-30 04:13    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kang4807@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Steam\\steamapps\\master_chief_997\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\kang4807@hotmail.com\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/13/2010 6:17 AM 217032]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\symds.sys [3/31/2010 5:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\symefa.sys [3/31/2010 5:49 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/29/2010 10:25 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [3/31/2010 5:49 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [3/31/2010 5:49 PM 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/13/2010 6:19 AM 112592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2010 3:47 PM 303952]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 5:49 PM 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/22/2010 8:34 PM 583640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/23/2010 8:26 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [4/12/2010 3:05 PM 329592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2010 3:47 PM 20824]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/1/2009 4:49 PM 34384]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/13/2010 6:17 AM 366840]
S3 Vitality;Vitality;\??\c:\docume~1\Bill\LOCALS~1\Temp\vitality.sys --> c:\docume~1\Bill\LOCALS~1\Temp\vitality.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\qmwq7vvu.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8A2A9AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> tsk5.tmp @ 0xb9ef1852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d62bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d6fa21
SendHandler -> NDIS.sys @ 0xb9d4d87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\tsk5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-602162358-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,d1,67,0b,86,89,5f,ab,39,b5,5a,ca,73,e9,c0,ee,4f,c7,62,e4,c1,
   d2,bf,a7,d8,2f,0d,74,bf,83,1c,1c,d5,14,ba,65,ce,55,0c,0a,dc,ed,3a,d1,0e,7f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\hnetcfg.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-04-14  19:38:45 - machine was rebooted
ComboFix-quarantined-files.txt  2010-04-15 00:38

Pre-Run: 169,117,569,024 bytes free
Post-Run: 169,150,865,408 bytes free

- - End Of File - - 3D8077BDB09501C4CA1356BE224A36DA


Posts merged ~BP

Edited by Budapest, 14 April 2010 - 07:56 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 18 April 2010 - 01:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 22 April 2010 - 07:28 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users