Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I OK?


  • This topic is locked This topic is locked
19 replies to this topic

#1 Welshgasman

Welshgasman

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 08 September 2010 - 03:10 AM

Hi,

Just been working on my uncles computer which was heavily infected.
Had to use ComboFix as requested by a member in another forum.
Impressed on what it reported in respect to other programs.

Always thought I was quite safe with my PC, now not so sure.smile.gif

As there is not tutorial for ComboFix I was hoping someone would check over my log and tell me if I'm OK or not. ?

The reason I am asking here and not the other forum where I was helped with my uncle's computer is so as not to overload the helper there.

TIA

ComboFix Log
ComboFix 10-09-07.01 - Administrator 08/09/2010 8:27.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.767.324 [GMT 1:00]
Running from: e:\winnt\Profiles\Administrator.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\ipconfig.txt
E:\test.txt
e:\winnt\desktop
e:\winnt\hosts
e:\winnt\java.exe
e:\winnt\patch.exe
e:\winnt\Profiles\Administrator.000\Application Data\Desktopicon
e:\winnt\Profiles\Administrator.000\Application Data\Desktopicon\eBayShortcuts.exe
e:\winnt\Profiles\Administrator.000\Personal\Readiris.DUS
e:\winnt\Profiles\Administrator.000\System
e:\winnt\Profiles\Administrator.000\System\win_qs.jqx
e:\winnt\Profiles\Administrator.000\System\win_qs7.jqx
e:\winnt\system\Color
e:\winnt\system32\command.pif
e:\winnt\system32\drivers\etc\lmhosts
e:\winnt\system32\fonts
e:\winnt\system32\fonts\ACADEMY_.PFB
e:\winnt\system32\fonts\ACADEMY_.PFM
e:\winnt\system32\fonts\ACADEMY_.TTF
e:\winnt\system32\kill.exe
e:\winnt\system32\msconfig.exe
e:\winnt\system32\Packet.dll
e:\winnt\twain_16.dll
e:\winnt\updcustom.dll.log
e:\winnt\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf
-------\Service_PB


((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 07:41 . 2010-09-08 07:41 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_7b8.dat
2010-09-08 07:41 . 2010-09-08 07:41 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_3dc.dat
2010-09-06 14:42 . 2010-09-06 14:42 -------- d-----w- e:\program files\Datapol
2010-08-14 11:33 . 2010-08-14 11:33 503808 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\msvcp71.dll
2010-08-14 11:33 . 2010-08-14 11:33 12800 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55ee5d5e-n\decora-d3d.dll
2010-08-14 11:33 . 2010-08-14 11:33 499712 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\jmc.dll
2010-08-14 11:33 . 2010-08-14 11:33 61440 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55ee5d5e-n\decora-sse.dll
2010-08-14 11:33 . 2010-08-14 11:33 348160 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 07:43 . 2003-11-27 19:38 -------- d-----w- e:\winnt\Profiles\Administrator.000\Application Data\MailWasherPro
2010-09-08 07:40 . 2001-12-05 19:29 -------- d-----w- e:\program files\Common Files\Adobe
2006-08-31 14:16 . 2001-06-15 21:12 21952 ---h--w- e:\program files\folder.htt
2005-04-17 14:21 . 2005-04-17 14:21 572336 ------w- e:\program files\Quicken1.QIF
2004-12-13 14:10 . 2004-12-13 14:10 16496 --sh--w- e:\winnt\Profiles\Administrator.000\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
2002-12-29 13:04 . 2002-12-29 13:04 564 --sh--r- e:\winnt\Profiles\All Users\Application Data\Hagel Technologies\TweakMASTER\backup.dat
.

------- Sigcheck -------

[-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . e:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . e:\winnt\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="e:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2004-12-23 85504]
"SpybotSD TeaTimer"="k:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadQM"="loadqm.exe" [2000-05-03 7536]
"TweakMASTER"="j:\program files\TweakMASTER\TwMaster.exe" [2002-12-04 1746944]
"DU Meter"="e:\program files\DU Meter\DUMeter.exe" [2002-12-04 1194496]
"ScriptSentry"="j:\program files\Script Sentry\ScriptSentry.exe" [2002-07-04 262144]
"DUControl"="j:\program files\DirectUpdate\DUControl.exe" [2003-08-04 77824]
"WinVNC"="j:\program files\RealVNC\WinVNC\winvnc.exe" [2003-03-05 335872]
"Disk Monitor"="e:\program files\Generic\USB Card Reader Driver v2.0\Disk_Monitor.exe" [2003-05-09 465920]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-14 2048352]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Everything"="e:\program files\Everything\Everything.exe" [2009-03-13 602624]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="e:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\
CAPTIME.EXE [2000-12-25 61440]
ERUNT AutoBackup.lnk - k:\program files\ERUNT\AUTOBACK.EXE [2007-4-26 36352]
MailWasher.lnk - j:\program files\MailWasher Pro\MailWasher.exe [2003-11-6 18120904]
Notmad Manager.lnk - e:\program files\Red Chair Software\Notmad Explorer\notmgr.exe [2006-11-13 1282100]
TextBridge Instant Access OCR.lnk - f:\program files\TextBridge Classic\Bin\TBMenu.exe [2000-4-11 23552]
TypeItIn V1.4.lnk - f:\program files\TypeItIn\typeitin.exe [1999-12-11 58880]

e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\
BlackICE PC Protection.lnk - f:\program files\ISS\BlackICE\blackice.exe [2007-7-30 778240]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
PGPtray.lnk - f:\program files\Pgp\pgp6\Pgp60\PGPtray.exe [1999-12-11 38400]
Rupsmon Daemon.lnk - e:\program files\Belkin\Belkin Power Management Software\Monw32.exe [2006-7-14 32768]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= e:\winnt\Santa Fe Stucco.bmp
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "f:\program files\Symantec\WinFax\WfxSeh32.Dll" [1997-09-23 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:07 11952 ------w- e:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 09:00 8704 ------w- e:\winnt\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer"=sb16snd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
Domestic Security Version 4.87

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^Audigen Manager.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\Audigen Manager.lnk
backup=e:\winnt\pss\Audigen Manager.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^iPodder.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\iPodder.lnk
backup=e:\winnt\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=e:\winnt\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^Shortcut to taskman.exe.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\Shortcut to taskman.exe.lnk
backup=e:\winnt\pss\Shortcut to taskman.exe.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^VoipBuster.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\VoipBuster.lnk
backup=e:\winnt\pss\VoipBuster.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=e:\winnt\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=e:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=e:\winnt\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^WinFax Application Port Starter.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\WinFax Application Port Starter.lnk
backup=e:\winnt\pss\WinFax Application Port Starter.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^WinFax PRO Controller.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\WinFax PRO Controller.lnk
backup=e:\winnt\pss\WinFax PRO Controller.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-30 18:07 140568 ------w- e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 16:00 1818624 ------w- e:\winnt\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2002-07-29 07:15 495616 ------w- j:\progra~1\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ------w- e:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecExMail]
2003-05-08 15:15 664576 ------w- e:\program files\SecExMail\secexmail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-08-25 19:54 23090984 ------r- e:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
2003-06-18 10:31 244224 ------w- j:\program files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2006-05-04 04:58 998912 ------w- e:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe

R1 AvgLdx86;AVG AVI Loader Driver x86;e:\winnt\system32\drivers\avgldx86.sys [06/05/2008 18:09 335240]
R1 CloneCD;CloneCD I/O Driver;e:\winnt\system32\drivers\CloneCD.sys [25/12/2000 15:07 4840]
R1 MxlWnt;MxlWnt;e:\winnt\system32\drivers\MxlWnt.sys [17/03/2001 16:44 53576]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [06/05/2008 18:09 297752]
R2 BlackICE;BlackICE;f:\program files\ISS\BlackICE\blackd.exe [21/06/2004 19:37 1229430]
R2 NetProbe;NetProbe Packet Driver;e:\winnt\system32\drivers\NetProbe.sys [19/02/2003 14:22 5365]
R2 PGPmemlock;PGPmemlock;e:\winnt\system32\drivers\PGPmemlock.sys [13/01/2000 10:43 8444]
R2 ScanDrv;ScanDrv;e:\winnt\system32\drivers\SCANDRV.sys [13/01/2000 13:30 195384]
R2 TeamViewer5;TeamViewer 5;e:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12/01/2010 15:57 185640]
R3 4mmdat;4mmdat;e:\winnt\system32\drivers\4mmdat.sys [19/06/2003 12:05 10928]
R3 openhci;Microsoft USB Open Host Controller Driver;e:\winnt\system32\drivers\openhci.sys [19/06/2003 11:05 24784]
R3 usbhub20;USB Hub Support;e:\winnt\system32\drivers\usbhub20.sys [19/06/2003 11:05 49776]
R4 black;black;e:\winnt\system32\drivers\blackdrv.sys [21/06/2004 19:37 229331]
S1 Scsiscan;Scsiscan; [x]
S2 Scsiprnt;Scsiprnt;e:\winnt\system32\drivers\scsiprnt.sys [19/06/2003 12:05 11632]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;e:\winnt\system32\DRIVERS\Amps2prt.sys --> e:\winnt\system32\DRIVERS\Amps2prt.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);e:\winnt\system32\drivers\ctlsb16.sys [23/10/1999 13:10 141904]
S3 DVBT_Loader;DVB-T Adapter firmware loader;e:\winnt\system32\drivers\DVBT_Loader.sys [28/01/2008 21:27 44800]
S3 EB;EB;\??\e:\progra~1\NDGSOF~1\EtherBoy\EB.SYS --> e:\progra~1\NDGSOF~1\EtherBoy\EB.SYS [?]
S3 Eplpdx01;Eplpdx01;e:\winnt\system32\drivers\EPLPDX01.SYS [25/05/1998 74976]
S3 GenDTV;DVB-T receiver Driver;e:\winnt\system32\drivers\Geniausb.sys [28/01/2008 21:29 84992]
S3 ham50;Intel HaM Data Fax Voice;e:\winnt\system32\drivers\ham50.sys [02/01/2002 17:45 365853]
S3 Jukebox3_1394;Jukebox3_1394;e:\winnt\system32\drivers\ctpd1394.sys [03/01/2005 19:02 23611]
S3 NeodioUSBSTOR;Generic USB Card Reader Driver;e:\winnt\system32\drivers\USBNEOD.SYS [18/02/2003 06:34 18873]
S3 NtApm;NT Apm/Legacy Interface Driver;e:\winnt\system32\drivers\ntapm.sys [25/09/1999 10:36 9104]
S3 RapDrv;RapDrv;e:\winnt\system32\drivers\RapDrv.sys [21/06/2004 19:37 104968]
S3 RapFile;RapFile;e:\winnt\system32\drivers\RapFile.sys [10/05/2002 21:44 36644]
S3 RapNet;RapNet;e:\winnt\system32\drivers\RapNet.sys [10/05/2002 21:44 24344]
S3 Sandbox;Sandbox;e:\program files\Sandboxie\Sandbox.sys [14/10/2006 23:06 124032]
S3 stdatw2k;stdatw2k;e:\winnt\system32\drivers\stdatw2k.sys [03/03/2004 00:06 8960]
S3 WB;WB;\??\e:\progra~1\NDGSOF~1\WebBoy\WB.SYS --> e:\progra~1\NDGSOF~1\WebBoy\WB.SYS [?]
S4 Aha174x;Aha174x; [x]
S4 Always;Always; [x]
S4 Arrow;Arrow; [x]
S4 Busmouse;Busmouse; [x]
S4 Cdr4vsd;Cdr4vsd;e:\winnt\system32\drivers\CDR4VSD.SYS [03/02/2000 09:52 48384]
S4 cirrus;cirrus; [x]
S4 dce376nt;dce376nt; [x]
S4 Dell_DGX;Dell_DGX; [x]
S4 Delldsa;Delldsa; [x]
S4 DptScsi;DptScsi; [x]
S4 dtc329x;dtc329x; [x]
S4 et4000;et4000; [x]
S4 Fd7000ex;Fd7000ex; [x]
S4 Fd8xx;Fd8xx; [x]
S4 Jazzg300;Jazzg300; [x]
S4 Jazzg364;Jazzg364; [x]
S4 Jzvxl484;Jzvxl484; [x]
S4 mitsumi;mitsumi; [x]
S4 mkecr5xx;mkecr5xx; [x]
S4 Ncr53c9x;Ncr53c9x; [x]
S4 ncr77c22;ncr77c22; [x]
S4 Ncrc700;Ncrc700; [x]
S4 Oliscsi;Oliscsi; [x]
S4 PrtSeqRd;PrtSeqRd; [x]
S4 psidisp;psidisp; [x]
S4 qic117;qic117;\??\e:\winnt\System32\drivers\qic117.sys --> e:\winnt\System32\drivers\qic117.sys [?]
S4 qv;qv; [x]
S4 s3;s3; [x]
S4 SimpleCentre;SimpleCentre;f:\ntreskit\srvany.exe --> f:\ntreskit\srvany.exe [?]
S4 slcd32;slcd32; [x]
S4 Spock;Spock; [x]
S4 T128;T128; [x]
S4 T13B;T13B; [x]
S4 tmv1;tmv1; [x]
S4 Ultra124;Ultra124; [x]
S4 Ultra14f;Ultra14f; [x]
S4 Ultra24f;Ultra24f; [x]
S4 v7vram;v7vram; [x]
S4 Wd33c93;Wd33c93; [x]
S4 wd90c24a;wd90c24a; [x]
S4 wdvga;wdvga; [x]
S4 weitekp9;weitekp9; [x]
S4 Xga;Xga; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2002-08-29 06:14 91136 ----a-w- e:\winnt\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2002-08-29 06:14 91136 ----a-w- e:\winnt\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6295DF27-35EE-11d1-8707-00C04FD93327}]
2003-06-19 10:05 169232 ----a-w- e:\winnt\system32\mobsync.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 e:\winnt\Tasks\ATBackup.job
- e:\winnt\ATBACKUP.BAT [2000-01-13 11:32]

2010-09-08 e:\winnt\Tasks\Eject.job
- e:\winnt\eject.bat [2004-08-13 06:28]

2010-09-07 e:\winnt\Tasks\ERUNT.job
- k:\program files\ERUNT\AUTOBACK.EXE [2007-04-26 02:55]

2010-09-08 e:\winnt\Tasks\SyncBack Quicken.job
- k:\program files\SyncBack\SyncBack.exe [2007-04-26 12:40]

2010-09-07 e:\winnt\Tasks\SyncBack Simple Centre.job
- k:\program files\SyncBack\SyncBack.exe [2007-04-26 12:40]

2010-06-21 e:\winnt\Tasks\tape.job
- e:\winnt\tape.bat [2000-01-13 16:46]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar =
uInternet Settings,ProxyServer = 66.98.238.8:3128:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - j:\progra~1\DAP\dapextie.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E-&mail Page - e:\winnt\web\Mailto_URL.HTM
IE: Save with Download Manager... - file://e:\program files\J River\Media Center 11\DMDownload.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: e:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: hsbc.co.uk\www
TCP: {01AC67DE-48EB-4E57-81CE-7DB70E7A7D27} = 194.168.4.100,194.168.8.100
TCP: {B5AD0DFB-E0AC-4E18-84D9-A0E2D549C9BB} = 194.168.8.100,194.168.4.100
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - e:\program files\ICQ\IExplorerMime.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\DAP\dapie.dll
DPF: DirectAnimation Java Classes - file://e:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\winnt\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
FF - ProfilePath - e:\winnt\Profiles\Administrator.000\Application Data\Mozilla\Firefox\Profiles\6i3a2g4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 1
FF - component: j:\program files\firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
j:\program files\firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
j:\program files\firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
j:\program files\firefox\greprefs\all.js - pref("advanced.always_load_images", true);
j:\program files\firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
j:\program files\firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
j:\program files\firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
j:\program files\firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
j:\program files\firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
j:\program files\firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
j:\program files\firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
j:\program files\firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.version",
j:\program files\firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.build_id",
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
j:\program files\firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
j:\program files\firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
j:\program files\firefox\defaults\pref\firefox.js - pref("update.severity", 0);
j:\program files\firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
j:\program files\firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
j:\program files\firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
.
------- File Associations -------
.
JSEFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
regfile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
VBEFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
VBSFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{E12C5BEF-57C9-11D3-81C5-84C708FD407A} - (no file)
MSConfigStartUp-Acronis True Image Monitor - j:\program files\Acronis\TrueImage\TrueImageMonitor.exe
MSConfigStartUp-FreeCall - k:\program files\FreeCall.com\FreeCall\FreeCall.exe
MSConfigStartUp-GhostStartTrayApp - k:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
MSConfigStartUp-Media Server - e:\program files\J River\Media Jukebox\Media Server.exe
MSConfigStartUp-MoneyAgent - e:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-Nokia Tray Application - e:\program files\Common Files\Nokia\NCLTools\NclTray.exe
MSConfigStartUp-Skype@phone - j:\program files\Skype@phone\Skype@phone.exe
MSConfigStartUp-VoipBuster - k:\program files\voipbuster.com\voipbuster\voipbuster.exe
AddRemove-AOConfig_is1 - k:\program files\AOConfig\unins000.exe
AddRemove-AttachmentMaster - k:\progra~1\ATTACH~1\UNWISE.EXE
AddRemove-CS30DeinstKey - c:\win3\CSERVE\CS3\CS3\DeIsL2.isu
AddRemove-HijackThis - e:\temp\HijackThis.exe
AddRemove-LawPackCD - G:\LPSETUP.EXE
AddRemove-OBP4_is1 - k:\obp4\unins000.exe
AddRemove-PostCast Server - k:\progra~1\POSTCA~1\UNWISE.EXE
AddRemove-TimeReporter Windows CE Edition - k:\program files\iambic Software\TimeReporter\Uninst.isu
AddRemove-TurboCADv4ProDeinstKey - k:\program files\imsi\TCD4\DeIsL1.isu
AddRemove-Visual Studio 6.0 Enterprise Edition - f:\program files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe
AddRemove-WinStart Manager - j:\blcorp\UWCSuite\WinStart\Remove.exe
AddRemove-WMP7 - e:\progra~1\WINDOW~3\setup_wm.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 08:43
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\Software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
e:\winnt\system32\wzcdlg.dll
e:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'lsass.exe'(508)
e:\winnt\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2480)
e:\winnt\system32\PGP60hk.dll
e:\winnt\system32\SHDOCVW.DLL
f:\program files\TextBridge Classic\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
j:\progra~1\DIRECT~1\DUService.exe
e:\program files\Executive Software\DiskeeperWorkstation\DKService.exe
e:\program files\FolderSize\FolderSizeSvc.exe
k:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\winnt\system32\mgabg.exe
e:\winnt\system32\regsvc.exe
e:\program files\Belkin\Belkin Power Management Software\RupsMon.exe
e:\progra~1\AVG\AVG8\avgrsx.exe
e:\winnt\system32\MSTask.exe
e:\winnt\system32\stisvc.exe
e:\program files\AVG\AVG8\avgrsx.exe
e:\program files\TeamViewer\Version5\TeamViewer.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\winnt\System32\WBEM\WinMgmt.exe
e:\winnt\System32\mspmspsv.exe
e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\CAPTIME.EXE
e:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
e:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
e:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-08 08:52:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 07:52

Pre-Run: 27,215,364,096 bytes free
Post-Run: 27,369,930,752 bytes free

- - End Of File - - 116923B76A420D60983FAE01D467931C

Edited by Blade Zephon, 09 September 2010 - 02:42 PM.
Moved from AII to Log forum. ~BZ


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 14 September 2010 - 02:56 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 17 September 2010 - 02:37 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 19 September 2010 - 11:20 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 20 September 2010 - 03:33 AM

I have reopened the topic


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Welshgasman

Welshgasman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 September 2010 - 09:41 AM

Gringo,

Thank you again. Ran the programs in the order requested. Here are the logs.
dds.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 15:30:02.60 on Mon 20/09/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.767.342 [GMT 1:00]


============== Running Processes ===============

E:\WINNT\system32\spoolsv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\ISS\BlackICE\blackd.exe
J:\PROGRA~1\DIRECT~1\DUService.exe
E:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
K:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINNT\system32\mgabg.exe
E:\WINNT\system32\regsvc.exe
E:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
E:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
J:\Program Files\RealVNC\WinVNC\winvnc.exe
E:\Program Files\TeamViewer\Version5\TeamViewer.exe
E:\WINNT\System32\mspmspsv.exe
E:\WINNT\Explorer.EXE
J:\Program Files\TweakMASTER\TwMaster.exe
E:\Program Files\DU Meter\DUMeter.exe
J:\Program Files\DirectUpdate\DUControl.exe
E:\Program Files\Generic\USB Card Reader Driver v2.0\Disk_Monitor.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Everything\Everything.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\ISS\BlackICE\blackice.exe
F:\Program Files\Pgp\pgp6\Pgp60\PGPtray.exe
E:\Program Files\Belkin\Belkin Power Management Software\Monw32.exe
E:\WINNT\Profiles\Administrator.000\Start Menu\Programs\Startup\CAPTIME.EXE
J:\Program Files\MailWasher Pro\MailWasher.exe
E:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
F:\Program Files\TextBridge Classic\Bin\TBMenu.exe
F:\Program Files\TypeItIn\typeitin.exe
J:\Program Files\Opera\Opera.exe
E:\WINNT\explorer.exe
E:\Program Files\Winamp\winamp.exe
E:\WINNT\system32\ctpdesrv.exe
E:\WINNT\system32\CtNmBnd.exe
E:\PROGRAM FILES\STREAMRIPPER\wstreamripper.exe
E:\WINNT\system32\notepad.exe
E:\WINNT\Profiles\Administrator.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearch Bar =
uInternet Settings,ProxyServer = 66.98.238.8:3128:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: s - No File
BHO: SlimBho2.dll' - No File
BHO: DAPBHO Class: {0096cc0a-623c-4829-ad9c-19af0dc9d8fe} - j:\program files\dap\DAPIEBar.dll
BHO: Bugnosis: {3a6514cd-a457-11d4-8af3-000102686b79} - k:\program files\bugnosis\WebBug.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - e:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: Implements TweakBHO: {7daac7de-9ef0-4ff0-bfa5-aff3e899054c} - j:\progra~1\tweakm~1\TweakBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: OrbiscomROTBho2 Class: {d81ab57b-7327-4347-b7c7-9ef7ca87ce09} - e:\winnt\system32\SlimBho2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bugnosis: {930e4de1-973d-42d6-bf6e-6788e06bd003} - k:\program files\bugnosis\WebBug.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar4.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Bugnosis: {2884a2d1-2114-4799-9d18-ed60ee30be66} - k:\program files\bugnosis\WebBug.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [FlashPlayerUpdate] e:\winnt\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [LoadQM] loadqm.exe
mRun: [TweakMASTER] "j:\program files\tweakmaster\TwMaster.exe" /auto
mRun: [DU Meter] e:\program files\du meter\DUMeter.exe
mRun: [ScriptSentry] j:\program files\script sentry\ScriptSentry.exe /check
mRun: [DUControl] j:\program files\directupdate\DUControl.exe
mRun: [WinVNC] "j:\program files\realvnc\winvnc\winvnc.exe" -servicehelper
mRun: [Disk Monitor] e:\program files\generic\usb card reader driver v2.0\Disk_Monitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [AVG8_TRAY] e:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [Everything] "e:\program files\everything\Everything.exe" -startup
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "e:\program files\google\google desktop search\GoogleDesktop.exe" /startup
dRunOnce: [^SetupICWDesktop] e:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: e:\winnt\profiles\administrator.000\start menu\programs\startup\CAPTIME.EXE
StartupFolder: e:\winnt\profiles\admini~1.000\startm~1\programs\startup\erunta~1.lnk - k:\program files\erunt\AUTOBACK.EXE
StartupFolder: e:\winnt\profiles\admini~1.000\startm~1\programs\startup\mailwa~1.lnk - j:\program files\mailwasher pro\MailWasher.exe
StartupFolder: e:\winnt\profiles\admini~1.000\startm~1\programs\startup\notmad~1.lnk - e:\program files\red chair software\notmad explorer\notmgr.exe
StartupFolder: e:\winnt\profiles\admini~1.000\startm~1\programs\startup\textbr~1.lnk - f:\program files\textbridge classic\bin\TBMenu.exe
StartupFolder: e:\winnt\profiles\admini~1.000\startm~1\programs\startup\typeit~1.lnk - f:\program files\typeitin\typeitin.exe
StartupFolder: e:\winnt\profiles\alluse~1\startm~1\programs\startup\blacki~1.lnk - f:\program files\iss\blackice\blackice.exe
StartupFolder: e:\winnt\profiles\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\winnt\profiles\alluse~1\startm~1\programs\startup\pgptray.lnk - f:\program files\pgp\pgp6\pgp60\PGPtray.exe
StartupFolder: e:\winnt\profiles\alluse~1\startm~1\programs\startup\rupsmo~1.lnk - e:\program files\belkin\belkin power management software\Monw32.exe
IE: &Download with &DAP - j:\progra~1\dap\dapextie.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E-&mail Page - e:\winnt\web\Mailto_URL.HTM
IE: Save with Download Manager... - file://e:\program files\j river\media center 11\DMDownload.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: hsbc.co.uk\www
DPF: DirectAnimation Java Classes - file://e:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\winnt\java\classes\xmldso.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxps://www.plaxo.com/down/latest/PlaxoInstall.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - e:\program files\yahoo!\common\yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38675.1769097222
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax2918.cab
TCP: {01AC67DE-48EB-4E57-81CE-7DB70E7A7D27} = 194.168.4.100,194.168.8.100
TCP: {B5AD0DFB-E0AC-4E18-84D9-A0E2D549C9BB} = 194.168.8.100,194.168.4.100
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - e:\program files\icq\IExplorerMime.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - e:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\dap\dapie.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: PCANotify - PCANotify.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - f:\program files\symantec\winfax\WfxSeh32.Dll
SEH: {E12C5BEF-57C9-11D3-81C5-84C708FD407A} - No File
SecurityProviders: rpasspc.dll, msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msimn.inf,User.Install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msimn.inf,User.Install - "d:\program files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {6295DF27-35EE-11d1-8707-00C04FD93327} - rundll32.exe %SystemRoot%\System32\mobsync.dll,RunDllRegister /p

================= FIREFOX ===================

FF - ProfilePath - e:\winnt\profiles\admini~1.000\applic~1\mozilla\firefox\profiles\6i3a2g4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 1
FF - component: j:\program files\firefox\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
j:\program files\firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
j:\program files\firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
j:\program files\firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
j:\program files\firefox\greprefs\all.js - pref("advanced.always_load_images", true);
j:\program files\firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
j:\program files\firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
j:\program files\firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
j:\program files\firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
j:\program files\firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
j:\program files\firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
j:\program files\firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
j:\program files\firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.version",
j:\program files\firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.build_id",
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
j:\program files\firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
j:\program files\firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
j:\program files\firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
j:\program files\firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
j:\program files\firefox\defaults\pref\firefox.js - pref("update.severity", 0);
j:\program files\firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
j:\program files\firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
j:\program files\firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
j:\program files\firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
j:\program files\firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
j:\program files\firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;e:\winnt\system32\drivers\avgldx86.sys [2008-5-6 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;e:\winnt\system32\drivers\avgmfx86.sys [2006-11-29 27784]
R1 awlegacy;awlegacy;e:\winnt\system32\drivers\AWLEGACY.sys [2003-4-21 10901]
R1 CloneCD;CloneCD I/O Driver;e:\winnt\system32\drivers\CloneCD.sys [2000-12-25 4840]
R1 MxlWnt;MxlWnt;e:\winnt\system32\drivers\MxlWnt.sys [2001-3-17 53576]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-6 297752]
R2 BlackICE;BlackICE;f:\program files\iss\blackice\blackd.exe [2004-6-21 1229430]
R2 DirectUpdate;DirectUpdate engine;j:\progra~1\direct~1\DUService.exe [2003-8-4 741376]
R2 NetProbe;NetProbe Packet Driver;e:\winnt\system32\drivers\NetProbe.sys [2003-2-19 5365]
R2 PGPmemlock;PGPmemlock;e:\winnt\system32\drivers\PGPmemlock.sys [2000-1-13 8444]
R2 ScanDrv;ScanDrv;e:\winnt\system32\drivers\SCANDRV.sys [2000-1-13 195384]
R2 TeamViewer5;TeamViewer 5;e:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]
R3 4mmdat;4mmdat;e:\winnt\system32\drivers\4mmdat.sys [2003-6-19 10928]
R3 openhci;Microsoft USB Open Host Controller Driver;e:\winnt\system32\drivers\openhci.sys [2003-6-19 24784]
R3 usbhub20;USB Hub Support;e:\winnt\system32\drivers\usbhub20.sys [2003-6-19 49776]
R4 black;black;e:\winnt\system32\drivers\blackdrv.sys [2004-6-21 229331]
S1 Scsiscan;Scsiscan; [x]
S2 Scsiprnt;Scsiprnt;e:\winnt\system32\drivers\scsiprnt.sys [2003-6-19 11632]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;e:\winnt\system32\drivers\amps2prt.sys --> e:\winnt\system32\drivers\Amps2prt.sys [?]
S3 awhost32;pcAnywhere Host Service;k:\program files\symantec\pcanywhere\awhost32.exe [2007-4-26 106496]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);e:\winnt\system32\drivers\ctlsb16.sys [1999-10-23 141904]
S3 DVBT_Loader;DVB-T Adapter firmware loader;e:\winnt\system32\drivers\DVBT_Loader.sys [2008-1-28 44800]
S3 EB;EB;\??\e:\progra~1\ndgsof~1\etherboy\eb.sys --> e:\progra~1\ndgsof~1\etherboy\EB.SYS [?]
S3 Eplpdx01;Eplpdx01;e:\winnt\system32\drivers\EPLPDX01.SYS [1998-5-25 74976]
S3 GenDTV;DVB-T receiver Driver;e:\winnt\system32\drivers\Geniausb.sys [2008-1-28 84992]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;e:\program files\google\google desktop search\GoogleDesktop.exe [2004-12-23 30192]
S3 ham50;Intel HaM Data Fax Voice;e:\winnt\system32\drivers\ham50.sys [2002-1-2 365853]
S3 Jukebox3_1394;Jukebox3_1394;e:\winnt\system32\drivers\ctpd1394.sys [2005-1-3 23611]
S3 NeodioUSBSTOR;Generic USB Card Reader Driver;e:\winnt\system32\drivers\USBNEOD.SYS [2003-2-18 18873]
S3 NtApm;NT Apm/Legacy Interface Driver;e:\winnt\system32\drivers\ntapm.sys [1999-9-25 9104]
S3 RapDrv;RapDrv;e:\winnt\system32\drivers\RapDrv.sys [2004-6-21 104968]
S3 RapFile;RapFile;e:\winnt\system32\drivers\RapFile.sys [2002-5-10 36644]
S3 RapNet;RapNet;e:\winnt\system32\drivers\RapNet.sys [2002-5-10 24344]
S3 Sandbox;Sandbox;e:\program files\sandboxie\Sandbox.sys [2006-10-14 124032]
S3 stdatw2k;stdatw2k;e:\winnt\system32\drivers\stdatw2k.sys [2004-3-3 8960]
S3 WB;WB;\??\e:\progra~1\ndgsof~1\webboy\wb.sys --> e:\progra~1\ndgsof~1\webboy\WB.SYS [?]
S4 Aha174x;Aha174x; [x]
S4 Always;Always; [x]
S4 Arrow;Arrow; [x]
S4 AW_HOST;AW_HOST;e:\winnt\system32\drivers\AW_HOST5.sys [2003-5-5 24365]
S4 Busmouse;Busmouse; [x]
S4 Cdr4vsd;Cdr4vsd;e:\winnt\system32\drivers\CDR4VSD.SYS [2000-2-3 48384]
S4 cirrus;cirrus; [x]
S4 dce376nt;dce376nt; [x]
S4 Dell_DGX;Dell_DGX; [x]
S4 Delldsa;Delldsa; [x]
S4 DptScsi;DptScsi; [x]
S4 dtc329x;dtc329x; [x]
S4 et4000;et4000; [x]
S4 Fd7000ex;Fd7000ex; [x]
S4 Fd8xx;Fd8xx; [x]
S4 Jazzg300;Jazzg300; [x]
S4 Jazzg364;Jazzg364; [x]
S4 Jzvxl484;Jzvxl484; [x]
S4 mitsumi;mitsumi; [x]
S4 mkecr5xx;mkecr5xx; [x]
S4 Ncr53c9x;Ncr53c9x; [x]
S4 ncr77c22;ncr77c22; [x]
S4 Ncrc700;Ncrc700; [x]
S4 Oliscsi;Oliscsi; [x]
S4 PrtSeqRd;PrtSeqRd; [x]
S4 psidisp;psidisp; [x]
S4 qic117;qic117;\??\e:\winnt\system32\drivers\qic117.sys --> e:\winnt\system32\drivers\qic117.sys [?]
S4 qv;qv; [x]
S4 s3;s3; [x]
S4 SimpleCentre;SimpleCentre;f:\ntreskit\srvany.exe --> f:\ntreskit\srvany.exe [?]
S4 slcd32;slcd32; [x]
S4 Spock;Spock; [x]
S4 T128;T128; [x]
S4 T13B;T13B; [x]
S4 tmv1;tmv1; [x]
S4 Ultra124;Ultra124; [x]
S4 Ultra14f;Ultra14f; [x]
S4 Ultra24f;Ultra24f; [x]
S4 v7vram;v7vram; [x]
S4 Wd33c93;Wd33c93; [x]
S4 wd90c24a;wd90c24a; [x]
S4 wdvga;wdvga; [x]
S4 weitekp9;weitekp9; [x]
S4 Xga;Xga; [x]

============== File Associations ===============

JSEFile=j:\program files\script sentry\ScriptSentry.exe "%1" %*
regfile=j:\program files\script sentry\ScriptSentry.exe "%1" %*
VBEFile=j:\program files\script sentry\ScriptSentry.exe "%1" %*
VBSFile=j:\program files\script sentry\ScriptSentry.exe "%1" %*
.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-09-20 14:30:03 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_66c.dat
2010-09-20 14:29:26 0 ----a-w- e:\winnt\profiles\administrator.000\defogger_reenable
2010-09-20 14:22:50 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_378.dat
2010-09-20 14:16:18 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_3cc.dat
2010-09-08 15:18:58 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_370.dat
2010-09-08 14:37:59 0 d-----w- e:\program files\Spybot - Search & Destroy
2010-09-08 13:57:28 0 d-----w- e:\program files\TeaTimer (Spybot - Search & Destroy)
2010-09-08 13:57:27 0 d-----w- e:\program files\SDHelper (Spybot - Search & Destroy)
2010-09-08 13:57:27 0 d-----w- e:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-09-08 13:57:27 0 d-----w- e:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-09-08 07:24:59 98816 ----a-w- e:\winnt\sed.exe
2010-09-08 07:24:59 77312 ----a-w- e:\winnt\MBR.exe
2010-09-08 07:24:59 256512 ----a-w- e:\winnt\PEV.exe
2010-09-08 07:24:59 161792 ----a-w- e:\winnt\SWREG.exe
2010-09-08 07:24:42 0 d-----w- E:\ComboFix
2010-09-06 14:42:18 0 d-----w- e:\program files\Datapol

==================== Find3M ====================

2010-07-17 04:00:04 423656 ----a-w- e:\winnt\system32\deployJava1.dll
2006-08-31 14:16:25 271 ---h--w- e:\program files\desktop.ini
2006-08-31 14:16:25 21952 ---h--w- e:\program files\folder.htt
2005-04-17 14:21:07 572336 ------w- e:\program files\Quicken1.QIF
2001-03-28 10:02:58 122880 ------w- e:\winnt\inf\agfa\message.exe
1999-12-07 11:00:00 32528 ----a-w- e:\winnt\inf\wbfirdma.sys
2004-12-13 14:10:47 16496 --sh--w- e:\winnt\profiles\administrator.000\application data\microsoft\windows nt\diskquota\NTDiskQuotaSidCache.dat
2002-12-29 13:04:51 564 --sh--r- e:\winnt\profiles\all users\application data\hagel technologies\tweakmaster\backup.dat

============= FINISH: 15:30:59.65 ===============

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk1\Partition1
Install Date:
System Uptime: 20/09/2010 16:14:54 (-1 hours ago)

Motherboard: | |
Processor: Intel Celeron processor | SLOT 1 | 1066/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT) - 2 GiB total, 1.569 GiB free.
D: is FIXED (FAT) - 2 GiB total, 1.345 GiB free.
E: is FIXED (NTFS) - 40 GiB total, 25.337 GiB free.
F: is FIXED (NTFS) - 40 GiB total, 37.058 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 2 GiB total, 1.02 GiB free.
J: is FIXED (NTFS) - 2 GiB total, 1.14 GiB free.
K: is FIXED (NTFS) - 69 GiB total, 55.77 GiB free.
L: is NetworkDisk (NTFS) - 457 GiB total, 62.202 GiB free.
M: is NetworkDisk (NTFS) - 457 GiB total, 62.202 GiB free.
Z: is NetworkDisk (NTFS) - 229 GiB total, 74.049 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Winvnc video hook driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: Winvnc Video hook driver
Name: Winvnc video hook driver
PNP Device ID: ROOT\DISPLAY\0000
Service: vncdrv

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


7-Zip 3.13
890x Install Driver Setup
ACDSee 32
ACDSee 5.0 Standard
Acronis True Image Home
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Advanced NT Security Explorer
AIDA32 v3.80
allTunes
Allway Sync version 10.2.3
ALZip
AnalogX NetStat Live
AOConfig v1.07
ArcSoft PhotoStudio 5.5
Atomic Clock Sync
AttachmentMaster
Audacity 1.2.4
Audigen Explorer (remove only)
AutoStreamer
AVG Free 8.5
BackRex Outlook Backup Demo
Belarc Advisor 7.2
Belkin Power Management Software for Windows
BlackICE
Cabinet File Viewer
Canon CanoScan Toolbox 4.9
Canon Digital Camera RS-232C TWAIN Driver
Canon PowerShot 2.2
Canon ScanGear Starter
Canon Utilities RAW Image Converter
CatchUp V1.3
CCleaner (remove only)
CloneCD
CompuServe 4.0.2 UK
Creative Jukebox Driver
CyberTweak
DeepBurner v1.7.1.213
DesignExpress for Traxdata PressIT 32 bit
DFX for MUSICMATCH
DigiGuide
DigiGuide TV Guide
DirectUpdate
DiskeeperWorkstation
Download Accelerator Plus Beta
Drv
DU Meter
DUN Optimizer ver.1.00
DVD Shrink 3.2
e-PDF To Word Converter v2.5
EmC50
EMS FreeSurfer mk II
EPSON Printer Software
EPSON Status Monitor 2
Eraser 5.5.2
ERUNT 1.1f
Everything 1.2.1.371
eXPert PDF 4
Find... On the Internet
Flatbed Scanner
Folder Size for Windows
Forté Agent
FreeUndelete
FTP Surfer
Garmin POI Loader
Generic USB Card Reader Driver v2.0
GetDataBack for NTFS
Gmail Backup
Google Desktop
Google Toolbar for Internet Explorer
HD Tune 2.53
HijackThis 1.99.1
Hotfix for MDAC 2.71 (KB927779)
Hotspot Shield 0.941
HTML Help Workshop
ICQ
InCtrl5
INFORAD MANAGER 1.7
InstallShield Express Visual FoxPro Limited Edition
intelliScore Polyphonic 4.0 Demo
InterActual Player
Internet Explorer Q903235
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3
Java 2 Runtime Environment, SE v1.4.2_06
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 21
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Law Pack CD Software (CD Req'd)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LogoManager for Nokia Phones
LP Ripper
Macromedia Dreamweaver 4
Macromedia Extension Manager
MailWasher Pro
Manual CanoScan LiDE 25
Matrox Graphics Software (remove only)
Microsoft AutoRoute 2001
Microsoft Baseline Security Analyzer
Microsoft Internet Explorer 6 SP1
Microsoft Jet 3.51
Microsoft Money
Microsoft Office 2000 Premium
Microsoft Outlook 2000 SR-1
Microsoft Outlook Personal Folders Backup
Microsoft Speech API 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual FoxPro 6.0
Microsoft Visual FoxPro 7.0 Professional - English
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft XML Parser
Microsoft XML Parser and SDK
Modem Setup for Nokia 6210
Motherboard Monitor 5
Mozilla Firefox (1.0)
MSDN Library - Visual Studio 6.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MT2OFX V3.3.4a
MUSICMATCH Jukebox
Nero Media Player
Nero OEM
Nero PhotoShow Express
NeroVision Express 2
NetPerSec
Netscape 6 (6.01)
NokiaFREE Unlock Codes Calculator
nokring
Notmad Explorer (remove only)
NTFS4DOS
Opera 10.00
Opera 10.10
Opera 9.10
Opera 9.52
Opera 9.60
OutBack Plus 4.1
Oxygen Phone Manager 1.9.2 for Nokia 71XX/62XX
PC Inspector smart recovery
PCI Audio Driver
PGP 6.0.2
Piccolo v2.0
Ping Plotter Freeware
Player CEREMU Suite
Playlist Creator 3
PostCast Server
PostCast Server Free Edition
PowerShot Utilities PhotoStitch 2.1
PowerShot Utilities SlideShowMaker 1.1
PowerShot Utilities TimeTunnel 2.2
Python 3.0.1
Quicken 2004
QuickTime
Real Alternative 1.51
Recover Files 2.0
Recuva (remove only)
RegHance 2.0
RouterSim CCNA Edition
Sandboxie version 2.64
ScanSoft OmniPage SE 4.0
Script Sentry
SecExMail
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB975562)
Security Update for DirectX 9.0 (KB976138)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB975025)
Security Update for Windows Media Player (KB977816)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 (KB973540)
Serif DrawPlus 5.0
Serif PhotoPlus X2
ShowBiz
SimpleCenter
SiSoftware Sandra Standard 2003 (PCExtreme.net Edition)
Skype@phone
Skype™ 3.5
SMSMaster
SnagIt 6
Spotify
Spybot - Search & Destroy
SpyBot - Search & Destroy 1.1
Spybot - Search & Destroy 1.4
Streamripper (Remove only)
Studio
Symantec pcAnywhere
SyncBack
Tag&Rename 3.5.2
TeamViewer 5
TextBridge Classic
The Off By One Web Browser
The Sleepwalker SMTP Proxy
Tickerboo
TimeReporter Windows CE Edition (Remove Only)
Tracks Eraser Pro v4.0
TreeSize Professional 2.31
Trillian
TurboCAD v4 Professional
TweakMASTER
UK National Lottery Ticket Checker
Ulead PhotoImpact 4.0
Ulead VideoStudio 6 SE Basic
uninstal.exe
Unlocker 1.8.7
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.5
Virtual Key
Visual FoxExpress 7.0
Visual FoxPro 7.0 Baseline - English
Visual FoxPro 7.0 Professional - English
VisualRoute
VNC 3.3.7
WebFldrs
Winamp
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB918439
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB969947
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971486
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973525
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974455
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB976325
Windows 2000 Hotfix - KB976749
Windows 2000 Hotfix - KB977165
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978207
Windows 2000 Hotfix - KB978251
Windows 2000 Hotfix - KB978262
Windows 2000 Hotfix - KB978601
Windows 2000 Hotfix - KB978706
Windows 2000 Hotfix - KB979309
Windows 2000 Hotfix - KB979482
Windows 2000 Hotfix - KB979559
Windows 2000 Hotfix - KB979683
Windows 2000 Hotfix - KB980195
Windows 2000 Hotfix - KB980218
Windows 2000 Hotfix - KB980232
Windows 2000 Hotfix - KB981350
Windows 2000 Hotfix - KB982381
Windows 2000 Hotfix (SP5) Q818043
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinFax PRO
WinStart Manager
WinZip
X-Lite 3.0
Xteq Systems X-Setup

==== End Of File ===========================

RKUnHooker would not run stating 'not supported Windows Version, try to run anyway' and it then failed with 'Error loading driver, NTSTATUS code 0xC0000263

I am using Windows 2000 on this PC.


TIA

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 20 September 2010 - 01:20 PM

:run combofix:
    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Welshgasman

Welshgasman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 September 2010 - 03:16 PM

Thank you, I will do so tomorrow. PC is switched off now.

BTW I am not getting ANY notifications of your replies. I have immediate email as default in my settings. I tried to use the option on the thread to track, and it informed me that it was already being tracked.???

There are no messages in Gmail's spam folder either.??

QUOTE(gringo_pr @ Sep 20 2010, 07:20 PM) View Post
:run combofix:
    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 20 September 2010 - 04:23 PM

Hello

I think they are working on it - I have heard something anyway


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Welshgasman

Welshgasman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 21 September 2010 - 03:19 AM

Gringo,

Here is the ComboFix log. I had an error message on reboot 'Cannot import creg.dat, Error accessing registry'. This was from a window titled Registry Editor.

ComboFix 10-09-20.03 - Administrator 21/09/2010 8:49.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.767.392 [GMT 1:00]
Running from: e:\winnt\Profiles\Administrator.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
E:\ipconfig.txt
E:\test.txt
e:\winnt\hosts
e:\winnt\java.exe
e:\winnt\patch.exe
e:\winnt\Profiles\Administrator.000\Application Data\Desktopicon\eBayShortcuts.exe
e:\winnt\Profiles\Administrator.000\Personal\Readiris.DUS
e:\winnt\Profiles\Administrator.000\System\win_qs.jqx
e:\winnt\Profiles\Administrator.000\System\win_qs7.jqx
e:\winnt\system32\command.pif
e:\winnt\system32\drivers\etc\lmhosts
e:\winnt\system32\fonts\ACADEMY_.PFB
e:\winnt\system32\fonts\ACADEMY_.PFM
e:\winnt\system32\fonts\ACADEMY_.TTF
e:\winnt\system32\kill.exe
e:\winnt\system32\msconfig.exe
e:\winnt\system32\Packet.dll
e:\winnt\twain_16.dll
e:\winnt\updcustom.dll.log
e:\winnt\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf
-------\Service_PB


((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 08:02 . 2010-09-21 08:02 16384 ----atw- e:\winnt\system32\Perflib_Perfdata_254.dat
2010-09-20 15:08 . 2010-09-20 15:08 -------- d-----w- e:\winnt\Profiles\Administrator.000\Local Settings\Application Data\Mozilla
2010-09-20 14:42 . 2010-09-20 14:42 134098 ----a-w- e:\winnt\ColorPic Uninstaller.exe
2010-09-20 14:42 . 2010-09-20 14:42 -------- d-----w- e:\program files\ColorPic 4.1
2010-09-20 14:32 . 2010-09-20 14:38 34560 ----a-w- e:\winnt\system32\drivers\Normandy.sys
2010-09-08 14:37 . 2010-09-08 14:52 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-09-08 13:57 . 2010-09-08 13:57 -------- d-----w- e:\program files\TeaTimer (Spybot - Search & Destroy)
2010-09-08 13:57 . 2010-09-08 13:57 -------- d-----w- e:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-09-08 13:57 . 2010-09-08 13:57 -------- d-----w- e:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-09-08 13:57 . 2010-09-08 13:57 -------- d-----w- e:\program files\SDHelper (Spybot - Search & Destroy)
2010-09-06 14:42 . 2010-09-06 14:42 -------- d-----w- e:\program files\Datapol
1601-01-01 00:00 . 1601-01-01 00:00 0 ----atw- e:\winnt\system32\Perflib_Perfdata_79c.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 08:04 . 2003-11-27 19:38 -------- d-----w- e:\winnt\Profiles\Administrator.000\Application Data\MailWasherPro
2010-09-21 07:43 . 2009-06-26 14:41 -------- d-----w- e:\program files\Everything
2010-09-08 14:50 . 2003-05-23 21:35 -------- d---a-w- e:\winnt\Profiles\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 13:51 . 2004-12-14 03:40 -------- d-----w- e:\program files\Common Files\Java
2010-09-08 13:51 . 2004-12-14 03:43 -------- d-----w- e:\program files\Java
2010-09-08 07:40 . 2001-12-05 19:29 -------- d-----w- e:\program files\Common Files\Adobe
2010-08-14 11:33 . 2010-08-14 11:33 503808 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\msvcp71.dll
2010-08-14 11:33 . 2010-08-14 11:33 12800 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55ee5d5e-n\decora-d3d.dll
2010-08-14 11:33 . 2010-08-14 11:33 499712 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\jmc.dll
2010-08-14 11:33 . 2010-08-14 11:33 61440 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-55ee5d5e-n\decora-sse.dll
2010-08-14 11:33 . 2010-08-14 11:33 348160 ----a-w- e:\winnt\Profiles\Administrator.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-363b8579-n\msvcr71.dll
2010-07-17 04:00 . 2010-05-06 15:33 423656 ----a-w- e:\winnt\system32\deployJava1.dll
2006-08-31 14:16 . 2001-06-15 21:12 21952 ---h--w- e:\program files\folder.htt
2005-04-17 14:21 . 2005-04-17 14:21 572336 ------w- e:\program files\Quicken1.QIF
2004-12-13 14:10 . 2004-12-13 14:10 16496 --sh--w- e:\winnt\Profiles\Administrator.000\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
2002-12-29 13:04 . 2002-12-29 13:04 564 --sh--r- e:\winnt\Profiles\All Users\Application Data\Hagel Technologies\TweakMASTER\backup.dat
.

------- Sigcheck -------

[-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . e:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . e:\winnt\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadQM"="loadqm.exe" [2000-05-03 7536]
"TweakMASTER"="j:\program files\TweakMASTER\TwMaster.exe" [2002-12-04 1746944]
"DU Meter"="e:\program files\DU Meter\DUMeter.exe" [2002-12-04 1194496]
"ScriptSentry"="j:\program files\Script Sentry\ScriptSentry.exe" [2002-07-04 262144]
"DUControl"="j:\program files\DirectUpdate\DUControl.exe" [2003-08-04 77824]
"WinVNC"="j:\program files\RealVNC\WinVNC\winvnc.exe" [2003-03-05 335872]
"Disk Monitor"="e:\program files\Generic\USB Card Reader Driver v2.0\Disk_Monitor.exe" [2003-05-09 465920]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-14 2048352]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"Everything"="e:\program files\Everything\Everything.exe" [2009-03-13 602624]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Desktop Search"="e:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-08 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="e:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\
CAPTIME.EXE [2000-12-25 61440]
ERUNT AutoBackup.lnk - k:\program files\ERUNT\AUTOBACK.EXE [2007-4-26 36352]
MailWasher.lnk - j:\program files\MailWasher Pro\MailWasher.exe [2003-11-6 18120904]
Notmad Manager.lnk - e:\program files\Red Chair Software\Notmad Explorer\notmgr.exe [2006-11-13 1282100]
TextBridge Instant Access OCR.lnk - f:\program files\TextBridge Classic\Bin\TBMenu.exe [2000-4-11 23552]
TypeItIn V1.4.lnk - f:\program files\TypeItIn\typeitin.exe [1999-12-11 58880]

e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\
BlackICE PC Protection.lnk - f:\program files\ISS\BlackICE\blackice.exe [2007-7-30 778240]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]
PGPtray.lnk - f:\program files\Pgp\pgp6\Pgp60\PGPtray.exe [1999-12-11 38400]
Rupsmon Daemon.lnk - e:\program files\Belkin\Belkin Power Management Software\Monw32.exe [2006-7-14 32768]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= e:\winnt\Santa Fe Stucco.bmp
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "f:\program files\Symantec\WinFax\WfxSeh32.Dll" [1997-09-23 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:07 11952 ------w- e:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 09:00 8704 ------w- e:\winnt\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=sb16snd.dll
"MIDI1"=sb16snd.dll
"aux1"=sb16snd.dll
"mixer"=sb16snd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
Domestic Security Version 4.87

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^Audigen Manager.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\Audigen Manager.lnk
backup=e:\winnt\pss\Audigen Manager.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^iPodder.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\iPodder.lnk
backup=e:\winnt\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=e:\winnt\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^Shortcut to taskman.exe.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\Shortcut to taskman.exe.lnk
backup=e:\winnt\pss\Shortcut to taskman.exe.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^Administrator.000^Start Menu^Programs^Startup^VoipBuster.lnk]
path=e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\VoipBuster.lnk
backup=e:\winnt\pss\VoipBuster.lnkStartup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=e:\winnt\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=e:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=e:\winnt\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^WinFax Application Port Starter.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\WinFax Application Port Starter.lnk
backup=e:\winnt\pss\WinFax Application Port Starter.lnkCommon Startup

[HKLM\~\startupfolder\E:^WINNT^Profiles^All Users^Start Menu^Programs^Startup^WinFax PRO Controller.lnk]
path=e:\winnt\Profiles\All Users\Start Menu\Programs\Startup\WinFax PRO Controller.lnk
backup=e:\winnt\pss\WinFax PRO Controller.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-30 18:07 140568 ------w- e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
j:\program files\Acronis\TrueImage\TrueImageMonitor.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 16:00 1818624 ------w- e:\winnt\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2002-07-29 07:15 495616 ------w- j:\progra~1\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
k:\program files\FreeCall.com\FreeCall\FreeCall.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
k:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Server]
e:\program files\J River\Media Jukebox\Media Server.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
e:\program files\Microsoft Money\System\mnyexpr.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ------w- e:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
e:\program files\Common Files\Nokia\NCLTools\NclTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecExMail]
2003-05-08 15:15 664576 ------w- e:\program files\SecExMail\secexmail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-08-25 19:54 23090984 ------r- e:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype@phone]
j:\program files\Skype@phone\Skype@phone.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
2003-06-18 10:31 244224 ------w- j:\program files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
k:\program files\voipbuster.com\voipbuster\voipbuster.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2006-05-04 04:58 998912 ------w- e:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe

R1 AvgLdx86;AVG AVI Loader Driver x86;e:\winnt\system32\drivers\avgldx86.sys [06/05/2008 18:09 335240]
R1 CloneCD;CloneCD I/O Driver;e:\winnt\system32\drivers\CloneCD.sys [25/12/2000 15:07 4840]
R1 MxlWnt;MxlWnt;e:\winnt\system32\drivers\MxlWnt.sys [17/03/2001 16:44 53576]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [06/05/2008 18:09 297752]
R2 BlackICE;BlackICE;f:\program files\ISS\BlackICE\blackd.exe [21/06/2004 19:37 1229430]
R2 NetProbe;NetProbe Packet Driver;e:\winnt\system32\drivers\NetProbe.sys [19/02/2003 14:22 5365]
R2 PGPmemlock;PGPmemlock;e:\winnt\system32\drivers\PGPmemlock.sys [13/01/2000 10:43 8444]
R2 ScanDrv;ScanDrv;e:\winnt\system32\drivers\SCANDRV.sys [13/01/2000 13:30 195384]
R2 TeamViewer5;TeamViewer 5;e:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12/01/2010 15:57 185640]
R3 4mmdat;4mmdat;e:\winnt\system32\drivers\4mmdat.sys [19/06/2003 12:05 10928]
R3 openhci;Microsoft USB Open Host Controller Driver;e:\winnt\system32\drivers\openhci.sys [19/06/2003 11:05 24784]
R3 usbhub20;USB Hub Support;e:\winnt\system32\drivers\usbhub20.sys [19/06/2003 11:05 49776]
R4 black;black;e:\winnt\system32\drivers\blackdrv.sys [21/06/2004 19:37 229331]
S1 Scsiscan;Scsiscan; [x]
S2 Scsiprnt;Scsiprnt;e:\winnt\system32\drivers\scsiprnt.sys [19/06/2003 12:05 11632]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;e:\winnt\system32\DRIVERS\Amps2prt.sys --> e:\winnt\system32\DRIVERS\Amps2prt.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);e:\winnt\system32\drivers\ctlsb16.sys [23/10/1999 13:10 141904]
S3 DVBT_Loader;DVB-T Adapter firmware loader;e:\winnt\system32\drivers\DVBT_Loader.sys [28/01/2008 21:27 44800]
S3 EB;EB;\??\e:\progra~1\NDGSOF~1\EtherBoy\EB.SYS --> e:\progra~1\NDGSOF~1\EtherBoy\EB.SYS [?]
S3 Eplpdx01;Eplpdx01;e:\winnt\system32\drivers\EPLPDX01.SYS [25/05/1998 74976]
S3 GenDTV;DVB-T receiver Driver;e:\winnt\system32\drivers\Geniausb.sys [28/01/2008 21:29 84992]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;e:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23/12/2004 18:42 30192]
S3 ham50;Intel HaM Data Fax Voice;e:\winnt\system32\drivers\ham50.sys [02/01/2002 17:45 365853]
S3 Jukebox3_1394;Jukebox3_1394;e:\winnt\system32\drivers\ctpd1394.sys [03/01/2005 19:02 23611]
S3 NeodioUSBSTOR;Generic USB Card Reader Driver;e:\winnt\system32\drivers\USBNEOD.SYS [18/02/2003 06:34 18873]
S3 Normandy;Normandy SR2;e:\winnt\system32\drivers\Normandy.sys [20/09/2010 15:32 34560]
S3 NtApm;NT Apm/Legacy Interface Driver;e:\winnt\system32\drivers\ntapm.sys [25/09/1999 10:36 9104]
S3 RapDrv;RapDrv;e:\winnt\system32\drivers\RapDrv.sys [21/06/2004 19:37 104968]
S3 RapFile;RapFile;e:\winnt\system32\drivers\RapFile.sys [10/05/2002 21:44 36644]
S3 RapNet;RapNet;e:\winnt\system32\drivers\RapNet.sys [10/05/2002 21:44 24344]
S3 Sandbox;Sandbox;e:\program files\Sandboxie\Sandbox.sys [14/10/2006 23:06 124032]
S3 stdatw2k;stdatw2k;e:\winnt\system32\drivers\stdatw2k.sys [03/03/2004 00:06 8960]
S3 WB;WB;\??\e:\progra~1\NDGSOF~1\WebBoy\WB.SYS --> e:\progra~1\NDGSOF~1\WebBoy\WB.SYS [?]
S4 Aha174x;Aha174x; [x]
S4 Always;Always; [x]
S4 Arrow;Arrow; [x]
S4 Busmouse;Busmouse; [x]
S4 Cdr4vsd;Cdr4vsd;e:\winnt\system32\drivers\CDR4VSD.SYS [03/02/2000 09:52 48384]
S4 cirrus;cirrus; [x]
S4 dce376nt;dce376nt; [x]
S4 Dell_DGX;Dell_DGX; [x]
S4 Delldsa;Delldsa; [x]
S4 DptScsi;DptScsi; [x]
S4 dtc329x;dtc329x; [x]
S4 et4000;et4000; [x]
S4 Fd7000ex;Fd7000ex; [x]
S4 Fd8xx;Fd8xx; [x]
S4 Jazzg300;Jazzg300; [x]
S4 Jazzg364;Jazzg364; [x]
S4 Jzvxl484;Jzvxl484; [x]
S4 mitsumi;mitsumi; [x]
S4 mkecr5xx;mkecr5xx; [x]
S4 Ncr53c9x;Ncr53c9x; [x]
S4 ncr77c22;ncr77c22; [x]
S4 Ncrc700;Ncrc700; [x]
S4 Oliscsi;Oliscsi; [x]
S4 PrtSeqRd;PrtSeqRd; [x]
S4 psidisp;psidisp; [x]
S4 qic117;qic117;\??\e:\winnt\System32\drivers\qic117.sys --> e:\winnt\System32\drivers\qic117.sys [?]
S4 qv;qv; [x]
S4 s3;s3; [x]
S4 SimpleCentre;SimpleCentre;f:\ntreskit\srvany.exe --> f:\ntreskit\srvany.exe [?]
S4 slcd32;slcd32; [x]
S4 Spock;Spock; [x]
S4 T128;T128; [x]
S4 T13B;T13B; [x]
S4 tmv1;tmv1; [x]
S4 Ultra124;Ultra124; [x]
S4 Ultra14f;Ultra14f; [x]
S4 Ultra24f;Ultra24f; [x]
S4 v7vram;v7vram; [x]
S4 Wd33c93;Wd33c93; [x]
S4 wd90c24a;wd90c24a; [x]
S4 wdvga;wdvga; [x]
S4 weitekp9;weitekp9; [x]
S4 Xga;Xga; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2002-08-29 06:14 91136 ----a-w- e:\winnt\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2002-08-29 06:14 91136 ----a-w- e:\winnt\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6295DF27-35EE-11d1-8707-00C04FD93327}]
2003-06-19 10:05 169232 ----a-w- e:\winnt\system32\mobsync.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 e:\winnt\Tasks\ATBackup.job
- e:\winnt\ATBACKUP.BAT [2000-01-13 11:32]

2010-09-21 e:\winnt\Tasks\Eject.job
- e:\winnt\eject.bat [2004-08-13 06:28]

2010-09-21 e:\winnt\Tasks\ERUNT.job
- k:\program files\ERUNT\AUTOBACK.EXE [2007-04-26 02:55]

2010-09-21 e:\winnt\Tasks\SyncBack Quicken.job
- k:\program files\SyncBack\SyncBack.exe [2007-04-26 12:40]

2010-09-21 e:\winnt\Tasks\SyncBack Simple Centre.job
- k:\program files\SyncBack\SyncBack.exe [2007-04-26 12:40]

2010-06-21 e:\winnt\Tasks\tape.job
- e:\winnt\tape.bat [2000-01-13 16:46]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar =
uInternet Settings,ProxyServer = 66.98.238.8:3128:80
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - j:\progra~1\DAP\dapextie.htm
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E-&mail Page - e:\winnt\web\Mailto_URL.HTM
IE: Save with Download Manager... - file://e:\program files\J River\Media Center 11\DMDownload.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: hsbc.co.uk\www
TCP: {01AC67DE-48EB-4E57-81CE-7DB70E7A7D27} = 194.168.4.100,194.168.8.100
TCP: {B5AD0DFB-E0AC-4E18-84D9-A0E2D549C9BB} = 194.168.8.100,194.168.4.100
Filter: application/x-icq - {db40c160-09a1-11d3-baf2-000000000000} - e:\program files\ICQ\IExplorerMime.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - j:\progra~1\DAP\dapie.dll
DPF: DirectAnimation Java Classes - file://e:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\winnt\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
FF - ProfilePath - e:\winnt\Profiles\Administrator.000\Application Data\Mozilla\Firefox\Profiles\6i3a2g4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 1
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: j:\program files\firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
j:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
j:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
j:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
regfile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
VBEFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
VBSFile=j:\program files\Script Sentry\ScriptSentry.exe "%1" %*
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{E12C5BEF-57C9-11D3-81C5-84C708FD407A} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 09:04
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\Software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
e:\winnt\system32\wzcdlg.dll
e:\winnt\system32\WZCSAPI.DLL
e:\program files\TeamViewer\Version5\tv.dll

- - - - - - - > 'lsass.exe'(504)
e:\winnt\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2412)
e:\winnt\system32\PGP60hk.dll
e:\program files\TeamViewer\Version5\tv.dll
e:\winnt\system32\SHDOCVW.DLL
f:\program files\TextBridge Classic\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
j:\progra~1\DIRECT~1\DUService.exe
e:\program files\Executive Software\DiskeeperWorkstation\DKService.exe
e:\program files\FolderSize\FolderSizeSvc.exe
k:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\AVG\AVG8\avgrsx.exe
e:\winnt\system32\mgabg.exe
e:\winnt\system32\regsvc.exe
e:\program files\Belkin\Belkin Power Management Software\RupsMon.exe
e:\winnt\system32\MSTask.exe
e:\winnt\system32\stisvc.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\winnt\System32\WBEM\WinMgmt.exe
e:\program files\TeamViewer\Version5\TeamViewer.exe
e:\winnt\System32\mspmspsv.exe
e:\winnt\Profiles\Administrator.000\Start Menu\Programs\Startup\CAPTIME.EXE
.
**************************************************************************
.
Completion time: 2010-09-21 09:14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 08:14
ComboFix2.txt 2010-09-08 07:52

Pre-Run: 26,952,863,744 bytes free
Post-Run: 26,936,283,136 bytes free

- - End Of File - - 9DE7B6BDAB16570F3005C69EADB3B726


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 21 September 2010 - 04:19 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment Standard Edition v1.3
    Java 2 Runtime Environment, SE v1.4.2_06
    Java Auto Updater
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6 Update 1
    SpyBot - Search & Destroy 1.1
    Spybot - Search & Destroy 1.4

    Java™ 6 Update 21<-- DO NOT REMOVE



    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Welshgasman

Welshgasman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 21 September 2010 - 07:29 AM

Falling at the first hurdle here.

Add Remove Programs will not run.
I got as far as a window, which I cannot close, and there is no app in Task Manager, and nothing using CPU.
I still have items disabled from Defogger. Do I need to re enable them first.?

TIA

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 21 September 2010 - 02:47 PM

Hello

try this for add/remove

1. Open a CMD.EXE prompt.

2. Type regsvr32 mshtml.dll and press Enter and OK.

3. Type regsvr32 shdocvw.dll -i and press Enter and OK.

4. Type regsvr32 shell32.dll -i and press Enter and OK.

5. Close the CMD window.


Let me know if this helped or if we need to try something else


Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Welshgasman

Welshgasman
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 22 September 2010 - 02:08 AM

No, no change. sad.gif
I'm pretty sure it was working before as I seem to recall I removed something a few days ago, but this was before running those programs. I've tried to open a PDF file for something else, and Spybot queued the file and it would not open, and I've never had any problems before with a pdf file.

It is a very old PC and has lots of programs put on it throughout the years.

Edit:
I've managed to remove Spybot via it's own uninstall program.

QUOTE(gringo_pr @ Sep 21 2010, 08:47 PM) View Post
Hello

try this for add/remove

1. Open a CMD.EXE prompt.

2. Type regsvr32 mshtml.dll and press Enter and OK.

3. Type regsvr32 shdocvw.dll -i and press Enter and OK.

4. Type regsvr32 shell32.dll -i and press Enter and OK.

5. Close the CMD window.


Let me know if this helped or if we need to try something else


Gringo

Edited by Welshgasman, 22 September 2010 - 02:35 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:39 AM

Posted 23 September 2010 - 11:30 PM

hello

I want you to try this (use the free version)

http://www.revouninstaller.com/revo_uninst...e_download.html


let me know if this works

and complete the steps even if this fails


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users