Jump to content
Sign in to follow this  
sconrad308

Browswer Redirects

Recommended Posts

I have been fighting with this for entirely too long. I run Microsoft Security Essentials all the time and now can not update it. I also get redirected on any search I do. I have tried Ad-Aware, Malware Bytes and have even installed PCTools Spyware Doctor. They will all pick up things but can't seem to completely root out the problem. Last night I even tried Combo Fix and it said it did the work but everything is still the same again today.

 

Thanks in advance for your help.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:41 AM, on 6/17/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX02.428\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{66658DB4-57F6-41BD-8809-5E2C5801BB7D}: NameServer = 198.153.192.1,198.153.194.1

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 6477 bytes

 

Here is the text from Combo Fix:

 

ComboFix 10-06-16.02 - Admin 06/17/2010 1:27.2.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT -4:00]

Running from: c:\documents and settings\Admin\Desktop\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

PEV Error: PersonalFile

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Thumbs.db

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Nmea

 

 

((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))

.

 

2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager

2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18 . 2010-06-17 04:42 -------- d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools

2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing

2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler

2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker

2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group

2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS

2010-06-13 03:44 . 2010-03-29 12:53 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

2010-06-13 03:43 . 2010-03-29 12:53 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest

2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup

2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest

2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest

2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe

2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla

2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca

2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-12 04:39 . 2010-06-14 05:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:26 . 2009-02-09 12:10 617472 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll

2010-06-10 00:26 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll

2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll

2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker

2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker

2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler

2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft

2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live

2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live

2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC

2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2)

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2)

2010-05-22 13:38 . 2010-06-04 22:55 -------- d-----w- c:\program files\ZooskMessenger(2)

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-17 04:46 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center

2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-10 00:24 . 2010-06-10 00:24 104 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_940E57139A9FD3A4F891CAF90B54411D.dll

2010-06-10 00:24 . 2010-06-10 00:24 2548 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8D60D467ED8DE1141A8C9D9E83F0A848.dll

2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll

2010-06-10 00:24 . 2010-06-10 00:24 229 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_788E47A8F0F87104FA35BC4A2211AA5A.dll

2010-06-10 00:24 . 2010-06-10 00:24 4092 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7777C35CDDFED5B40B2B91A96A1E7E08.dll

2010-06-10 00:24 . 2010-06-10 00:24 7579 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7467736FFA180C14CBE760FC732E40BA.dll

2010-06-10 00:24 . 2010-06-10 00:24 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_745017A5E85BB88428D8ACA9520A35C3.dll

2010-06-10 00:24 . 2010-06-10 00:24 56 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_70D8516E7362FCE45B67734C98661947.dll

2010-06-10 00:24 . 2010-06-10 00:24 137 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_70B83354632A0724A977BE4B1155715B.dll

2010-06-10 00:24 . 2010-06-10 00:24 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll

2010-06-10 00:24 . 2010-06-10 00:24 105 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6CB762A2F77F4DD428F5A7BEF1864B1B.dll

2010-06-10 00:24 . 2010-06-10 00:24 809 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0300000010.dll

2010-06-10 00:24 . 2010-06-10 00:23 1360 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904.dll

2010-06-09 03:06 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works

2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader

2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC

2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca

2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group

2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian

2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-21 02:26 . 2010-04-21 02:26 -------- d-----w- c:\program files\Microsoft Fix it Center

2010-04-20 14:35 . 2009-11-11 23:24 -------- d-----w- c:\program files\Yahoo!

2010-04-19 02:44 . 2010-04-19 02:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartDraw

2010-04-19 01:19 . 2010-02-08 01:50 -------- d-----w- c:\program files\Full Tilt Poker

2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-10 21:05 . 2010-04-10 21:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll

2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll

.

 

------- Sigcheck -------

 

[-] 2002-08-29 02:00 . 6E657F8E96444B545D34E3F613C2C0E7 . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086]

wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592]

S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?]

S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512]

S3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496]

S3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904]

S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864]

S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

 

2010-06-17 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

 

2010-06-17 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

 

2010-06-17 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18]

.

.

------- Supplementary Scan -------

.

TCP: {66658DB4-57F6-41BD-8809-5E2C5801BB7D} = 198.153.192.1,198.153.194.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

 

AddRemove-Registrar Registry Manager 6.50 (Lite Edition) - c:\program files\Registrar Registry Manager\unwise.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-17 01:57

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x82EAFEC5]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf8783f28

\Driver\ACPI -> ACPI.sys @ 0xf86b6cb8

\Driver\atapi -> atapi.sys @ 0xf8638852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(324)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

c:\windows\System32\l3codeca.acm

c:\windows\system32\sirenacm.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

 

- - - - - - - > 'lsass.exe'(384)

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(1752)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\progra~1\COMMON~1\stardock\MCPCore.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\System32\l3codeca.acm

c:\windows\system32\sirenacm.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll

c:\program files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL

c:\program files\WinRAR\rarext.dll

c:\progra~1\MID86E~1\shellext.dll

c:\windows\System32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\progra~1\COMMON~1\Stardock\SDMCP.exe

.

**************************************************************************

.

Completion time: 2010-06-17 02:15:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-17 06:15

ComboFix2.txt 2010-06-17 02:27

 

Pre-Run: 20,830,056,448 bytes free

Post-Run: 20,749,991,936 bytes free

 

- - End Of File - - 7087D02603D9C71C4471EE7E7CABA53A

Share this post


Link to post
Share on other sites

Also of note, I was not able to post the logs to this website from my computer. I had to post it from another computer. Not sure if it is blocking me posting here or what but it seems strange I could send it the first try from a different computer.

Share this post


Link to post
Share on other sites

Hi,

 

ComboFix should be run only when asked by a trained helper.

 

 

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

 

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check

    Show All

    box while scanning in progress!

  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Share this post


Link to post
Share on other sites

Thank you Blade, for your help. I'm sorry I ran ComboFix, I hope it doesn't mess up anything now. I only ran it because I found it on another site, before I found this place. I was desperate and willing to try just about anything.

 

Here are the results of the DDS.txt

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 23:19:51.40 on Sun 06/20/2010

Internet Explorer: 8.0.6001.18702

 

============== Running Processes ===============

 

C:\WINDOWS\System32\Ati2evxx.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Admin\Desktop\Downloads\dds.com

C:\Program Files\Spyware Doctor\sdloader.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

 

============== Pseudo HJT Report ===============

 

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c

Share this post


Link to post
Share on other sites

Attach.txt

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/27/2008 4:25:17 PM

System Uptime: 6/20/2010 10:42:55 PM (1 hours ago)

 

Motherboard: Compaq | | 07D8

Processor: Intel® Pentium® 4 Mobile CPU 1.60GHz | U10 | 1196/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 37 GiB total, 18.771 GiB free.

D: is CDROM ()

F: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

 

Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878}

Description: Sprint Connection Manager Bus

Device ID: ROOT\NMEAPORTS\0000

Manufacturer: PCTEL

Name: Sprint Connection Manager Bus

PNP Device ID: ROOT\NMEAPORTS\0000

Service: Nmea

 

Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878}

Description: Sprint Connection Manager Bus

Device ID: ROOT\NMEAPORTS\0001

Manufacturer: PCTEL

Name: Sprint Connection Manager Bus

PNP Device ID: ROOT\NMEAPORTS\0001

Service: Nmea

 

Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878}

Description: Sprint Connection Manager Bus

Device ID: ROOT\NMEAPORTS\0002

Manufacturer: PCTEL

Name: Sprint Connection Manager Bus

PNP Device ID: ROOT\NMEAPORTS\0002

Service: Nmea

 

==== System Restore Points ===================

 

RP1: 6/16/2010 9:17:21 PM - System Checkpoint

RP2: 6/18/2010 4:07:52 AM - System Checkpoint

RP3: 6/19/2010 10:32:40 AM - System Checkpoint

 

==== Installed Programs ======================

 

AAC Decoder

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

AutoUpdate

BlackBerry Desktop Software 4.6

BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone

Bluetooth by hp

Cisco Systems VPN Client 5.0.02.0090

CloneCD

Compaq Client Manager V3.34

Conexant 56K ACLink Modem

Conexant AC-Link Audio

DesktopX

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

DivX Version Checker

Free Window Registry Repair

Full Tilt Poker

GE98067 98756 and 98046 MiniCam Pro

H.264 Decoder

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HpSdpAppCoreApp

HTC Driver

HTC Sync

Inactive HP Printer Drivers (Remove only)

JDownloader

Junk Mail filter update

Lucent Win Modem

Malwarebytes' Anti-Malware

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Fix it Center

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Search Enhancement Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works 7.0

Microsoft Works Calendar 9.0

MKV Splitter

Mozilla Firefox (3.6.3)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB927977)

MUSICMATCH® Jukebox

Nero 7 Ultra Edition

Notebook Utilities

One-Touch Buttons

OpenOffice.org 3.2

Opera 10.50

PC Pitstop Exterminate2 2.0

PowerDVD

QuickTime

Registrar Registry Manager 6.50

Revo Uninstaller Pro 2.1.1

Roxio Media Manager

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Segoe UI

Sprint SmartView

Spyware Doctor 7.0

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows PowerShell 1.0

Windows Presentation Foundation

Windows Search 4.0

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

Xvid 1.1.2 final uninstall

Yahoo! Messenger

Yahoo! Software Update

 

==== Event Viewer Messages From Past Week ========

 

6/20/2010 10:58:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.111.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/19/2010 9:51:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

6/19/2010 9:51:52 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/19/2010 12:21:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.111.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/17/2010 9:35:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/17/2010 7:56:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: SEAN\Admin Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

6/17/2010 7:29:26 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/17/2010 2:12:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.

6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RpcSs service.

6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.

6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MsMpSvc service.

6/16/2010 11:04:23 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).

6/16/2010 10:47:14 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

6/16/2010 1:26:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

6/16/2010 1:12:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

6/16/2010 1:12:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

6/15/2010 9:55:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/15/2010 9:27:46 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).

6/15/2010 9:22:07 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

6/15/2010 5:32:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.

6/15/2010 5:32:52 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/15/2010 5:32:22 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

6/15/2010 5:21:51 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

6/15/2010 5:20:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

6/15/2010 5:18:39 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

6/15/2010 5:18:39 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

6/14/2010 12:19:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/14/2010 1:17:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/13/2010 8:43:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

6/13/2010 8:43:13 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/13/2010 8:43:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/13/2010 8:39:58 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 8:39:47 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

6/13/2010 7:29:36 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 7:28:25 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 7:28:25 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 7:28:17 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 7:06:16 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 7:06:16 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

6/13/2010 12:28:01 AM, error: Service Control Manager [7034] - The SystemSuite Task Manager service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 11:53:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

6/13/2010 11:53:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/13/2010 11:49:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter

6/13/2010 11:44:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/13/2010 11:31:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

6/13/2010 11:02:17 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/13/2010 10:59:35 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

6/13/2010 10:59:35 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

6/13/2010 10:57:37 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 10:18:53 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

6/13/2010 10:18:50 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

GMER Report

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-20 23:50:00

Windows 5.1.2600 Service Pack 3

Running: md8emx9t.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF85F4112]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF85D32D6]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF85D34C8]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF85F4900]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF85F4BB4]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF85F2E12]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF85F5020]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF85F43D2]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF85D2F44]

 

---- Kernel code sections - GMER 1.0.15 ----

 

.rsrc C:\WINDOWS\system32\drivers\ACPIEC.sys entry point in ".rsrc" section [0xF8B54194]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001

.text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001

.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001

.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A

.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C

.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 025B000A

.text C:\WINDOWS\System32\svchost.exe[532] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EF000A

.text C:\WINDOWS\system32\spoolsv.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001

.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001

.text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011A0001

.text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A90001

.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001

.text ...

.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A

.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A

.text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

.text C:\WINDOWS\system32\HPConfig.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015E0001

.text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001

.text C:\WINDOWS\system32\csrss.exe[1724] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001

.text C:\WINDOWS\system32\winlogon.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017F0001

.text C:\WINDOWS\system32\services.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001

.text ...

.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C

.text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001

.text C:\WINDOWS\system32\ctfmon.exe[3884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

 

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

Device -> \Driver\atapi \Device\Harddisk0\DR0 82EB4EC5

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\system32\drivers\ACPIEC.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

 

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Hi,

 

Disable protection. Then run ComboFix and let it update itself. Post back the report + fresh dds.txt log.

Share this post


Link to post
Share on other sites

ComboFix Log:

 

ComboFix 10-06-20.06 - Admin 06/21/2010 13:07:51.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.215 [GMT -4:00]

Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

PEV Error: FavFile

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Thumbs.db

 

.

((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))

.

 

2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-06-17 16:01 . 2010-06-17 16:02 -------- d-----w- c:\program files\PCPitstop

2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager

2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools

2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing

2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler

2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker

2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group

2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS

2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest

2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup

2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest

2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest

2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe

2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla

2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca

2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker

2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker

2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler

2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler

2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft

2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live

2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live

2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC

2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2)

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2)

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works

2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center

2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2)

2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader

2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC

2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca

2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group

2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian

2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-10 21:05 . 2010-04-10 21:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll

2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.

 

------- Sigcheck -------

 

[-] 2002-08-29 02:00 . 6E657F8E96444B545D34E3F613C2C0E7 . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086]

wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904]

R3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888]

S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?]

S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512]

S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

 

2010-06-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

 

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

 

2010-06-21 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18]

.

.

------- Supplementary Scan -------

.

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

 

AddRemove-HijackThis - c:\docume~1\Admin\LOCALS~1\Temp\Rar$EX02.428\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-21 13:34

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x82EB2EC5]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf877af28

\Driver\ACPI -> ACPI.sys @ 0xf86adcb8

\Driver\atapi -> atapi.sys @ 0xf862f852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9

ParseProcedure -> ntoskrnl.exe @ 0x8056ea15

NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf850cbb0

PacketIndicateHandler -> NDIS.sys @ 0xf84fba0d

SendHandler -> NDIS.sys @ 0xf850fb40

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1800)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

 

- - - - - - - > 'lsass.exe'(1860)

c:\windows\system32\WININET.dll

.

Completion time: 2010-06-21 13:50:53

ComboFix-quarantined-files.txt 2010-06-21 17:50

ComboFix2.txt 2010-06-17 06:15

ComboFix3.txt 2010-06-17 02:27

 

Pre-Run: 19,997,954,048 bytes free

Post-Run: 20,108,140,544 bytes free

 

- - End Of File - - 2B50E8DF6444B447A2DEFCCC5F832748

Edited by sconrad308

Share this post


Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 13:52:49.25 on Mon 06/21/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.161 [GMT -4:00]

 

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Desktop\Malware\dds.com

 

============== Pseudo HJT Report ===============

 

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904]

R3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888]

S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?]

S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512]

S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

 

=============== Created Last 30 ================

 

2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop

2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop

2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager

2010-06-17 02:29:39 51712 --sha-w- c:\windows\Thumbs.db

2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons

2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe

2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe

2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe

2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe

2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache

2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools

2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing

2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler

2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker

2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender

2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC

2010-06-13 02:39:08 0 d-----w- C:\_Backup

2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest

2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest

2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca

2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache

2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec

2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker

2010-06-09 03:36:27 0 d-----w- c:\program files\Styler

2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft

2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live

2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC

2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca

2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared

2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2)

2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2)

 

==================== Find3M ====================

 

2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll

2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat

 

============= FINISH: 13:55:27.76 ===============

Share this post


Link to post
Share on other sites

Hi,

 

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).

2. Execute the file TDSSKiller.exe and wait for the process to finish.

3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Share this post


Link to post
Share on other sites

09:30:55:040 1688 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

09:30:55:040 1688 ================================================================================

09:30:55:040 1688 SystemInfo:

 

09:30:55:040 1688 OS Version: 5.1.2600 ServicePack: 3.0

09:30:55:040 1688 Product type: Workstation

09:30:55:040 1688 ComputerName: SEAN

09:30:55:040 1688 UserName: Admin

09:30:55:040 1688 Windows directory: C:\WINDOWS

09:30:55:040 1688 Processor architecture: Intel x86

09:30:55:040 1688 Number of processors: 1

09:30:55:040 1688 Page size: 0x1000

09:30:55:040 1688 Boot type: Normal boot

09:30:55:040 1688 ================================================================================

09:30:55:971 1688 Initialize success

09:30:55:971 1688

09:30:55:971 1688 Scanning Services ...

09:30:57:423 1688 Raw services enum returned 400 services

09:30:57:443 1688

09:30:57:443 1688 Scanning Drivers ...

09:31:00:177 1688 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

09:31:00:708 1688 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:31:01:209 1688 ACPIEC (a53f38653dc6ad8ad15879581e5d9984) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:31:01:209 1688 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPIEC.sys. Real md5: a53f38653dc6ad8ad15879581e5d9984, Fake md5: 6e657f8e96444b545d34e3f613c2c0e7

09:31:01:209 1688 File "C:\WINDOWS\system32\DRIVERS\ACPIEC.sys" infected by TDSS rootkit ... 09:31:10:652 1688 Backup copy found, using it..

09:31:10:863 1688 will be cured on next reboot

09:31:11:794 1688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:31:12:405 1688 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

09:31:12:906 1688 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:31:14:378 1688 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

09:31:14:859 1688 allegro (bc129f409af5fcf46e978c1c144e31be) C:\WINDOWS\system32\drivers\es198x.sys

09:31:15:509 1688 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

09:31:18:534 1688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:31:19:075 1688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:31:20:236 1688 ati2mtag (dd3802e25a9ef4e55eee9a0fc2151611) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:31:21:378 1688 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys

09:31:22:109 1688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:31:22:560 1688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:31:23:040 1688 BCM43XX (c8106396df180b901a33f0f135c51ac1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

09:31:23:591 1688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:31:24:542 1688 BTKRNL (66adefde602046786cc44fa5471ee8db) C:\WINDOWS\system32\drivers\btkrnl.sys

09:31:25:684 1688 caboagp (e3d35fe1ed9ace83b7728040cd634aa3) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

09:31:26:635 1688 CALIAUD (ecdde6089b366b7e6c8f3e7119c60040) C:\WINDOWS\system32\drivers\caliaud.sys

09:31:27:256 1688 CALIHALA (fa2f5dbe2804803972052636693e80a1) C:\WINDOWS\system32\drivers\calihal.sys

09:31:27:907 1688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:31:28:308 1688 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:31:29:329 1688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:31:30:120 1688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:31:30:731 1688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:31:31:252 1688 CE3 (6d63e366d96494336f375ff155d47ab3) C:\WINDOWS\system32\DRIVERS\ce3n5.sys

09:31:31:993 1688 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:31:32:945 1688 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:31:33:786 1688 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

09:31:34:997 1688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:31:35:478 1688 DKbFltr (2aebf5150b5761f19e48b587b3ac8842) C:\WINDOWS\system32\Drivers\DKbFltr.SYS

09:31:36:279 1688 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:31:37:201 1688 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:31:37:671 1688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:31:38:212 1688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:31:38:723 1688 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

09:31:39:244 1688 DP83815 (f590b709660401e69f9bace9860a397c) C:\WINDOWS\system32\DRIVERS\DP83815.SYS

09:31:39:975 1688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:31:40:515 1688 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

09:31:41:146 1688 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

09:31:41:457 1688 ElbyCDIO (389823db299b350f2ee830d47376eeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

09:31:41:907 1688 ElbyVCD (c4143fc2f7d39a5a8b1cfe0bc4bd8a9e) C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys

09:31:42:298 1688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:31:42:829 1688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:31:43:309 1688 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:31:43:790 1688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:31:44:201 1688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:31:44:701 1688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:31:45:112 1688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:31:45:593 1688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:31:46:214 1688 GT43XX (c3db46765f31e9fafb98c5642365c988) C:\WINDOWS\system32\DRIVERS\gtwl5.sys

09:31:46:824 1688 GTEDGWModem (a1459f7c1824c539d56e3f84ea749eb1) C:\WINDOWS\system32\DRIVERS\GTEDG.sys

09:31:47:375 1688 GTEDGWWNIC (b89d4b0520b31946f1302bd6bd4f3517) C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys

09:31:47:876 1688 HPCI (708f5d243ce450bc937dedabd39d3600) C:\WINDOWS\system32\DRIVERS\hpci.sys

09:31:48:657 1688 HSFHWALI (c98fe9b4843888e153526c3f184fcc8d) C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys

09:31:49:548 1688 HSF_DP (fe4eb683439bac32fb3126ebdd7b3927) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

09:31:50:540 1688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:31:52:002 1688 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:31:52:463 1688 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys

09:31:52:783 1688 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys

09:31:53:274 1688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:31:55:136 1688 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:31:55:667 1688 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:31:56:218 1688 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:31:56:659 1688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:31:57:119 1688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:31:57:630 1688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:31:58:161 1688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:31:58:712 1688 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

09:31:59:202 1688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:31:59:593 1688 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:31:59:973 1688 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:32:00:464 1688 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

09:32:01:075 1688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:32:01:696 1688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:32:02:717 1688 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys

09:32:03:518 1688 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:32:03:969 1688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:32:04:440 1688 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:32:04:890 1688 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

09:32:05:381 1688 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:32:05:912 1688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:32:06:503 1688 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

09:32:07:364 1688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:32:08:075 1688 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:32:08:716 1688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:32:09:157 1688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:32:09:607 1688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:32:10:048 1688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:32:10:509 1688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:32:11:119 1688 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:32:11:600 1688 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:32:12:101 1688 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys

09:32:12:582 1688 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:32:13:142 1688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:32:13:733 1688 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:32:14:094 1688 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:32:14:534 1688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:32:14:885 1688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:32:15:376 1688 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:32:15:906 1688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:32:16:507 1688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:32:17:048 1688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:32:17:529 1688 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

09:32:18:190 1688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:32:18:831 1688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:32:19:221 1688 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

09:32:19:742 1688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:32:20:182 1688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:32:20:693 1688 OptionWWSC (eeae713c70c53bdd8d3f6584804d0f79) C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys

09:32:21:264 1688 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

09:32:21:775 1688 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:32:22:326 1688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:32:22:766 1688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:32:23:077 1688 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

09:32:23:567 1688 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:32:24:308 1688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:32:24:789 1688 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:32:25:360 1688 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys

09:32:26:101 1688 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\WINDOWS\system32\PCTINDIS5.SYS

09:32:28:705 1688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:32:29:195 1688 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:32:29:716 1688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:32:30:167 1688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:32:31:038 1688 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:32:33:121 1688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:32:33:622 1688 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:32:34:102 1688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:32:34:643 1688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:32:35:104 1688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:32:35:605 1688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:32:36:195 1688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:32:36:746 1688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:32:37:307 1688 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

09:32:37:828 1688 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:32:38:309 1688 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys

09:32:38:769 1688 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys

09:32:39:250 1688 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

09:32:39:791 1688 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

09:32:40:171 1688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:32:40:592 1688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:32:40:892 1688 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:32:41:483 1688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

09:32:41:864 1688 SI3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\DRIVERS\SI3112.sys

09:32:42:304 1688 SiFilter (96b43459e9bd1dad1873a47ddde9bdf4) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

09:32:43:045 1688 SiRemFil (40f3babe67c1c51fbb3ee64ea9209e1f) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

09:32:43:496 1688 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:32:48:894 1688 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys

09:32:53:651 1688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:32:54:151 1688 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:32:54:852 1688 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

09:32:55:603 1688 StreamDispatcher (3caf8a823d46bb9b739068f173e98f51) C:\WINDOWS\system32\DRIVERS\strmdisp.sys

09:32:56:415 1688 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:32:57:216 1688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:32:57:867 1688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:32:58:558 1688 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys

09:33:01:362 1688 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:33:02:343 1688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:33:03:214 1688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:33:04:096 1688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:33:05:127 1688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:33:05:818 1688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:33:07:110 1688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:33:08:512 1688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:33:09:393 1688 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:33:10:134 1688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:33:10:745 1688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:33:11:596 1688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:33:12:478 1688 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:33:13:229 1688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:33:13:870 1688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:33:14:561 1688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:33:15:121 1688 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:33:15:592 1688 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:33:16:113 1688 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

09:33:16:944 1688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:33:17:725 1688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:33:18:426 1688 winachsf (dc3f6288a33bcfa43402f1593321b44a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:33:19:107 1688 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:33:19:538 1688 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:33:20:039 1688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:33:20:579 1688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:33:20:629 1688 Reboot required for cure complete..

09:33:22:222 1688 Cure on reboot scheduled successfully

09:33:22:222 1688

09:33:22:222 1688 Completed

09:33:22:222 1688

09:33:22:222 1688 Results:

09:33:22:222 1688 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

09:33:22:222 1688 File objects infected / cured / cured on reboot: 1 / 0 / 1

09:33:22:222 1688

09:33:22:232 1688 KLMD(ARK) unloaded successfully

Share this post


Link to post
Share on other sites

ComboFix 10-06-21.03 - Admin 06/22/2010 10:28:42.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.258 [GMT -4:00]

Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Thumbs.db

 

.

((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))

.

 

2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- c:\windows\LastGood

2010-06-22 01:22 . 2010-06-22 01:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead

2010-06-21 18:33 . 2010-06-21 18:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Opera

2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-06-17 16:01 . 2010-06-22 01:20 -------- d-----w- c:\program files\PCPitstop

2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager

2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools

2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing

2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler

2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker

2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group

2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS

2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest

2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup

2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest

2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest

2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe

2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla

2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca

2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker

2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker

2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler

2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler

2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft

2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live

2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live

2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC

2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2)

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2)

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-22 13:35 . 2002-08-29 02:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys

2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works

2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center

2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2)

2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader

2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC

2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca

2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group

2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian

2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-10 21:05 . 2010-04-10 21:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll

2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086]

wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888]

S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?]

S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512]

S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864]

S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - KLMDB

*Deregistered* - klmd23

*Deregistered* - klmdb

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

 

2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

 

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

 

2010-06-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18]

.

.

------- Supplementary Scan -------

.

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

 

SafeBoot-klmdb.sys

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-22 10:43

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1464)

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

.

Completion time: 2010-06-22 10:52:57

ComboFix-quarantined-files.txt 2010-06-22 14:52

ComboFix2.txt 2010-06-17 06:15

ComboFix3.txt 2010-06-17 02:27

 

Pre-Run: 20,042,227,712 bytes free

Post-Run: 20,052,746,240 bytes free

 

- - End Of File - - 40B9DC0B46FF39606D686A8A0AA78DB4

Share this post


Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 11:21:22.71 on Tue 06/22/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.219 [GMT -4:00]

 

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Admin\Desktop\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888]

S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?]

S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512]

S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864]

S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

 

=============== Created Last 30 ================

 

2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop

2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop

2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager

2010-06-17 02:29:39 59392 --sha-w- c:\windows\Thumbs.db

2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons

2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe

2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe

2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe

2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe

2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache

2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools

2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing

2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler

2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker

2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender

2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC

2010-06-13 02:39:08 0 d-----w- C:\_Backup

2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest

2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest

2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca

2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache

2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec

2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker

2010-06-09 03:36:27 0 d-----w- c:\program files\Styler

2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft

2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live

2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC

2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca

2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared

2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2)

2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2)

 

==================== Find3M ====================

 

2010-06-22 13:35:13 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys

2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll

2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat

 

============= FINISH: 11:22:30.15 ===============

Share this post


Link to post
Share on other sites

Blade,

 

Thank you. It appears to be corrected. Microsoft Security Essentials updated today by itself and I've done a couple of Google searches and was able to go to the right site.

Share this post


Link to post
Share on other sites

You're welcome but let's have a few more steps :)

 

 

Open notepad and copy/paste the text in the quotebox below into it:

 

Driver::
caepweic
pvikzsrv
File::
c:\windows\system32\drivers\caepweic.sys
c:\windows\system32\drivers\pvikzsrv.sys
DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

 

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

Posted Image

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

 

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Click Scan
  • Wait for the scan to finish

 

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Share this post


Link to post
Share on other sites

CFScript ComboFix Log

 

ComboFix 10-06-22.01 - Admin 06/22/2010 14:23:00.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.255 [GMT -4:00]

Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe

Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

FILE ::

"c:\windows\system32\drivers\caepweic.sys"

"c:\windows\system32\drivers\pvikzsrv.sys"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_caepweic

-------\Service_pvikzsrv

 

 

((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))

.

 

2010-06-22 01:22 . 2010-06-22 01:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead

2010-06-21 18:33 . 2010-06-21 18:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Opera

2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-06-17 16:01 . 2010-06-22 01:20 -------- d-----w- c:\program files\PCPitstop

2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager

2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools

2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing

2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler

2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker

2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group

2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS

2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest

2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC

2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup

2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest

2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest

2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe

2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla

2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca

2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker

2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker

2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler

2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler

2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft

2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live

2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live

2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC

2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2)

2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2)

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-22 13:35 . 2002-08-29 02:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys

2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works

2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center

2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2)

2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader

2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC

2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca

2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group

2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian

2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086]

wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512]

S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864]

S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

 

2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

 

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

 

2010-06-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18]

.

.

------- Supplementary Scan -------

.

TCP: {66658DB4-57F6-41BD-8809-5E2C5801BB7D} = 198.153.192.1,198.153.194.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-22 14:45

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1492)

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

 

- - - - - - - > 'explorer.exe'(2448)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\progra~1\COMMON~1\stardock\MCPCore.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\System32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\progra~1\COMMON~1\Stardock\SDMCP.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\windows\system32\HPConfig.exe

c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-06-22 14:56:36 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-22 18:56

ComboFix2.txt 2010-06-22 14:53

ComboFix3.txt 2010-06-17 06:15

ComboFix4.txt 2010-06-17 02:27

 

Pre-Run: 20,049,752,064 bytes free

Post-Run: 20,038,885,376 bytes free

 

- - End Of File - - 9F3F9F2503A23A741B73CCBCC04E6079

Share this post


Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 17:19:58.92 on Tue 06/22/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.251 [GMT -4:00]

 

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Admin\Desktop\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {66658DB4-57F6-41BD-8809-5E2C5801BB7D} = 198.153.192.1,198.153.194.1

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496]

R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904]

R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888]

S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328]

S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608]

S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512]

S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864]

S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

 

=============== Created Last 30 ================

 

2010-06-22 19:06:11 0 d-----w- c:\program files\ESET

2010-06-22 19:02:19 0 d-sh--w- c:\documents and settings\admin\PrivacIE

2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop

2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop

2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys

2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager

2010-06-17 02:29:39 59392 --sha-w- c:\windows\Thumbs.db

2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons

2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe

2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe

2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe

2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe

2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache

2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel

2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor

2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools

2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing

2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData

2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler

2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker

2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender

2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC

2010-06-13 02:39:08 0 d-----w- C:\_Backup

2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest

2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest

2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca

2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache

2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec

2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker

2010-06-09 03:36:27 0 d-----w- c:\program files\Styler

2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft

2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive

2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live

2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials

2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC

2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca

2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared

2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2)

2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP

2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2)

 

==================== Find3M ====================

 

2010-06-22 13:35:13 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys

2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll

2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat

 

============= FINISH: 17:20:29.41 ===============

Share this post


Link to post
Share on other sites

You're welcome but let's have a few more steps :)

 

 

 

 

 

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Click Scan
  • Wait for the scan to finish

 

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

The ESET scan I could not copy, it came up with no threats though.

Share this post


Link to post
Share on other sites

Good. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

 

 

THESE STEPS ARE VERY IMPORTANT

 

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

 

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

NOTE: only do this ONCE,NOT on a regular basis

 

 

 

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

 

Please download OTC and save it to desktop.

  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the

    Begin cleanup Process?

    prompt appears.

  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

 

 

 

UPDATING WINDOWS AND INTERNET EXPLORER

 

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

 

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

 

 

Make your Internet Explorer more secure

 

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

 

 

 

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

 

  • hosts file:

    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here

    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:

    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
Run Secunia vulnerability check here and fix its findings.Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.

If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

 

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

Once again, please post and tell me how things are going with your system... problems etc.

 

Have a great day,

Blade B)

Share this post


Link to post
Share on other sites

Thanks again for your help on this matter. Last night I had already Installed Comodo Firewall. It did not like the uninstall process of ComboFix, but it did it. lol.

 

I took care of the other things that said to do as well.

I was also going to install the Comodo Anti-Virus and BHO process, instead of running Microsoft Security Essentials, but they aren't installing for some reason. Something about needing "Internet Security 4.0 or something like that. I'll get on their forum and see what they can do for me.

 

I have also installed Comodo Verification Engine and WOT on Firefox. Is there any changes you would recommend for me to make to Firefox for security.

Share this post


Link to post
Share on other sites

You're welcome :)

 

recommended Firefox addons are Adblock Plus and NoScript

 

I've installed both of those and an anti-redirector. I've also gotten rid of Microsoft Security Essentials and have installed the COMODO Internet Security. It includes for FREE an Anti-virus, anti-malware and firewall. It also has a defender program as well. So far I like it really well. Hopefully with all of these changes I won't get hijacked again. Once is to often.

 

Thanks again for your assistance.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...