Jump to content

ElDavid

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by ElDavid

  1. ElDavid
    So far no problems at all! Thanks again!!!!!!!!
  2. ElDavid
    Okay, ran the script and here is the text file ComboFix 09-08-20.02 - lor 08/20/2009 18:39.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1609 [GMT -7:00] Running from: c:\documents and settings\lor\Desktop\Misc Crap and Downloads\ComboFix.exe Command switches used :: c:\documents and settings\lor\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\46510.sys" "c:\windows\system32\b44237.sys" "c:\windows\system32\d4e4.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\b44237.sys c:\windows\system32\d4e4.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_46510 -------\Legacy_B44237 -------\Legacy_D4E4 -------\Legacy_DDUZUAHGHSNPQ.REN.REN -------\Legacy_YSOWITKU -------\Service_46510 -------\Service_b44237 -------\Service_d4e4 -------\Service_dduzuahghsnpq.REN.REN -------\Service_ysowItku ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-17 01:46 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-17 01:46 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 01:46 . 2009-08-17 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-16 18:07 . 2009-08-16 18:07 -------- d-----w- C:\Rooter$ 2009-08-16 01:20 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-16 01:20 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-16 01:20 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-16 01:20 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-16 01:20 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-16 01:20 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-16 01:20 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-16 01:20 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-16 01:19 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-16 01:19 . 2009-08-16 01:19 -------- d-----w- c:\program files\Alwil Software 2009-08-15 21:58 . 2009-08-16 00:01 -------- d-----w- C:\Copy (2) of mpeg layer 3 2009-08-12 02:17 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 22:48 . 2009-08-09 22:49 -------- d-----w- c:\program files\iTunes 2009-08-09 22:48 . 2009-08-09 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-08-09 22:47 . 2009-08-09 22:47 -------- d-----w- c:\program files\Bonjour 2009-08-09 22:46 . 2009-08-09 22:47 -------- d-----w- c:\program files\QuickTime 2009-08-09 01:43 . 2009-08-09 01:43 -------- d-----w- c:\documents and settings\lor\Local Settings\Application Data\NOS 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 01:46 . 2009-06-03 06:17 -------- d-----w- c:\documents and settings\lor\Application Data\Malwarebytes 2009-08-17 01:46 . 2009-06-03 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-17 01:01 . 2005-12-14 16:35 23195 ----a-w- c:\windows\system32\nvModes.dat 2009-08-11 00:09 . 2006-09-19 08:43 -------- d-----w- c:\program files\Apple Software Update 2009-08-09 22:49 . 2006-09-04 01:04 -------- d-----w- c:\program files\iPod 2009-08-09 22:49 . 2007-08-26 05:12 -------- d-----w- c:\program files\Common Files\Apple 2009-08-09 21:48 . 2006-10-08 21:26 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-09 01:43 . 2005-12-30 23:52 -------- d-----w- c:\documents and settings\lor\Application Data\AdobeUM 2009-08-09 01:43 . 2008-07-11 17:06 19900192 ----a-w- c:\documents and settings\lor\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe 2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 20:58 . 2005-12-23 00:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-20 04:02 . 2009-05-10 22:58 -------- d-----w- c:\program files\World of Warcraft 2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:22 . 2009-07-13 21:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-13 17:08 . 2005-08-16 10:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 17:39 . 2005-12-21 07:49 74792 ----a-w- c:\documents and settings\lor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-04 05:07 . 2009-07-02 01:12 -------- d-----w- c:\documents and settings\lor\Application Data\Move Networks 2009-07-03 17:09 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2005-08-16 10:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 10:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 10:18 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2005-08-16 10:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2005-08-16 10:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-08-16 10:18 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2005-08-16 10:37 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2005-08-16 10:18 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2005-08-16 10:18 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\documents and settings\lor\Application Data\pcouffin.sys 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\documents and settings\lor\Application Data\pcouffin.sys 2009-06-08 21:53 . 2009-06-08 21:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-08 21:52 . 2009-06-08 21:52 152576 ----a-w- c:\documents and settings\lor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-03 19:09 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-03 07:27 . 2008-11-23 02:13 256 ----a-w- c:\windows\system32\pool.bin 2009-06-03 06:23 . 2009-06-03 06:25 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2005-02-20 01:50 . 2005-12-21 15:07 104 -csh--r- c:\windows\system32\BAA2D2A0E4.sys 2005-02-20 01:50 . 2005-12-21 15:07 4184 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-20_04.30.07 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-21 01:48 . 2009-08-21 01:48 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat + 2009-08-21 01:49 . 2009-08-21 01:49 16384 c:\windows\Temp\Perflib_Perfdata_d78.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 7118848] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] c:\documents and settings\lor\Start Menu\Programs\Startup\ Neverwinter Nights Registration.lnk.disabled [2006-8-21 892] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Adobe Reader Speed Launch.lnk.disabled [2006-7-12 1757] Desktop Manager.lnk.disabled [2008-11-22 1741] Digital Line Detect.lnk.disabled [2005-12-14 493] dlbcserv.lnk.disabled [2006-12-23 758] QuickBooks Update Agent.lnk.disabled [2005-12-14 2109] SmartEnforcer.lnk.disabled [2005-12-21 856] TDS's HCALC.lnk.disabled [2006-3-5 1866] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup "Aim6"= "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet "Creative Detector"=c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R "SetDefaultMIDI"=MIDIDef.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EPSON Stylus CX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" "Apoint"=c:\program files\Apoint\Apoint.exe "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe "MMTray"=c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /installquiet "HostManager"=c:\program files\Common Files\AOL\1135329138\ee\AOLSoftware.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "WinampAgent"=c:\program files\Winamp\winampa.exe "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" "IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "niDevMon"=c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe "<NO NAME>"= "CTDVDDET"="c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" "CTHelper"=CTHELPER.EXE "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE "CTPerformanceUtility"=c:\program files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe "CTSysVol"=c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r "dla"=c:\windows\system32\dla\tfswctrl.exe "BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "EPSON Stylus CX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" "ehTray"=c:\windows\ehome\ehtray.exe "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "M-Audio Taskbar Icon"=c:\windows\System32\M-AudioTaskBarIcon.exe "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1135329138\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1135329138\\ee\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002 "110:TCP"= 110:TCP:svchost [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings] "RemoteAddresses"= * "Enabled"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/15/2009 6:20 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/15/2009 6:20 PM 20560] S2 USB9162;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\Drivers\usb9162k.sys --> c:\windows\system32\Drivers\usb9162k.sys [?] S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [6/20/2006 11:40 PM 14336] S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?] S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [3/6/2006 6:47 AM 12658] S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [6/10/2007 8:49 PM 106112] S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\DRIVERS\nipalusb.sys --> c:\windows\system32\DRIVERS\nipalusb.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\lor\Application Data\Mozilla\Firefox\Profiles\b9g511j7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render FF - plugin: c:\documents and settings\lor\Application Data\Mozilla\Firefox\Profiles\b9g511j7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 18:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(396) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-21 18:56 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 01:56 ComboFix2.txt 2009-08-20 04:38 Pre-Run: 295,583,744 bytes free Post-Run: 261,070,848 bytes free 279 --- E O F --- 2009-08-16 10:01
  3. ElDavid
    Things seem to be working a lot better, things update now (looks like somehow IE was set to use a proxy server) and windows can boot into safe mode and the desktop is changeable. Thanks a ton! Here is the log requested: ComboFix 09-08-19.01 - lor 08/19/2009 21:19.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1597 [GMT -7:00] Running from: c:\documents and settings\lor\Desktop\Misc Crap and Downloads\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090819-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\95834366.ini c:\documents and settings\All Users\Desktop\avast! Antivirus.lnk c:\documents and settings\lor\Application Data\inst.exe c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Installer\250069.msi c:\windows\Installer\3b74d72.msp c:\windows\Installer\3b74d73.msp c:\windows\Installer\87fe3e.msp c:\windows\Installer\ed0bbd.msp c:\windows\kb913800.exe c:\windows\system32\Data c:\windows\system32\kungsfhbyjjbxr.dat.REN c:\windows\system32\kungsfyeuijefu.dat.REN c:\windows\system32\nsprs.dll c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_kungsfxjnrwxvm -------\Service_kungsfxjnrwxvm ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-17 01:46 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-17 01:46 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 01:46 . 2009-08-17 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-16 18:07 . 2009-08-16 18:07 -------- d-----w- C:\Rooter$ 2009-08-16 01:20 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-16 01:20 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-16 01:20 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-16 01:20 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-16 01:20 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-16 01:20 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-16 01:20 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-16 01:20 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-16 01:19 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-16 01:19 . 2009-08-16 01:19 -------- d-----w- c:\program files\Alwil Software 2009-08-15 21:58 . 2009-08-16 00:01 -------- d-----w- C:\Copy (2) of mpeg layer 3 2009-08-12 02:17 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 22:48 . 2009-08-09 22:49 -------- d-----w- c:\program files\iTunes 2009-08-09 22:48 . 2009-08-09 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-08-09 22:47 . 2009-08-09 22:47 -------- d-----w- c:\program files\Bonjour 2009-08-09 22:46 . 2009-08-09 22:47 -------- d-----w- c:\program files\QuickTime 2009-08-09 01:43 . 2009-08-09 01:43 -------- d-----w- c:\documents and settings\lor\Local Settings\Application Data\NOS 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 01:46 . 2009-06-03 06:17 -------- d-----w- c:\documents and settings\lor\Application Data\Malwarebytes 2009-08-17 01:46 . 2009-06-03 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-17 01:01 . 2005-12-14 16:35 23195 ----a-w- c:\windows\system32\nvModes.dat 2009-08-11 00:09 . 2006-09-19 08:43 -------- d-----w- c:\program files\Apple Software Update 2009-08-09 22:49 . 2006-09-04 01:04 -------- d-----w- c:\program files\iPod 2009-08-09 22:49 . 2007-08-26 05:12 -------- d-----w- c:\program files\Common Files\Apple 2009-08-09 21:48 . 2006-10-08 21:26 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-09 01:43 . 2005-12-30 23:52 -------- d-----w- c:\documents and settings\lor\Application Data\AdobeUM 2009-08-09 01:43 . 2008-07-11 17:06 19900192 ----a-w- c:\documents and settings\lor\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe 2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 20:58 . 2005-12-23 00:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-20 04:02 . 2009-05-10 22:58 -------- d-----w- c:\program files\World of Warcraft 2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:22 . 2009-07-13 21:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-13 17:08 . 2005-08-16 10:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 17:39 . 2005-12-21 07:49 74792 ----a-w- c:\documents and settings\lor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-04 05:07 . 2009-07-02 01:12 -------- d-----w- c:\documents and settings\lor\Application Data\Move Networks 2009-07-03 17:09 . 2005-08-16 10:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2005-08-16 10:18 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2005-08-16 10:18 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2005-08-16 10:18 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2005-08-16 10:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2005-08-16 10:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-08-16 10:18 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2005-08-16 10:37 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2005-08-16 10:18 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2005-08-16 10:18 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\documents and settings\lor\Application Data\pcouffin.sys 2009-06-10 01:08 . 2009-06-10 01:08 47360 ----a-w- c:\documents and settings\lor\Application Data\pcouffin.sys 2009-06-08 21:53 . 2009-06-08 21:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-08 21:52 . 2009-06-08 21:52 152576 ----a-w- c:\documents and settings\lor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-03 22:05 . 2009-06-03 22:05 54624 ----a-w- c:\windows\system32\b44237.sys 2009-06-03 19:09 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-03 17:07 . 2009-06-03 17:07 54624 ----a-w- c:\windows\system32\d4e4.sys 2009-06-03 07:27 . 2008-11-23 02:13 256 ----a-w- c:\windows\system32\pool.bin 2009-06-03 06:23 . 2009-06-03 06:25 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2005-02-20 01:50 . 2005-12-21 15:07 104 -csh--r- c:\windows\system32\BAA2D2A0E4.sys 2005-02-20 01:50 . 2005-12-21 15:07 4184 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 7118848] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] c:\documents and settings\lor\Start Menu\Programs\Startup\ Neverwinter Nights Registration.lnk.disabled [2006-8-21 892] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Adobe Reader Speed Launch.lnk.disabled [2006-7-12 1757] Desktop Manager.lnk.disabled [2008-11-22 1741] Digital Line Detect.lnk.disabled [2005-12-14 493] dlbcserv.lnk.disabled [2006-12-23 758] QuickBooks Update Agent.lnk.disabled [2005-12-14 2109] SmartEnforcer.lnk.disabled [2005-12-21 856] TDS's HCALC.lnk.disabled [2006-3-5 1866] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup "Aim6"= "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet "Creative Detector"=c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R "SetDefaultMIDI"=MIDIDef.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EPSON Stylus CX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" "Apoint"=c:\program files\Apoint\Apoint.exe "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe "MMTray"=c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /installquiet "HostManager"=c:\program files\Common Files\AOL\1135329138\ee\AOLSoftware.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "WinampAgent"=c:\program files\Winamp\winampa.exe "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" "IPHSend"=c:\program files\Common Files\AOL\IPHSend\IPHSend.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "niDevMon"=c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe "<NO NAME>"= "CTDVDDET"="c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" "CTHelper"=CTHELPER.EXE "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE "CTPerformanceUtility"=c:\program files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe "CTSysVol"=c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r "MircSoft"=c:\windows\system32\MircSoft.exe "15824374"=c:\documents and settings\All Users\Application Data\15824374\15824374.exe "95834366"=c:\documents and settings\All Users\Application Data\95834366\95834366.exe "dla"=c:\windows\system32\dla\tfswctrl.exe "BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "EPSON Stylus CX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" "ehTray"=c:\windows\ehome\ehtray.exe "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "M-Audio Taskbar Icon"=c:\windows\System32\M-AudioTaskBarIcon.exe "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1135329138\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1135329138\\ee\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002 "110:TCP"= 110:TCP:svchost [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings] "RemoteAddresses"= * "Enabled"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/15/2009 6:20 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/15/2009 6:20 PM 20560] S2 dduzuahghsnpq.REN.REN;dduzuahghsnpq;\??\c:\windows\system32\drivers\ikulsfcmndj.sys --> c:\windows\system32\drivers\ikulsfcmndj.sys [?] S2 USB9162;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\Drivers\usb9162k.sys --> c:\windows\system32\Drivers\usb9162k.sys [?] S2 ysowItku;ysowItku;c:\windows\system32\drivers\bvwb.sys --> c:\windows\system32\drivers\bvwb.sys [?] S3 46510;46510;\??\c:\windows\system32\46510.sys --> c:\windows\system32\46510.sys [?] S3 b44237;b44237;c:\windows\system32\b44237.sys [6/3/2009 3:05 PM 54624] S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [6/20/2006 11:40 PM 14336] S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?] S3 d4e4;d4e4;c:\windows\system32\d4e4.sys [6/3/2009 10:07 AM 54624] S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [3/6/2006 6:47 AM 12658] S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [6/10/2007 8:49 PM 106112] S3 nipalusb;NI-PAL USB Driver;c:\windows\system32\DRIVERS\nipalusb.sys --> c:\windows\system32\DRIVERS\nipalusb.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:34] . - - - - ORPHANS REMOVED - - - - SafeBoot-aliserv3.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\lor\Application Data\Mozilla\Firefox\Profiles\b9g511j7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render FF - plugin: c:\documents and settings\lor\Application Data\Mozilla\Firefox\Profiles\b9g511j7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-19 21:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(4052) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-20 21:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-20 04:38 Pre-Run: 492,408,832 bytes free Post-Run: 286,650,368 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 292 --- E O F --- 2009-08-16 10:01
  4. ElDavid
    I can't boot windows in safe mode, I can update MalwareBytes or Avast. I can't change my desktop. Thanks for the help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:00 AM, on 8/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\lor\Desktop\Misc Crap and Downloads\HiJackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Neverwinter Nights Registration.lnk.disabled O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Desktop Manager.lnk.disabled O4 - Global Startup: Digital Line Detect.lnk.disabled O4 - Global Startup: dlbcserv.lnk.disabled O4 - Global Startup: QuickBooks Update Agent.lnk.disabled O4 - Global Startup: SmartEnforcer.lnk.disabled O4 - Global Startup: TDS's HCALC.lnk.disabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://labview.ni.demoservers.com/proxy/srdp.cab O20 - Winlogon Notify: Csrss - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.