Jump to content

mlmaynard

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mlmaynard
    Still can't use Microsoft update.
  2. mlmaynard
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-11 12:19:54 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfloapob.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ----
  3. mlmaynard
    Thank you for your patience. This has been a long term commitment. exeHelper by Raktor Build 20091220 Run at 09:22:30 on 01/08/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Microsoft update still hangs when trying to start it from IE8. Are rootkits usually this persistent? For future reference should i be looking at reformatting / re-installing rather than the extended eradication route? Thanks, MLM
  4. mlmaynard
    Thank you for your keen eye in resolving the problem. Even though MWB and kaspersky give it a clean bill of health, I still cannot access active-x content like IP cameras or especially Microsoft update from IE8. I ran the Temp File Cleaner and rebooted as instructed. Below are the RSIT log nd Info: Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2010-01-05 13:32:35 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 43 GB (79%) free of 54 GB Total RAM: 503 MB (28% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:32:57 PM, on 1/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\trend micro\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [buildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O24 - Desktop Component 0: (no name) - http://www3.freeze.com/Wallpaper/Animals/cats28_m.jpg -- End of file - 7101 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3575830529-1055459964-3572814137-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3575830529-1055459964-3572814137-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-31 1484056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-10 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] "MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2005-09-08 8192] "MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-09-08 110592] "BuildBU"=c:\dell\bldbubg.exe [2006-09-12 61440] "LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-11-13 98304] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455] "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Singlesnet] C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe [2009-12-10 2797096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-12-31 12464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-01-05 13:32:35 ----D---- C:\rsit 2010-01-05 13:32:35 ----D---- C:\Program Files\trend micro 2010-01-05 13:25:34 ----SHD---- C:\RECYCLER 2010-01-04 11:11:11 ----HDC---- C:\WINDOWS\ie8 2010-01-02 15:03:39 ----A---- C:\ComboFix.txt 2010-01-02 14:54:35 ----D---- C:\WINDOWS\temp 2009-12-31 04:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2009-12-31 04:47:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-12-31 03:44:02 ----D---- C:\$AVG 2009-12-31 03:43:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg9 2009-12-31 03:42:22 ----D---- C:\WINDOWS\SxsCaPendDel 2009-12-30 21:04:30 ----A---- C:\Boot.bak 2009-12-30 21:04:22 ----RASHD---- C:\cmdcons 2009-12-30 21:03:11 ----A---- C:\WINDOWS\zip.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\SWSC.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\SWREG.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\sed.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\PEV.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\NIRCMD.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\MBR.exe 2009-12-30 21:03:11 ----A---- C:\WINDOWS\grep.exe 2009-12-30 21:03:01 ----D---- C:\WINDOWS\ERDNT 2009-12-30 21:02:29 ----AD---- C:\Qoobox 2009-12-30 02:17:36 ----A---- C:\WINDOWS\imsins.BAK 2009-12-29 03:50:46 ----D---- C:\WINDOWS\ie8updates 2009-12-29 00:09:29 ----D---- C:\Program Files\CCleaner 2009-12-24 08:16:22 ----A---- C:\WINDOWS\SGDetectionTool.dll 2009-12-24 08:16:22 ----A---- C:\WINDOWS\BDTSupport.dll 2009-12-24 08:16:21 ----A---- C:\WINDOWS\PCTBDRes.dll 2009-12-24 08:16:21 ----A---- C:\WINDOWS\PCTBDCore.dll 2009-12-24 08:11:44 ----D---- C:\Program Files\Common Files\PC Tools 2009-12-24 08:11:43 ----D---- C:\Program Files\Spyware Doctor 2009-12-24 03:30:17 ----D---- C:\Program Files\THQ 2009-12-22 05:37:10 ----D---- C:\Documents and Settings\Owner\Application Data\Singlesnet 2009-12-15 00:49:17 ----D---- C:\Program Files\Singlesnet 2009-12-10 09:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-10 09:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-10 09:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-10 09:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-10 09:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2010-01-05 13:32:35 ----RD---- C:\Program Files 2010-01-05 13:32:03 ----D---- C:\WINDOWS\Prefetch 2010-01-05 13:29:25 ----D---- C:\WINDOWS\system32\ias 2010-01-05 13:29:24 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-05 13:29:18 ----D---- C:\WINDOWS 2010-01-05 13:29:18 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 2010-01-05 13:28:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-01-05 13:27:23 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-05 13:25:33 ----D---- C:\WINDOWS\system32 2010-01-04 11:49:09 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2010-01-04 11:30:01 ----D---- C:\Program Files\RogueRemover FREE 2010-01-04 11:24:19 ----D---- C:\WINDOWS\system32\dllcache 2010-01-04 11:24:19 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-04 11:23:09 ----HD---- C:\WINDOWS\inf 2010-01-04 11:18:05 ----D---- C:\WINDOWS\system32\en-US 2010-01-04 11:18:04 ----D---- C:\WINDOWS\Media 2010-01-04 11:18:04 ----D---- C:\WINDOWS\Help 2010-01-04 11:18:04 ----D---- C:\Program Files\Internet Explorer 2010-01-02 15:03:44 ----D---- C:\WINDOWS\system32\drivers 2010-01-02 14:57:45 ----A---- C:\WINDOWS\system.ini 2010-01-02 14:55:08 ----D---- C:\WINDOWS\system32\config 2010-01-02 14:52:16 ----D---- C:\WINDOWS\AppPatch 2010-01-02 14:52:09 ----D---- C:\Program Files\Common Files 2009-12-31 12:47:33 ----D---- C:\WINDOWS\Debug 2009-12-31 12:33:13 ----SD---- C:\WINDOWS\Tasks 2009-12-31 11:51:31 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-12-31 11:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-31 04:48:23 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-31 04:27:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-31 03:43:25 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-12-31 03:43:03 ----D---- C:\Program Files\AVG 2009-12-31 03:42:33 ----SHD---- C:\WINDOWS\Installer 2009-12-31 03:42:33 ----D---- C:\Config.Msi 2009-12-31 03:42:31 ----D---- C:\WINDOWS\WinSxS 2009-12-31 03:05:57 ----D---- C:\WINDOWS\Driver Cache 2009-12-30 23:28:24 ----D---- C:\WINDOWS\pss 2009-12-30 21:04:30 ----RASH---- C:\boot.ini 2009-12-29 04:22:42 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2009-12-29 04:03:06 ----D---- C:\Program Files\Google 2009-12-29 04:02:32 ----D---- C:\WINDOWS\Motive 2009-12-29 03:38:40 ----D---- C:\Documents and Settings\All Users\Application Data\Norton 2009-12-29 03:38:37 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-12-29 01:40:57 ----D---- C:\Program Files\Yahoo! 2009-12-29 01:40:55 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo! 2009-12-29 01:39:45 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-29 00:19:03 ----D---- C:\Program Files\MSN 2009-12-29 00:10:44 ----D---- C:\WINDOWS\Minidump 2009-12-28 23:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$ 2009-12-28 23:57:39 ----D---- C:\WINDOWS\system 2009-12-28 23:13:01 ----D---- C:\Documents and Settings 2009-12-27 08:02:17 ----D---- C:\WINDOWS\network diagnostic 2009-12-24 19:54:26 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-19 09:28:45 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-13 20:13:35 ----AC---- C:\WINDOWS\wininit.ini 2009-12-13 19:49:26 ----D---- C:\WINDOWS\system32\FxsTmp ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-31 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-31 28424] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-31 360584] R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952] S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-06-02 151985] S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564] S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022] S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-05-20 68950] S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-01-24 68922] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 QCDonner;Labtec WebCam(PID_0840); C:\WINDOWS\system32\DRIVERS\LVCD.sys [2001-11-13 38912] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDNDIS5.SYS [] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-31 285392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-10 152984] R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944] S2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-01-05 13:33:00 ======Uninstall list====== -->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330} Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97} ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9} ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567} ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC} HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21} HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593} Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_33598\Setup.exe /APR-REMOVE Labtec WebCam-->MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5} Logitech IM Video Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63} Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Musicmatch
  5. mlmaynard
    Thank you for your continued assistance. Here are the combofix and kaspesky logs Combofix log ComboFix 09-12-29.05 - Owner 01/02/2010 14:48:20.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.186 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_B1AE926BA28DD8F22124F852EE74A2F5 -------\Service_b1ae926ba28dd8f22124f852ee74a2f5 ((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 ))))))))))))))))))))))))))))))) . 2010-01-01 13:36 . 2009-12-31 08:43 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2009-12-31 17:50 . 2009-12-31 17:51 -------- dc-h--w- c:\windows\ie8 2009-12-31 17:33 . 2009-12-31 17:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp 2009-12-31 09:38 . 2009-12-31 09:38 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-12-31 09:27 . 2009-12-31 09:27 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-31 08:55 . 2009-12-31 08:54 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-12-31 08:55 . 2009-12-31 08:43 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2009-12-31 08:55 . 2009-12-31 08:43 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll 2009-12-31 08:55 . 2009-12-31 08:43 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll 2009-12-31 08:55 . 2009-12-31 08:54 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-12-31 08:44 . 2009-12-31 08:47 -------- d-----w- C:\$AVG 2009-12-31 08:43 . 2009-12-31 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-12-31 08:42 . 2009-12-31 08:47 -------- d-----w- c:\windows\SxsCaPendDel 2009-12-29 09:35 . 2009-12-29 09:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-12-29 09:34 . 2009-12-29 09:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-29 08:58 . 2009-12-29 08:58 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-12-29 08:57 . 2009-12-29 08:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-29 08:54 . 2009-12-29 08:54 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-12-29 08:50 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-29 08:50 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-29 08:50 . 2009-12-31 17:40 -------- d-----w- c:\windows\ie8updates 2009-12-29 08:49 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-29 05:09 . 2009-12-29 05:09 -------- d-----w- c:\program files\CCleaner 2009-12-29 04:14 . 2009-12-29 04:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-24 13:23 . 2009-12-24 13:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert 2009-12-24 13:16 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-12-24 13:16 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll 2009-12-24 13:16 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-12-24 13:16 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-12-24 13:16 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip 2009-12-24 13:16 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2009-12-24 13:13 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Common Files\PC Tools 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Spyware Doctor 2009-12-24 08:30 . 2009-12-24 08:30 -------- d-----w- c:\program files\THQ 2009-12-24 08:26 . 2009-12-24 08:26 -------- d-----w- c:\documents and settings\Owner\WINDOWS 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Singlesnet 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Singlesnet.com 2009-12-15 05:49 . 2009-12-15 05:49 -------- d-----w- c:\program files\Singlesnet 2009-12-06 07:30 . 2009-12-08 10:06 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-02 19:57 . 2008-02-18 10:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-31 16:51 . 2008-12-22 03:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-31 16:34 . 2008-12-22 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-31 09:27 . 2008-12-22 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-31 08:43 . 2008-12-22 05:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-31 08:43 . 2008-12-22 05:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-12-31 08:43 . 2008-12-22 05:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-12-31 08:43 . 2008-12-22 05:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-31 08:43 . 2008-12-22 05:13 -------- d-----w- c:\program files\AVG 2009-12-30 19:55 . 2008-12-22 02:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 19:54 . 2008-12-22 02:45 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 09:22 . 2007-12-17 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-12-29 09:03 . 2006-09-12 16:01 -------- d-----w- c:\program files\Google 2009-12-29 08:38 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-12-29 08:38 . 2006-09-12 15:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-29 06:40 . 2007-12-17 06:42 -------- d-----w- c:\program files\Yahoo! 2009-12-29 06:40 . 2007-12-22 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo! 2009-12-29 06:39 . 2006-09-12 15:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-21 15:51 . 2004-08-10 17:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-15 03:18 . 2006-09-12 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-15 03:18 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-29 07:45 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-10 17:51 79872 ----a-w- c:\windows\system32\raschap.dll 2008-12-22 03:13 . 2007-12-28 08:27 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "BuildBU"="c:\dell\bldbubg.exe" [2006-09-12 61440] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 98304] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-12-31 08:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-04-06 19:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2007-11-15 13:23 202544 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Singlesnet] 2009-12-10 14:32 2797096 ----a-w- c:\program files\Singlesnet\Singlesnet\Singlesnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-01-10 19:18 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/22/2008 12:13 AM 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/22/2008 12:13 AM 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/31/2009 3:43 AM 285392] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/24/2009 8:16 AM 112592] S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?] . Contents of the 'Scheduled Tasks' folder 2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575830529-1055459964-3572814137-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 17:32] 2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575830529-1055459964-3572814137-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 17:32] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm069YYUS&fl=0&ptb=L8IydndJJbCcCny79NftrA&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb uStart Page = hxxp://m.www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 14:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(620) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(128) c:\windows\system32\WININET.dll c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\wdfmgr.exe c:\windows\stsystra.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-01-02 15:03:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-02 20:03 ComboFix2.txt 2009-12-31 09:25 ComboFix3.txt 2009-12-31 02:24 Pre-Run: 44,876,353,536 bytes free Post-Run: 44,836,012,032 bytes free - - End Of File - - EDAFA440DA2637FA405A2C7A2E6F0467 Kaspersky log -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, January 4, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, January 02, 2010 20:26:18 Records in database: 3384285 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 69157 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:35:59 No threats found. Scanned area is clean. Selected area has been scanned.
  6. mlmaynard
    Thank you for your continued help, below are the logs requested ComboFix 09-12-29.05 - Owner 12/31/2009 4:15.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.219 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\windows\system32\CAF27C8742.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\CAF27C8742.sys . ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))) . 2009-12-31 08:55 . 2009-12-31 08:43 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-12-31 08:55 . 2009-12-31 08:43 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2009-12-31 08:55 . 2009-12-31 08:43 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll 2009-12-31 08:55 . 2009-12-31 08:43 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll 2009-12-31 08:55 . 2009-12-31 08:43 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-12-31 08:44 . 2009-12-31 08:47 -------- d-----w- C:\$AVG 2009-12-31 08:43 . 2009-12-31 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-12-31 08:42 . 2009-12-31 08:47 -------- d-----w- c:\windows\SxsCaPendDel 2009-12-29 09:35 . 2009-12-29 09:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-12-29 09:34 . 2009-12-29 09:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-29 08:58 . 2009-12-29 08:58 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-12-29 08:57 . 2009-12-29 08:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-29 08:54 . 2009-12-29 08:54 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-12-29 08:50 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-29 08:50 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-29 08:50 . 2009-12-29 08:50 -------- d-----w- c:\windows\ie8updates 2009-12-29 08:49 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-29 08:47 . 2009-12-29 08:49 -------- dc-h--w- c:\windows\ie8 2009-12-29 05:09 . 2009-12-29 05:09 -------- d-----w- c:\program files\CCleaner 2009-12-29 04:14 . 2009-12-29 04:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-24 13:23 . 2009-12-24 13:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert 2009-12-24 13:16 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-12-24 13:16 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll 2009-12-24 13:16 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-12-24 13:16 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-12-24 13:16 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip 2009-12-24 13:16 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2009-12-24 13:13 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Common Files\PC Tools 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Spyware Doctor 2009-12-24 08:30 . 2009-12-24 08:30 -------- d-----w- c:\program files\THQ 2009-12-24 08:26 . 2009-12-24 08:26 -------- d-----w- c:\documents and settings\Owner\WINDOWS 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Singlesnet 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Singlesnet.com 2009-12-15 05:49 . 2009-12-15 05:49 -------- d-----w- c:\program files\Singlesnet 2009-12-06 07:30 . 2009-12-08 10:06 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-31 08:47 . 2008-02-18 10:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-31 08:43 . 2008-12-22 05:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-31 08:43 . 2008-12-22 05:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-12-31 08:43 . 2008-12-22 05:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-12-31 08:43 . 2008-12-22 05:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-31 08:43 . 2008-12-22 05:13 -------- d-----w- c:\program files\AVG 2009-12-30 06:15 . 2008-12-22 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-30 05:36 . 2008-12-22 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 09:22 . 2007-12-17 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-12-29 09:03 . 2006-09-12 16:01 -------- d-----w- c:\program files\Google 2009-12-29 08:38 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-12-29 08:38 . 2006-09-12 15:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-29 07:41 . 2008-12-22 03:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-29 06:40 . 2007-12-17 06:42 -------- d-----w- c:\program files\Yahoo! 2009-12-29 06:40 . 2007-12-22 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo! 2009-12-29 06:39 . 2006-09-12 15:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-03 21:14 . 2008-12-22 02:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 21:13 . 2008-12-22 02:45 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-11-15 03:18 . 2006-09-12 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-15 03:18 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-29 07:45 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-10 17:51 79872 ----a-w- c:\windows\system32\raschap.dll 2008-12-22 03:13 . 2007-12-28 08:27 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "BuildBU"="c:\dell\bldbubg.exe" [2006-09-12 61440] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 98304] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-12-31 08:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-04-06 19:58 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2007-11-15 13:23 202544 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Singlesnet] 2009-12-10 14:32 2797096 ----a-w- c:\program files\Singlesnet\Singlesnet\Singlesnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-01-10 19:18 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/22/2008 12:13 AM 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/22/2008 12:13 AM 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/31/2009 3:43 AM 285392] S0 b1ae926ba28dd8f22124f852ee74a2f5;b1ae926ba28dd8f22124f852ee74a2f5;c:\windows\system32\b1ae926ba28dd8f22124f852ee74a2f5.sys --> c:\windows\system32\b1ae926ba28dd8f22124f852ee74a2f5.sys [?] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/24/2009 8:16 AM 112592] S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - AVG9WD . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm069YYUS&fl=0&ptb=L8IydndJJbCcCny79NftrA&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb uStart Page = hxxp://m.www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Search - ?p=ZKxdm176YYUS IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-31 04:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(616) c:\windows\System32\BCMLogon.dll . Completion time: 2009-12-31 04:24:20 ComboFix-quarantined-files.txt 2009-12-31 09:24 ComboFix2.txt 2009-12-31 02:24 Pre-Run: 45,213,245,440 bytes free Post-Run: 45,404,381,184 bytes free - - End Of File - - DA3B4DF6081408317A192F167DFC7B33 Upload was successful MWB log Malwarebytes' Anti-Malware 1.43 Database version: 3458 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/31/2009 4:34:08 AM mbam-log-2009-12-31 (04-34-08).txt Scan type: Quick Scan Objects scanned: 115327 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. mlmaynard
    Thank you for your assistance. A couple of thing: I can't open AVG or browse to MWB forum site. I was unable to terminate AVG as instructed before running combofix. If that is a problem let me know an alternate method and I will do it over. I have to respond to the thread from my computer. The infected computer belongs to someone else. Here is the combo-fix log: ComboFix 09-12-29.05 - Owner 12/30/2009 21:06:37.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.131 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk c:\documents and settings\Owner\Start Menu\Internet Security 2010.lnk c:\program files\InternetSecurity2010 c:\windows\system32\10059.exe c:\windows\system32\10185.exe c:\windows\system32\1034.exe c:\windows\system32\1040.exe c:\windows\system32\10410.exe c:\windows\system32\10624.exe c:\windows\system32\11021.exe c:\windows\system32\11159.exe c:\windows\system32\11161.exe c:\windows\system32\11165.exe c:\windows\system32\11447.exe c:\windows\system32\11478.exe c:\windows\system32\11688.exe c:\windows\system32\11721.exe c:\windows\system32\1196.exe c:\windows\system32\12045.exe c:\windows\system32\12140.exe c:\windows\system32\12384.exe c:\windows\system32\12468.exe c:\windows\system32\1260.exe c:\windows\system32\12696.exe c:\windows\system32\12730.exe c:\windows\system32\13035.exe c:\windows\system32\13041.exe c:\windows\system32\13254.exe c:\windows\system32\13421.exe c:\windows\system32\13611.exe c:\windows\system32\13667.exe c:\windows\system32\1390.exe c:\windows\system32\14103.exe c:\windows\system32\14189.exe c:\windows\system32\14388.exe c:\windows\system32\14698.exe c:\windows\system32\14789.exe c:\windows\system32\15034.exe c:\windows\system32\15356.exe c:\windows\system32\15634.exe c:\windows\system32\15682.exe c:\windows\system32\15724.exe c:\windows\system32\1595.exe c:\windows\system32\1609.exe c:\windows\system32\16271.exe c:\windows\system32\16598.exe c:\windows\system32\16761.exe c:\windows\system32\1698.exe c:\windows\system32\17127.exe c:\windows\system32\17260.exe c:\windows\system32\17313.exe c:\windows\system32\17679.exe c:\windows\system32\17955.exe c:\windows\system32\18422.exe c:\windows\system32\18467.exe c:\windows\system32\186.exe c:\windows\system32\18636.exe c:\windows\system32\18721.exe c:\windows\system32\18968.exe c:\windows\system32\19169.exe c:\windows\system32\19537.exe c:\windows\system32\20020.exe c:\windows\system32\20060.exe c:\windows\system32\20115.exe c:\windows\system32\20494.exe c:\windows\system32\20502.exe c:\windows\system32\20536.exe c:\windows\system32\20630.exe c:\windows\system32\20916.exe c:\windows\system32\21009.exe c:\windows\system32\21107.exe c:\windows\system32\21286.exe c:\windows\system32\21451.exe c:\windows\system32\21861.exe c:\windows\system32\22002.exe c:\windows\system32\22563.exe c:\windows\system32\23272.exe c:\windows\system32\2360.exe c:\windows\system32\23616.exe c:\windows\system32\23751.exe c:\windows\system32\24177.exe c:\windows\system32\24325.exe c:\windows\system32\24449.exe c:\windows\system32\24464.exe c:\windows\system32\24470.exe c:\windows\system32\24615.exe c:\windows\system32\25005.exe c:\windows\system32\25017.exe c:\windows\system32\2540.exe c:\windows\system32\25405.exe c:\windows\system32\25951.exe c:\windows\system32\25963.exe c:\windows\system32\26055.exe c:\windows\system32\26240.exe c:\windows\system32\26478.exe c:\windows\system32\26500.exe c:\windows\system32\26550.exe c:\windows\system32\26790.exe c:\windows\system32\26962.exe c:\windows\system32\27243.exe c:\windows\system32\27341.exe c:\windows\system32\27777.exe c:\windows\system32\27818.exe c:\windows\system32\28017.exe c:\windows\system32\28145.exe c:\windows\system32\28765.exe c:\windows\system32\29156.exe c:\windows\system32\29328.exe c:\windows\system32\29348.exe c:\windows\system32\29358.exe c:\windows\system32\29585.exe c:\windows\system32\29646.exe c:\windows\system32\29695.exe c:\windows\system32\29775.exe c:\windows\system32\29780.exe c:\windows\system32\29963.exe c:\windows\system32\30218.exe c:\windows\system32\3065.exe c:\windows\system32\30982.exe c:\windows\system32\31045.exe c:\windows\system32\31060.exe c:\windows\system32\31303.exe c:\windows\system32\31549.exe c:\windows\system32\31599.exe c:\windows\system32\31605.exe c:\windows\system32\31793.exe c:\windows\system32\31915.exe c:\windows\system32\31989.exe c:\windows\system32\32237.exe c:\windows\system32\3232.exe c:\windows\system32\32515.exe c:\windows\system32\3348.exe c:\windows\system32\362.exe c:\windows\system32\3713.exe c:\windows\system32\386.exe c:\windows\system32\4180.exe c:\windows\system32\4215.exe c:\windows\system32\4230.exe c:\windows\system32\4579.exe c:\windows\system32\474.exe c:\windows\system32\4ac4084b59c4dd305637877d8b26c34a.exe c:\windows\system32\5185.exe c:\windows\system32\5355.exe c:\windows\system32\553.exe c:\windows\system32\5596.exe c:\windows\system32\564.exe c:\windows\system32\5705.exe c:\windows\system32\5741.exe c:\windows\system32\5752.exe c:\windows\system32\5792.exe c:\windows\system32\58501e6eb3e103caa4a1ccddd9bef277.exe c:\windows\system32\6001.exe c:\windows\system32\6077.exe c:\windows\system32\618.exe c:\windows\system32\6334.exe c:\windows\system32\6393.exe c:\windows\system32\7165.exe c:\windows\system32\7178.exe c:\windows\system32\7213.exe c:\windows\system32\739.exe c:\windows\system32\7448.exe c:\windows\system32\762.exe c:\windows\system32\7740.exe c:\windows\system32\785.exe c:\windows\system32\7963.exe c:\windows\system32\8070.exe c:\windows\system32\8661.exe c:\windows\system32\8699.exe c:\windows\system32\884.exe c:\windows\system32\8844.exe c:\windows\system32\9021.exe c:\windows\system32\9171.exe c:\windows\system32\9384.exe c:\windows\system32\9922.exe c:\windows\system32\ceffdefbbcbe.dll c:\windows\system32\rpcss(2)(3).dll c:\windows\system32\wininit.dll D:\AUTORUN.INF . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))) . 2009-12-29 09:35 . 2009-12-29 09:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-12-29 09:34 . 2009-12-29 09:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-29 08:58 . 2009-12-29 08:58 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-12-29 08:57 . 2009-12-29 08:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-29 08:54 . 2009-12-29 08:54 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-12-29 08:50 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-29 08:50 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-29 08:50 . 2009-12-29 08:50 -------- d-----w- c:\windows\ie8updates 2009-12-29 08:49 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-29 08:47 . 2009-12-29 08:49 -------- dc-h--w- c:\windows\ie8 2009-12-29 05:09 . 2009-12-29 05:09 -------- d-----w- c:\program files\CCleaner 2009-12-29 05:02 . 2009-12-29 05:03 282640 ----a-w- c:\windows\system32\bd1890d0442bfdfc1ecc937088d45791.exe 2009-12-29 04:14 . 2009-12-29 04:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-24 13:23 . 2009-12-24 13:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert 2009-12-24 13:16 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-12-24 13:16 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll 2009-12-24 13:16 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-12-24 13:16 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-12-24 13:16 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip 2009-12-24 13:16 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2009-12-24 13:13 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Common Files\PC Tools 2009-12-24 13:11 . 2009-12-29 07:20 -------- d-----w- c:\program files\Spyware Doctor 2009-12-24 08:30 . 2009-12-24 08:30 -------- d-----w- c:\program files\THQ 2009-12-24 08:26 . 2009-12-24 08:26 -------- d-----w- c:\documents and settings\Owner\WINDOWS 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Singlesnet 2009-12-22 10:37 . 2009-12-22 10:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Singlesnet.com 2009-12-15 05:49 . 2009-12-15 05:49 -------- d-----w- c:\program files\Singlesnet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-31 02:17 . 2008-02-18 10:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-30 06:15 . 2008-12-22 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-30 05:36 . 2008-12-22 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 09:22 . 2007-12-17 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-12-29 09:03 . 2006-09-12 16:01 -------- d-----w- c:\program files\Google 2009-12-29 08:38 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-12-29 08:38 . 2006-09-12 15:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-29 07:41 . 2008-12-22 03:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-29 06:40 . 2007-12-17 06:42 -------- d-----w- c:\program files\Yahoo! 2009-12-29 06:40 . 2007-12-22 05:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo! 2009-12-29 06:39 . 2006-09-12 15:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-20 02:26 . 2008-12-22 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-12-08 10:06 . 2009-12-06 07:30 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-03 21:14 . 2008-12-22 02:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 21:13 . 2008-12-22 02:45 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-11-15 03:18 . 2006-09-12 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-15 03:18 . 2009-11-15 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-29 07:45 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-10 17:51 79872 ----a-w- c:\windows\system32\raschap.dll 2008-12-22 03:13 . 2007-12-28 08:27 88 -csh--r- c:\windows\system32\CAF27C8742.sys 2008-12-22 03:13 . 2007-12-28 08:27 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [X] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Singlesnet"="c:\program files\Singlesnet\Singlesnet\Singlesnet.exe" [2009-12-10 2797096] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "BuildBU"="c:\dell\bldbubg.exe" [2006-09-12 61440] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 98304] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 11:04 10520 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/22/2008 12:13 AM 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/22/2008 12:13 AM 107272] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/22/2008 12:13 AM 231704] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/22/2008 12:13 AM 903960] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/24/2009 8:16 AM 112592] S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm069YYUS&fl=0&ptb=L8IydndJJbCcCny79NftrA&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb uStart Page = hxxp://m.www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Search - ?p=ZKxdm176YYUS IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . - - - - ORPHANS REMOVED - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) Notify-afeccfdcfcebfd - c:\windows\system32\afeccfdcfcebfd.dll AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 21:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\_b1ae926ba28dd8f22124f852ee74a2f5.sys_.vir 39936 bytes executable c:\windows\system32\b1ae926ba28dd8f22124f852ee74a2f5.sys 39936 bytes executable scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b1ae926ba28dd8f22124f852ee74a2f5] "ImagePath"="system32\b1ae926ba28dd8f22124f852ee74a2f5.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(616) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(2116) c:\windows\system32\WININET.dll c:\program files\Singlesnet\Singlesnet\winhooks.dll c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\wdfmgr.exe c:\windows\stsystra.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe . ************************************************************************** . Completion time: 2009-12-30 21:24:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-31 02:23 Pre-Run: 45,635,338,240 bytes free Post-Run: 45,542,211,584 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 81CEE7DD4E1D146C499B9A8E3AA38B4D
  8. mlmaynard
    The computer won't run MWB, AVG, Hijackthis, procexp, etc. Have tried renaming all to winlogin or chrome and others, still won't run. Please tell me if I have posted in the wrong place or inappropriately. MWB is installed but won't run GMER Log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-30 04:13:00 Windows 5.1.2600 Service Pack 3 Running: 7c4s4q7b.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfloapob.sys ---- System - GMER 1.0.15 ---- Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) ZwCreateKey [0xF84C5C8E] Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) ZwEnumerateKey [0xF84C5D13] Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) ZwOpenKey [0xF84C5C10] Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) ZwQueryDirectoryFile [0xF84C5999] Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) IoCreateFile Code b1ae926ba28dd8f22124f852ee74a2f5.sys (ckmd/Noves Inc) NtQueryDirectoryFile ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\b1ae926ba28dd8f22124f852ee74a2f5.sys (*** hidden *** ) [bOOT] b1ae926ba28dd8f22124f852ee74a2f5 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@c &registry_path=\Registry\Machine\System\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=b1ae926ba28dd8f22124f852ee74a2f5&path=system32\b1ae926ba28dd8f22124f852ee74a2f5.sys&wmid=Dkx002&idate=2009-02-05 18:35:35:218&last_download_time=2009-12-28 22:54:32.125&first_skip=1&last_update_ip_pos=0&fails_0=1 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@ImagePath system32\b1ae926ba28dd8f22124f852ee74a2f5.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@DisplayName b1ae926ba28dd8f22124f852ee74a2f5 Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5@Group System Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@c &registry_path=\Registry\Machine\System\CurrentControlSet\Services\b1ae926ba28dd8f22124f852ee74a2f5&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=b1ae926ba28dd8f22124f852ee74a2f5&path=system32\b1ae926ba28dd8f22124f852ee74a2f5.sys&wmid=Dkx002&idate=2009-02-05 18:35:35:218&last_download_time=2009-12-28 22:54:32.125&first_skip=1&last_update_ip_pos=0&fails_0=1 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@Tag 7 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@ImagePath system32\b1ae926ba28dd8f22124f852ee74a2f5.sys Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@DisplayName b1ae926ba28dd8f22124f852ee74a2f5 Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5@Group System Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5\Security (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\b1ae926ba28dd8f22124f852ee74a2f5\Security@Security 0x01 0x00 0x14 0x80 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\b1ae926ba28dd8f22124f852ee74a2f5.sys 39936 bytes executable <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- DDS Log: DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:04:34.23 on Wed 12/30/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.125 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe G:\dds (2).scr ============== Pseudo HJT Report =============== uSearch Bar = uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm069YYUS&fl=0&ptb=L8IydndJJbCcCny79NftrA&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sb uStart Page = hxxp://m.www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Yahoo! Pager] 1 uRun: [singlesnet] c:\program files\singlesnet\singlesnet\Singlesnet.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [buildBU] c:\dell\bldbubg.exe mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: &Search - ?p=ZKxdm176YYUS IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: afeccfdcfcebfd - c:\windows\system32\afeccfdcfcebfd.dll Notify: avgrsstarter - avgrsstx.dll Notify: ceffdefbbcbe - c:\windows\system32\ceffdefbbcbe.dll Notify: igfxcui - igfxdev.dll Hosts: 89.149.206.68 www.google.com Hosts: 89.149.206.68 www.google.de Hosts: 89.149.206.68 www.google.fr Hosts: 89.149.206.68 www.google.co.uk Hosts: 89.149.206.68 www.google.com.br Note: multiple HOSTS entries found. Please refer to Attach.txt ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-22 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-22 27656] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-22 107272] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-22 231704] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-22 903960] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-24 112592] S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\zdndis5.sys --> c:\windows\system32\ZDNDIS5.SYS [?] =============== Created Last 30 ================ 2009-12-29 08:58:33 0 d-sh--w- c:\documents and settings\owner\PrivacIE 2009-12-29 08:54:58 0 d-sh--w- c:\documents and settings\owner\IETldCache 2009-12-29 08:50:51 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-29 08:50:50 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-29 08:50:46 0 d-----w- c:\windows\ie8updates 2009-12-29 08:49:46 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-29 08:47:25 0 dc-h--w- c:\windows\ie8 2009-12-29 05:09:29 0 d-----w- c:\program files\CCleaner 2009-12-29 05:03:01 207888 ----a-w- c:\windows\system32\58501e6eb3e103caa4a1ccddd9bef277.exe 2009-12-29 05:03:00 124448 ----a-w- c:\windows\system32\4ac4084b59c4dd305637877d8b26c34a.exe 2009-12-29 05:02:59 282640 ----a-w- c:\windows\system32\bd1890d0442bfdfc1ecc937088d45791.exe 2009-12-27 13:18:19 116224 ------w- c:\windows\system32\ceffdefbbcbe.dll 2009-12-25 09:57:45 0 ----a-w- c:\windows\system32\28145.exe 2009-12-25 09:37:44 0 ----a-w- c:\windows\system32\5705.exe 2009-12-25 09:17:44 0 ----a-w- c:\windows\system32\24464.exe 2009-12-25 08:57:44 0 ----a-w- c:\windows\system32\26962.exe 2009-12-24 15:37:24 0 ----a-w- c:\windows\system32\9171.exe 2009-12-24 15:17:23 0 ----a-w- c:\windows\system32\21286.exe 2009-12-24 14:57:21 0 ----a-w- c:\windows\system32\16761.exe 2009-12-24 13:57:37 0 ----a-w- c:\windows\system32\8699.exe 2009-12-24 13:37:36 0 ----a-w- c:\windows\system32\5752.exe 2009-12-24 13:17:34 0 ----a-w- c:\windows\system32\12730.exe 2009-12-24 13:16:22 882 ----a-w- c:\windows\RegSDImport.xml 2009-12-24 13:16:22 880 ----a-w- c:\windows\RegISSImport.xml 2009-12-24 13:16:22 767952 ----a-w- c:\windows\BDTSupport.dll 2009-12-24 13:16:22 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-12-24 13:16:21 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-12-24 13:16:21 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-12-24 13:16:21 131 ----a-w- c:\windows\IDB.zip 2009-12-24 13:16:21 1152444 ----a-w- c:\windows\UDB.zip 2009-12-24 13:13:13 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-12-24 13:13:13 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-12-24 13:11:44 0 d-----w- c:\program files\common files\PC Tools 2009-12-24 13:11:43 0 d-----w- c:\program files\Spyware Doctor 2009-12-24 12:57:27 0 ----a-w- c:\windows\system32\564.exe 2009-12-24 12:37:26 0 ----a-w- c:\windows\system32\24470.exe 2009-12-24 12:17:23 0 ----a-w- c:\windows\system32\2540.exe 2009-12-24 11:57:22 0 ----a-w- c:\windows\system32\29695.exe 2009-12-24 11:37:22 0 ----a-w- c:\windows\system32\20494.exe 2009-12-24 11:17:21 0 ----a-w- c:\windows\system32\18422.exe 2009-12-24 10:57:21 0 ----a-w- c:\windows\system32\28017.exe 2009-12-24 10:37:21 0 ----a-w- c:\windows\system32\20060.exe 2009-12-24 10:17:20 0 ----a-w- c:\windows\system32\21861.exe 2009-12-24 09:57:19 0 ----a-w- c:\windows\system32\24177.exe 2009-12-24 09:37:19 0 ----a-w- c:\windows\system32\13667.exe 2009-12-24 09:17:18 0 ----a-w- c:\windows\system32\5741.exe 2009-12-24 08:57:17 0 ----a-w- c:\windows\system32\10410.exe 2009-12-24 08:37:17 0 ----a-w- c:\windows\system32\884.exe 2009-12-24 08:30:17 0 d-----w- c:\program files\THQ 2009-12-24 08:26:48 0 d-----w- c:\documents and settings\owner\WINDOWS 2009-12-24 08:17:16 0 ----a-w- c:\windows\system32\31599.exe 2009-12-24 07:57:15 0 ----a-w- c:\windows\system32\28765.exe 2009-12-24 07:37:15 0 ----a-w- c:\windows\system32\21107.exe 2009-12-24 07:17:13 0 ----a-w- c:\windows\system32\24325.exe 2009-12-24 06:57:13 0 ----a-w- c:\windows\system32\11021.exe 2009-12-24 06:37:13 0 ----a-w- c:\windows\system32\20502.exe 2009-12-24 06:17:12 0 ----a-w- c:\windows\system32\7448.exe 2009-12-24 05:57:12 0 ----a-w- c:\windows\system32\11159.exe 2009-12-24 05:37:11 0 ----a-w- c:\windows\system32\25405.exe 2009-12-24 05:17:10 0 ----a-w- c:\windows\system32\26790.exe 2009-12-24 04:57:10 0 ----a-w- c:\windows\system32\16271.exe 2009-12-24 04:37:09 0 ----a-w- c:\windows\system32\3348.exe 2009-12-24 04:17:09 0 ----a-w- c:\windows\system32\10624.exe 2009-12-24 03:57:08 0 ----a-w- c:\windows\system32\22002.exe 2009-12-24 03:37:08 0 ----a-w- c:\windows\system32\8070.exe 2009-12-24 03:17:07 0 ----a-w- c:\windows\system32\24615.exe 2009-12-24 02:57:06 0 ----a-w- c:\windows\system32\18968.exe 2009-12-24 02:37:06 0 ----a-w- c:\windows\system32\3232.exe 2009-12-24 02:17:06 0 ----a-w- c:\windows\system32\9922.exe 2009-12-24 01:57:05 0 ----a-w- c:\windows\system32\11721.exe 2009-12-24 01:37:05 0 ----a-w- c:\windows\system32\386.exe 2009-12-24 01:17:04 0 ----a-w- c:\windows\system32\23616.exe 2009-12-24 00:57:04 0 ----a-w- c:\windows\system32\26550.exe 2009-12-24 00:37:03 0 ----a-w- c:\windows\system32\12045.exe 2009-12-23 15:20:53 0 ----a-w- c:\windows\system32\31060.exe 2009-12-23 15:00:52 0 ----a-w- c:\windows\system32\18721.exe 2009-12-23 14:40:52 0 ----a-w- c:\windows\system32\618.exe 2009-12-23 14:20:52 0 ----a-w- c:\windows\system32\11165.exe 2009-12-23 14:00:51 0 ----a-w- c:\windows\system32\31989.exe 2009-12-23 13:40:50 0 ----a-w- c:\windows\system32\18636.exe 2009-12-23 13:20:50 0 ----a-w- c:\windows\system32\26478.exe 2009-12-23 13:00:49 0 ----a-w- c:\windows\system32\27777.exe 2009-12-23 12:40:49 0 ----a-w- c:\windows\system32\23751.exe 2009-12-23 12:20:48 0 ----a-w- c:\windows\system32\32515.exe 2009-12-23 12:00:48 0 ----a-w- c:\windows\system32\8661.exe 2009-12-23 11:40:47 0 ----a-w- c:\windows\system32\6077.exe 2009-12-23 11:20:47 0 ----a-w- c:\windows\system32\20536.exe 2009-12-23 11:00:46 0 ----a-w- c:\windows\system32\6001.exe 2009-12-23 10:40:46 0 ----a-w- c:\windows\system32\27341.exe 2009-12-23 10:20:46 0 ----a-w- c:\windows\system32\31549.exe 2009-12-23 10:00:45 0 ----a-w- c:\windows\system32\5596.exe 2009-12-23 09:40:45 0 ----a-w- c:\windows\system32\29963.exe 2009-12-23 09:20:44 0 ----a-w- c:\windows\system32\14698.exe 2009-12-23 09:00:44 0 ----a-w- c:\windows\system32\10059.exe 2009-12-23 08:40:44 0 ----a-w- c:\windows\system32\3713.exe 2009-12-23 08:20:43 0 ----a-w- c:\windows\system32\30982.exe 2009-12-23 08:00:43 0 ----a-w- c:\windows\system32\4180.exe 2009-12-23 07:40:42 0 ----a-w- c:\windows\system32\9384.exe 2009-12-23 07:20:41 0 ----a-w- c:\windows\system32\4215.exe 2009-12-23 07:00:41 0 ----a-w- c:\windows\system32\14103.exe 2009-12-23 06:40:40 0 ----a-w- c:\windows\system32\20916.exe 2009-12-23 06:20:40 0 ----a-w- c:\windows\system32\32237.exe 2009-12-23 06:00:39 0 ----a-w- c:\windows\system32\7963.exe 2009-12-23 05:40:38 0 ----a-w- c:\windows\system32\13041.exe 2009-12-23 05:20:38 0 ----a-w- c:\windows\system32\25951.exe 2009-12-23 05:00:37 0 ----a-w- c:\windows\system32\22563.exe 2009-12-23 04:40:37 0 ----a-w- c:\windows\system32\29348.exe 2009-12-23 04:20:37 0 ----a-w- c:\windows\system32\762.exe 2009-12-23 04:00:36 0 ----a-w- c:\windows\system32\15682.exe 2009-12-23 03:40:34 0 ----a-w- c:\windows\system32\5792.exe 2009-12-23 03:20:33 0 ----a-w- c:\windows\system32\31793.exe 2009-12-23 03:00:32 0 ----a-w- c:\windows\system32\29775.exe 2009-12-23 02:40:32 0 ----a-w- c:\windows\system32\1040.exe 2009-12-23 02:20:31 0 ----a-w- c:\windows\system32\17955.exe 2009-12-23 02:00:30 0 ----a-w- c:\windows\system32\21009.exe 2009-12-23 01:40:30 0 ----a-w- c:\windows\system32\3065.exe 2009-12-23 01:20:29 0 ----a-w- c:\windows\system32\553.exe 2009-12-22 15:46:53 0 ----a-w- c:\windows\system32\1609.exe 2009-12-22 15:26:52 0 ----a-w- c:\windows\system32\11688.exe 2009-12-22 15:06:52 0 ----a-w- c:\windows\system32\6393.exe 2009-12-22 14:46:51 0 ----a-w- c:\windows\system32\5185.exe 2009-12-22 14:26:51 0 ----a-w- c:\windows\system32\7178.exe 2009-12-22 14:06:50 0 ----a-w- c:\windows\system32\17313.exe 2009-12-22 13:46:50 0 ----a-w- c:\windows\system32\7165.exe 2009-12-22 13:26:49 0 ----a-w- c:\windows\system32\27818.exe 2009-12-22 13:06:49 0 ----a-w- c:\windows\system32\15634.exe 2009-12-22 12:46:46 110592 ----a-w- c:\windows\system32\13421.exe 2009-12-22 12:26:45 0 ----a-w- c:\windows\system32\19537.exe 2009-12-22 12:06:45 0 ----a-w- c:\windows\system32\29780.exe 2009-12-22 11:46:45 0 ----a-w- c:\windows\system32\1196.exe 2009-12-22 11:26:44 0 ----a-w- c:\windows\system32\1260.exe 2009-12-22 11:06:44 0 ----a-w- c:\windows\system32\29156.exe 2009-12-22 10:46:43 0 ----a-w- c:\windows\system32\25963.exe 2009-12-22 10:37:10 0 d-----w- c:\docume~1\owner\applic~1\Singlesnet 2009-12-22 10:19:25 0 ----a-w- c:\windows\system32\7740.exe 2009-12-22 09:59:25 0 ----a-w- c:\windows\system32\20630.exe 2009-12-22 09:39:24 0 ----a-w- c:\windows\system32\14388.exe 2009-12-22 09:19:24 0 ----a-w- c:\windows\system32\31605.exe 2009-12-22 08:59:23 0 ----a-w- c:\windows\system32\16598.exe 2009-12-22 08:39:23 0 ----a-w- c:\windows\system32\12140.exe 2009-12-22 08:19:22 0 ----a-w- c:\windows\system32\4579.exe 2009-12-22 07:59:22 0 ----a-w- c:\windows\system32\14789.exe 2009-12-22 07:39:00 0 ----a-w- c:\windows\system32\4230.exe 2009-12-22 07:18:59 0 ----a-w- c:\windows\system32\17127.exe 2009-12-22 06:58:59 0 ----a-w- c:\windows\system32\20115.exe 2009-12-22 06:38:57 0 ----a-w- c:\windows\system32\10185.exe 2009-12-22 05:59:11 0 ----a-w- c:\windows\system32\27243.exe 2009-12-22 05:39:10 0 ----a-w- c:\windows\system32\15034.exe 2009-12-22 05:19:10 0 ----a-w- c:\windows\system32\785.exe 2009-12-22 04:59:10 0 ----a-w- c:\windows\system32\14189.exe 2009-12-22 04:39:09 0 ----a-w- c:\windows\system32\9021.exe 2009-12-22 04:19:09 0 ----a-w- c:\windows\system32\2360.exe 2009-12-22 03:59:08 0 ----a-w- c:\windows\system32\7213.exe 2009-12-22 03:39:08 0 ----a-w- c:\windows\system32\11447.exe 2009-12-22 03:19:07 0 ----a-w- c:\windows\system32\1595.exe 2009-12-22 02:59:07 0 ----a-w- c:\windows\system32\26240.exe 2009-12-22 02:39:06 0 ----a-w- c:\windows\system32\474.exe 2009-12-22 02:19:06 0 ----a-w- c:\windows\system32\15356.exe 2009-12-22 01:59:06 0 ----a-w- c:\windows\system32\13611.exe 2009-12-22 01:39:05 0 ----a-w- c:\windows\system32\1034.exe 2009-12-22 01:19:03 0 ----a-w- c:\windows\system32\13035.exe 2009-12-21 14:52:36 0 ----a-w- c:\windows\system32\31045.exe 2009-12-21 14:32:36 0 ----a-w- c:\windows\system32\31303.exe 2009-12-21 14:12:35 0 ----a-w- c:\windows\system32\739.exe 2009-12-21 13:52:34 0 ----a-w- c:\windows\system32\1390.exe 2009-12-21 13:32:34 0 ----a-w- c:\windows\system32\20020.exe 2009-12-21 13:12:12 0 ----a-w- c:\windows\system32\1698.exe 2009-12-21 12:40:08 0 ----a-w- c:\windows\system32\17260.exe 2009-12-21 12:20:07 0 ----a-w- c:\windows\system32\362.exe 2009-12-21 12:00:06 0 ----a-w- c:\windows\system32\26055.exe 2009-12-21 11:40:06 0 ----a-w- c:\windows\system32\12384.exe 2009-12-21 11:20:05 0 ----a-w- c:\windows\system32\29646.exe 2009-12-21 11:00:05 0 ----a-w- c:\windows\system32\21451.exe 2009-12-21 10:40:04 0 ----a-w- c:\windows\system32\25005.exe 2009-12-21 10:20:04 0 ----a-w- c:\windows\system32\30218.exe 2009-12-21 10:00:03 0 ----a-w- c:\windows\system32\29585.exe 2009-12-21 05:37:15 0 ----a-w- c:\windows\system32\23272.exe 2009-12-21 05:17:14 0 ----a-w- c:\windows\system32\24449.exe 2009-12-21 04:57:14 0 ----a-w- c:\windows\system32\12696.exe 2009-12-21 04:37:13 0 ----a-w- c:\windows\system32\5355.exe 2009-12-21 04:17:13 0 ----a-w- c:\windows\system32\186.exe 2009-12-21 03:57:13 0 ----a-w- c:\windows\system32\8844.exe 2009-12-21 03:37:09 110592 ----a-w- c:\windows\system32\31915.exe 2009-12-21 03:17:08 0 ----a-w- c:\windows\system32\17679.exe 2009-12-21 02:57:06 0 ----a-w- c:\windows\system32\11161.exe 2009-12-21 02:37:04 0 ----a-w- c:\windows\system32\12468.exe 2009-12-21 02:17:04 0 ----a-w- c:\windows\system32\13254.exe 2009-12-21 01:57:03 0 ----a-w- c:\windows\system32\25017.exe 2009-12-21 01:37:03 0 ----a-w- c:\windows\system32\29328.exe 2009-12-21 00:57:57 744 ----a-w- c:\windows\system32\wininit.dll 2009-12-20 03:09:12 0 ----a-w- c:\windows\system32\29358.exe 2009-12-20 02:49:11 0 ----a-w- c:\windows\system32\11478.exe 2009-12-20 02:29:09 0 ----a-w- c:\windows\system32\15724.exe 2009-12-20 02:09:09 0 ----a-w- c:\windows\system32\19169.exe 2009-12-20 01:49:08 0 ----a-w- c:\windows\system32\26500.exe 2009-12-19 15:57:41 0 ----a-w- c:\windows\system32\6334.exe 2009-12-19 14:59:37 0 d-----w- c:\program files\InternetSecurity2010 2009-12-19 14:58:30 0 ----a-w- c:\windows\system32\18467.exe 2009-12-15 05:49:17 0 d-----w- c:\program files\Singlesnet ==================== Find3M ==================== 2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 21:13:56 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-10-29 07:46:51 133120 ------w- c:\windows\system32\dllcache\extmgr.dll 2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll 2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll 2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll 2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll 2009-10-29 07:45:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-29 07:45:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll 2009-10-29 07:45:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll 2009-10-29 07:45:33 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll 2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll 2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll 2008-12-22 03:13:25 88 -csh--r- c:\windows\system32\CAF27C8742.sys 2008-12-22 03:13:26 3558 -csha-w- c:\windows\system32\KGyGaAvL.sys 2008-12-22 07:07:46 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat ============= FINISH: 2:05:06.04 =============== Attach.zip
  9. mlmaynard
    The computer won't run MWB, AVG, Hijackthis, procexp, etc. Have tried renaming all to winlogin or chrome and others, still won't run. Please tell me if I have posted in the wrong place or inappropriately. MWB is installed but won't run
  10. mlmaynard
    MWB won't run and the installation won't run It won't browse to microsoft sites, MWB site, Spybot site and AVG site Computer is used primarily for entering UPS shipments, user indicates that the first symptom appeared after updating to new UPS shipping program. Program would not upload shipments to UPS database. After running CCleaner it was able to upload to UPS and has been functioning all week The computer infects my thumb drive with m.exe each time the stick is inserted. AVG finds m.exe and kills it on my machine. This is my first time here, please let me know if I need to do anything differently. Following is Combofix log. ComboFix 09-10-01.05 - Carol Kurburski 10/02/2009 16:00.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.627 [GMT -4:00] Running from: c:\documents and settings\Carol Kurburski\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\LOG10.tmp c:\windows\system32\bszip.dll . ((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 ))))))))))))))))))))))))))))))) . 2009-10-02 19:14 . 2009-10-02 19:14 -------- d-----w- c:\windows\LastGood 2009-10-02 13:44 . 2009-10-02 13:44 -------- d-sh--w- c:\documents and settings\Carol Kurburski\PrivacIE 2009-10-02 13:35 . 2009-10-02 13:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-02 13:34 . 2009-10-02 13:34 -------- d-sh--w- c:\documents and settings\Carol Kurburski\IETldCache 2009-10-02 13:32 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-10-02 13:32 . 2009-10-02 19:14 -------- d-----w- c:\windows\ie8updates 2009-10-02 13:32 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-10-02 13:32 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-02 13:29 . 2009-10-02 13:31 -------- dc-h--w- c:\windows\ie8 2009-10-02 13:22 . 2009-10-02 13:22 -------- d-----w- c:\program files\CCleaner 2009-10-01 21:20 . 2009-10-01 21:20 -------- d-----w- c:\windows\system32\scripting 2009-10-01 21:20 . 2009-10-01 21:20 -------- d-----w- c:\windows\system32\en 2009-10-01 21:20 . 2009-10-01 21:20 -------- d-----w- c:\windows\l2schemas 2009-10-01 21:20 . 2009-10-01 21:20 -------- d-----w- c:\windows\system32\bits 2009-10-01 20:41 . 2009-10-02 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-01 20:41 . 2009-10-01 20:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-01 19:37 . 2009-10-01 19:37 -------- d-----w- c:\documents and settings\Carol Kurburski\Application Data\Malwarebytes 2009-10-01 19:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-01 19:37 . 2009-10-02 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-01 19:37 . 2009-10-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-01 19:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-01 17:07 . 2009-10-01 17:07 37027 ----a-w- c:\windows\atmoUn.exe 2009-10-01 17:07 . 2009-10-01 17:07 -------- d-----w- c:\program files\Viewpoint 2009-10-01 17:07 . 2009-10-01 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-30 14:19 . 2009-09-30 14:19 192528 ----a-w- c:\windows\system32\lastmon.dll 2009-09-30 14:11 . 2009-09-30 14:11 124433 ----a-w- c:\windows\system32\43a10e6f6f505ef782d30eb9fc21aeb4.exe 2009-09-28 13:18 . 2009-09-28 13:18 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-28 13:18 . 2009-09-28 13:18 -------- d-----w- c:\program files\MSBuild 2009-09-28 13:17 . 2009-09-28 13:17 -------- d-----w- c:\program files\Reference Assemblies 2009-09-28 13:17 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-28 13:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-09-28 13:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-28 13:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-09-28 13:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-09-28 13:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-09-28 13:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-28 13:17 . 2009-09-28 13:17 -------- d-----w- C:\973832959da5721149981abede41b377 2009-09-28 13:12 . 2009-09-28 13:12 -------- d-----w- c:\program files\MSXML 6.0 2009-09-28 07:00 . 2009-09-28 07:00 -------- d-----w- C:\0735a66093a4fd0e5ead08f5cbef8d6f 2009-09-28 07:00 . 2009-09-28 07:00 -------- d-----w- C:\d58c0944001ee32495e0de5cb2cc 2009-09-27 07:00 . 2009-09-27 07:00 -------- d-----w- C:\194c58a65864016cfcc3 2009-09-27 07:00 . 2009-09-27 23:00 -------- d-----w- C:\ea2c594275adb03d8de956 2009-09-26 07:00 . 2009-09-26 23:00 -------- d-----w- C:\374deebc06623cc590df5ccc56b2749f 2009-09-09 10:39 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-02 19:13 . 2006-01-03 18:02 -------- d-----w- c:\program files\frsm 2009-10-02 13:49 . 2005-06-20 16:02 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-02 13:42 . 2005-06-20 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-02 13:36 . 2005-07-09 16:49 70032 ----a-w- c:\documents and settings\Carol Kurburski\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 17:11 . 2005-07-22 17:21 -------- d-----w- c:\documents and settings\Carol Kurburski\Application Data\AdobeUM 2009-09-24 17:36 . 2005-06-20 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-18 17:15 . 2007-10-18 15:07 -------- d-----w- c:\documents and settings\Carol Kurburski\Application Data\U3 2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 14:08 . 2004-08-04 10:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 20:41 . 2009-07-11 20:41 184848 ----a-w- c:\windows\D3F9E9A66D1E815166FF5F3F895FC79.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{506CD401-5203-4B27-BB5A-03C97758FD02}] 2009-09-30 14:19 192528 ----a-w- c:\windows\SYSTEM32\lastmon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="1" [X] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "frsm"="c:\program files\frsm\frsm.exe" [2006-01-03 434176] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2007-12-13 20480] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536] UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edaafdb] 2003-08-14 03:06 280079 ------w- c:\windows\SYSTEM32\edaafdb.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: kewill.net\webfence DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {2FF70FAD-C1C7-43F0-8B97-0C010656C124} - hxxps://webfence.kewill.net/activex/KFrsmActiveX.CAB DPF: {8D5267D0-657B-4A38-94C7-6F2888EDFC60} - hxxps://webfence.kewill.net/activex/KPrintActiveX.CAB DPF: {E7DE4C27-C7D6-4022-8EB7-FC3AFD99B3A2} - hxxps://webfence.kewill.net/activex/KFrsmActiveX.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-02 16:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\803117850a91a1e6f2dfa690d737e1b3.sys 39936 bytes executable c:\windows\system32\_803117850a91a1e6f2dfa690d737e1b3.sys_.vir 39936 bytes executable scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\803117850a91a1e6f2dfa690d737e1b3] "ImagePath"="system32\803117850a91a1e6f2dfa690d737e1b3.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\edaafdb.dll c:\windows\system32\Wininet.dll c:\windows\system32\igfxdev.dll . Completion time: 2009-10-02 16:05 ComboFix-quarantined-files.txt 2009-10-02 20:05 Pre-Run: 57,485,918,208 bytes free Post-Run: 57,496,911,872 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 162 --- E O F --- 2009-10-02 19:15
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.