Jump to content

cad3905

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the log: ComboFix 10-07-22.01 - User 07/22/2010 17:32:51.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2812 [GMT -7:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 ))))))))))))))))))))))))))))))) . 2010-07-22 00:16 . 2010-07-22 00:16 -------- d-----w- c:\documents and settings\Employee\Local Settings\Application Data\Power2Go 2010-07-19 23:00 . 2010-07-19 23:00 -------- d-----w- C:\1da461a0591a2016d3c019bae0c5 2010-07-17 22:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-17 22:42 . 2010-07-17 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-17 22:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-17 22:38 . 2010-07-17 22:38 -------- d--h--w- c:\windows\PIF 2010-07-17 22:33 . 2010-07-17 22:33 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Little_Apps_(http___www.l 2010-07-17 22:28 . 2010-07-17 22:28 -------- d-----w- c:\program files\CleanUp! 2010-07-17 22:23 . 2010-07-17 22:25 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner 2010-07-17 22:23 . 2010-07-22 16:34 -------- d-----w- c:\program files\Little Registry Cleaner 2010-07-17 20:39 . 2010-07-17 20:39 -------- d-----w- C:\WindowsLiveSyncTemp 2010-07-17 19:28 . 2010-07-17 19:28 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-17 19:28 . 2010-07-17 19:28 -------- d-----w- c:\program files\Trend Micro 2010-07-17 16:09 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-17 16:09 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-17 16:09 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-17 16:09 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-17 16:09 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-17 16:09 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-17 16:09 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-17 16:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-07-17 16:09 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-17 16:09 . 2010-07-17 16:09 -------- d-----w- c:\program files\Alwil Software 2010-07-17 16:09 . 2010-07-17 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-07-17 00:21 . 2010-07-17 00:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-07-17 00:21 . 2010-07-17 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-15 04:20 . 2010-07-15 04:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\program files\Photodex Presenter 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\documents and settings\User\Application Data\Netscape 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\program files\Photodex 2010-07-15 02:15 . 2010-07-15 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Photodex 2010-07-15 02:15 . 2010-07-15 02:15 -------- d-----w- c:\documents and settings\User\Application Data\Photodex 2010-07-15 02:15 . 2010-07-22 16:40 -------- d-----w- c:\documents and settings\User\Application Data\regsdkrl32 2010-07-15 02:15 . 2010-07-15 02:15 717671 ----a-w- c:\documents and settings\User\Application Data\regsdkrl32\regsdkrl13.exe 2010-07-15 02:15 . 2010-07-15 02:15 140288 ----a-w- c:\windows\system32\pcre3.dll 2010-07-15 02:15 . 2010-07-17 17:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Desktop Cleanup Wizard 2010-07-13 19:55 . 2010-07-13 19:56 -------- d-----w- c:\documents and settings\User\Application Data\vlc 2010-07-13 19:22 . 2010-07-13 19:22 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer 2010-06-30 14:04 . 2010-06-30 14:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-06-26 00:04 . 2010-06-26 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-06-26 00:04 . 2010-06-26 00:04 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-06-26 00:03 . 2010-06-27 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-24 16:25 . 2010-07-02 20:22 -------- d-----w- c:\documents and settings\User\Application Data\Tor 2010-06-24 16:25 . 2010-07-02 20:22 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia 2010-06-24 16:25 . 2010-06-24 16:25 -------- d-----w- c:\program files\Vidalia Bundle . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-22 23:13 . 2008-12-18 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-07-22 00:42 . 2009-01-09 01:58 -------- d-----w- c:\documents and settings\Employee\Application Data\IBP 2010-07-22 00:17 . 2009-01-16 23:15 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-07-21 22:27 . 2009-01-21 02:21 -------- d-----w- c:\program files\VisualSVN Server 2010-07-21 00:28 . 2009-03-25 02:54 -------- d-----w- c:\documents and settings\User\Application Data\Audacity 2010-07-17 23:21 . 2010-03-10 17:36 -------- d-----w- c:\program files\Sophos 2010-07-17 17:00 . 2010-06-14 22:41 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink 2010-07-17 00:23 . 2010-06-09 01:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-16 23:53 . 2009-01-05 17:41 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2010-07-04 19:19 . 2010-06-17 17:13 -------- d-----w- c:\program files\Songbird 2010-07-01 18:37 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys 2010-06-29 20:42 . 2009-01-05 17:41 -------- d-----w- c:\program files\uTorrent 2010-06-25 22:56 . 2009-11-02 02:04 8 ----a-w- c:\windows\system32\nvModes.dat 2010-06-24 16:27 . 2010-03-09 19:05 439816 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.10\setup.exe 2010-06-21 16:58 . 2010-06-21 16:58 -------- d-----w- c:\program files\Vimeo Uploader 2010-06-21 16:43 . 2010-06-09 02:04 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-21 16:43 . 2010-06-21 16:46 53632 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-17 21:50 . 2008-12-18 18:50 -------- d-----w- c:\program files\aTunes 2010-06-17 17:29 . 2010-06-17 17:29 -------- d-----w- c:\documents and settings\User\Application Data\Songbird2 2010-06-15 01:52 . 2010-06-15 01:52 503808 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\msvcp71.dll 2010-06-15 01:52 . 2010-06-15 01:52 499712 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\jmc.dll 2010-06-15 01:52 . 2010-06-15 01:52 348160 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\msvcr71.dll 2010-06-15 01:52 . 2010-06-15 01:52 12800 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529a7fce-n\decora-d3d.dll 2010-06-15 01:52 . 2010-06-15 01:52 61440 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529a7fce-n\decora-sse.dll 2010-06-14 22:41 . 2010-06-14 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2010-06-14 22:38 . 2008-12-13 23:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-14 22:37 . 2010-06-14 22:36 -------- d-----w- c:\program files\Cyberlink 2010-06-14 22:36 . 2010-06-14 22:36 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe 2010-06-14 22:24 . 2010-06-14 22:24 -------- d-----w- c:\documents and settings\Employee\Application Data\ArcSoft 2010-06-14 22:24 . 2008-12-20 19:03 28608 ----a-w- c:\documents and settings\Employee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-14 14:31 . 2008-12-13 23:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\sysprs7.dll 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\clauth2.dll 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\clauth1.dll 2010-06-11 18:04 . 2010-06-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2010-06-09 22:06 . 2008-12-15 19:26 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-09 21:59 . 2010-06-09 21:59 -------- d-----w- c:\documents and settings\User\Application Data\vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1 2010-06-09 19:30 . 2010-06-09 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-09 19:15 . 2008-12-13 23:36 28608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-09 18:56 . 2010-06-09 18:56 -------- d-----w- c:\documents and settings\User\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 2010-06-09 18:56 . 2010-06-09 18:56 -------- d-----w- c:\program files\AdobeSupportAdvisor 2010-06-09 18:20 . 2010-06-09 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2010-06-09 16:29 . 2010-06-09 16:29 -------- d-----w- c:\program files\Adobe Media Player 2010-06-09 16:10 . 2010-06-09 16:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-06-09 01:08 . 2009-01-01 20:29 -------- d-----w- c:\documents and settings\User\Application Data\Sony 2010-06-09 01:03 . 2009-01-01 20:26 -------- d-----w- c:\program files\Sony 2010-06-09 01:02 . 2009-01-01 20:20 -------- d-----w- c:\program files\Sony Setup 2010-06-09 00:39 . 2010-06-17 18:09 704512 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\msc@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMSCDevice.dll 2010-06-09 00:37 . 2010-06-03 16:18 -------- d-----w- c:\documents and settings\User\Application Data\ArcSoft 2010-06-09 00:37 . 2010-06-03 16:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft 2010-06-09 00:36 . 2010-06-03 16:27 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-06-09 00:30 . 2010-06-17 17:13 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-09 00:30 . 2010-06-17 17:13 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2010-06-04 02:03 . 2009-02-17 20:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-03 16:27 . 2010-06-03 16:27 -------- d-----w- c:\program files\Kodak 2010-05-23 00:14 . 2010-05-23 00:14 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\msvcp71.dll 2010-05-23 00:14 . 2010-05-23 00:14 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\jmc.dll 2010-05-23 00:14 . 2010-05-23 00:14 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\msvcr71.dll 2010-05-23 00:14 . 2010-05-23 00:14 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-157dba78-n\decora-sse.dll 2010-05-23 00:14 . 2010-05-23 00:14 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-157dba78-n\decora-d3d.dll 2010-05-21 21:14 . 2009-10-09 18:50 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 00:30 . 2010-06-17 18:09 282624 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll 2010-05-10 00:30 . 2010-06-17 18:09 110592 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll 2010-05-10 00:30 . 2010-06-17 18:09 872448 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\mtp@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMTPWin32.dll 2010-05-10 00:28 . 2010-06-17 18:09 13312 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGracenoteStub.dll 2010-05-10 00:28 . 2010-06-17 18:09 571904 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_sdkmanager.dll 2010-05-10 00:28 . 2010-06-17 18:09 154624 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_search.dll 2010-05-10 00:28 . 2010-06-17 18:09 114688 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_link.dll 2010-05-10 00:28 . 2010-06-17 18:09 81920 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGracenote.dll 2010-05-10 00:28 . 2010-06-17 18:09 81408 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_musicid_cd.dll 2010-05-10 00:28 . 2010-06-17 18:09 13312 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGearworksStub.dll 2010-05-10 00:28 . 2010-06-17 18:09 65536 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGearworksCD.dll 2010-05-10 00:28 . 2010-06-17 18:09 394600 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwrks32.dll 2010-05-10 00:28 . 2010-06-17 18:09 3573096 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gearaw32.dll 2010-05-10 00:28 . 2010-06-17 18:09 238952 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwlangen.dll 2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 23:05 . 2010-05-05 23:05 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\msvcp71.dll 2010-05-05 23:05 . 2010-05-05 23:05 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\jmc.dll 2010-05-05 23:05 . 2010-05-05 23:05 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\msvcr71.dll 2010-05-05 23:05 . 2010-05-05 23:05 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-495447ae-n\decora-sse.dll 2010-05-05 23:05 . 2010-05-05 23:05 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-495447ae-n\decora-d3d.dll 2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2002-09-11 14:26 . 2009-02-18 03:38 63730 ------w- c:\program files\viewsonicinstruct_xp.pdf 2009-12-05 23:05 . 2008-12-19 05:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-22_16.58.27 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2009-10-23 1171784] "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2009-08-13 2684200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "DeltTray"="DeltTray.exe" [2002-12-06 56320] "D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-13 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-07-01 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264] c:\documents and settings\Employee\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2009-7-24 6574687] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\aTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VisualSVN Server\\bin\\VisualSVNServer.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\IBP 11\\IBP.exe"= "c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server "42234:TCP"= 42234:TCP:Tor "42235:TCP"= 42235:TCP:Tor2
  2. Here's the combofix log. I tried to delete the folder but got "Acces Denied , make sure disk not full etc." Tried to delete the individual files, didn't work either Thank you. combofixlog.txt
  3. uploaded the file you asked for, here are the results: http://www.virustotal.com/analisis/37ac8eb...bdd4-1279791281 Will work on the combofix next (need close browser)
  4. Here's the log; thanks! ComboFix 10-07-21.01 - User 07/21/2010 15:20:21.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2884 [GMT -7:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Employee\Application Data\EurekaLog c:\documents and settings\User\psgold_41_2737.exe c:\documents and settings\User\regsdkrl13.exe c:\program files\VisualSVN Server\httpd-wrapper.bat c:\windows\system32\hgfcdc.dll c:\windows\system32\jkkiff.dll c:\windows\system32\lsprst7.dll c:\windows\system32\rqppmm.dll c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VisualSVNServer -------\Service_VisualSVNServer ((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))) . 2010-07-19 23:00 . 2010-07-19 23:00 -------- d-----w- C:\1da461a0591a2016d3c019bae0c5 2010-07-17 22:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-17 22:42 . 2010-07-17 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-17 22:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-17 22:38 . 2010-07-17 22:38 -------- d--h--w- c:\windows\PIF 2010-07-17 22:33 . 2010-07-17 22:33 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Little_Apps_(http___www.l 2010-07-17 22:28 . 2010-07-17 22:28 -------- d-----w- c:\program files\CleanUp! 2010-07-17 22:23 . 2010-07-17 22:25 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner 2010-07-17 22:23 . 2010-07-17 22:23 -------- d-----w- c:\program files\Little Registry Cleaner 2010-07-17 20:39 . 2010-07-17 20:39 -------- d-----w- C:\WindowsLiveSyncTemp 2010-07-17 19:28 . 2010-07-17 19:28 -------- d-----w- c:\program files\Trend Micro 2010-07-17 16:09 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-17 16:09 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-17 16:09 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-17 16:09 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-17 16:09 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-17 16:09 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-17 16:09 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-17 16:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-07-17 16:09 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-17 16:09 . 2010-07-17 16:09 -------- d-----w- c:\program files\Alwil Software 2010-07-17 16:09 . 2010-07-17 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-07-17 00:32 . 2010-07-17 00:32 94720 ---ha-w- c:\windows\system32\xxywtu.dll 2010-07-17 00:21 . 2010-07-17 00:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-07-17 00:21 . 2010-07-17 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-15 04:20 . 2010-07-15 04:20 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\program files\Photodex Presenter 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\documents and settings\User\Application Data\Netscape 2010-07-15 02:18 . 2010-07-15 02:18 -------- d-----w- c:\program files\Photodex 2010-07-15 02:15 . 2010-07-15 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Photodex 2010-07-15 02:15 . 2010-07-15 02:15 -------- d-----w- c:\documents and settings\User\Application Data\Photodex 2010-07-15 02:15 . 2010-07-15 02:15 -------- d-----w- c:\documents and settings\User\Application Data\regsdkrl32 2010-07-15 02:15 . 2010-07-15 02:15 140288 ----a-w- c:\windows\system32\pcre3.dll 2010-07-15 02:15 . 2010-07-17 17:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Desktop Cleanup Wizard 2010-07-13 19:55 . 2010-07-13 19:56 -------- d-----w- c:\documents and settings\User\Application Data\vlc 2010-07-13 19:22 . 2010-07-13 19:22 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer 2010-06-30 14:04 . 2010-06-30 14:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-06-26 00:04 . 2010-06-26 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-06-26 00:03 . 2010-06-27 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-24 16:25 . 2010-07-02 20:22 -------- d-----w- c:\documents and settings\User\Application Data\Tor 2010-06-24 16:25 . 2010-07-02 20:22 -------- d-----w- c:\documents and settings\User\Application Data\Vidalia 2010-06-24 16:25 . 2010-06-24 16:25 -------- d-----w- c:\program files\Vidalia Bundle . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 22:27 . 2009-01-21 02:21 -------- d-----w- c:\program files\VisualSVN Server 2010-07-21 22:12 . 2008-12-18 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-07-21 00:28 . 2009-03-25 02:54 -------- d-----w- c:\documents and settings\User\Application Data\Audacity 2010-07-17 23:21 . 2010-03-10 17:36 -------- d-----w- c:\program files\Sophos 2010-07-17 19:28 . 2010-07-17 19:28 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-17 17:00 . 2010-06-14 22:41 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink 2010-07-17 00:23 . 2010-06-09 01:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-16 23:53 . 2009-01-05 17:41 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2010-07-15 02:15 . 2010-07-15 02:15 717671 ----a-w- c:\documents and settings\User\Application Data\regsdkrl32\regsdkrl13.exe 2010-07-04 19:19 . 2010-06-17 17:13 -------- d-----w- c:\program files\Songbird 2010-07-01 18:37 . 2008-08-14 14:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys 2010-06-29 20:42 . 2009-01-05 17:41 -------- d-----w- c:\program files\uTorrent 2010-06-26 00:04 . 2010-06-26 00:04 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-06-25 22:56 . 2009-11-02 02:04 8 ----a-w- c:\windows\system32\nvModes.dat 2010-06-24 16:27 . 2010-03-09 19:05 439816 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.10\setup.exe 2010-06-21 16:58 . 2010-06-21 16:58 -------- d-----w- c:\program files\Vimeo Uploader 2010-06-21 16:43 . 2010-06-09 02:04 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-21 16:43 . 2010-06-21 16:46 53632 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-17 21:50 . 2008-12-18 18:50 -------- d-----w- c:\program files\aTunes 2010-06-17 17:29 . 2010-06-17 17:29 -------- d-----w- c:\documents and settings\User\Application Data\Songbird2 2010-06-15 01:52 . 2010-06-15 01:52 503808 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\msvcp71.dll 2010-06-15 01:52 . 2010-06-15 01:52 499712 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\jmc.dll 2010-06-15 01:52 . 2010-06-15 01:52 348160 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3f89c640-n\msvcr71.dll 2010-06-15 01:52 . 2010-06-15 01:52 12800 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529a7fce-n\decora-d3d.dll 2010-06-15 01:52 . 2010-06-15 01:52 61440 ----a-w- c:\documents and settings\Employee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-529a7fce-n\decora-sse.dll 2010-06-14 22:41 . 2010-06-14 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2010-06-14 22:38 . 2008-12-13 23:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-14 22:37 . 2010-06-14 22:36 -------- d-----w- c:\program files\Cyberlink 2010-06-14 22:36 . 2010-06-14 22:36 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe 2010-06-14 22:24 . 2010-06-14 22:24 -------- d-----w- c:\documents and settings\Employee\Application Data\ArcSoft 2010-06-14 22:24 . 2008-12-20 19:03 28608 ----a-w- c:\documents and settings\Employee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-14 14:31 . 2008-12-13 23:05 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-11 23:36 . 2009-01-16 23:15 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\sysprs7.dll 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\clauth2.dll 2010-06-11 18:04 . 2010-06-11 18:04 1025 ----a-w- c:\windows\system32\clauth1.dll 2010-06-11 18:04 . 2010-06-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software 2010-06-09 22:06 . 2008-12-15 19:26 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-09 21:59 . 2010-06-09 21:59 -------- d-----w- c:\documents and settings\User\Application Data\vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1 2010-06-09 19:30 . 2010-06-09 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-09 19:15 . 2008-12-13 23:36 28608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-09 18:56 . 2010-06-09 18:56 -------- d-----w- c:\documents and settings\User\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 2010-06-09 18:56 . 2010-06-09 18:56 -------- d-----w- c:\program files\AdobeSupportAdvisor 2010-06-09 18:20 . 2010-06-09 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2010-06-09 16:29 . 2010-06-09 16:29 -------- d-----w- c:\program files\Adobe Media Player 2010-06-09 16:10 . 2010-06-09 16:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-06-09 01:08 . 2009-01-01 20:29 -------- d-----w- c:\documents and settings\User\Application Data\Sony 2010-06-09 01:03 . 2009-01-01 20:26 -------- d-----w- c:\program files\Sony 2010-06-09 01:02 . 2009-01-01 20:20 -------- d-----w- c:\program files\Sony Setup 2010-06-09 00:39 . 2010-06-17 18:09 704512 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\msc@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMSCDevice.dll 2010-06-09 00:37 . 2010-06-03 16:18 -------- d-----w- c:\documents and settings\User\Application Data\ArcSoft 2010-06-09 00:37 . 2010-06-03 16:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft 2010-06-09 00:36 . 2010-06-03 16:27 -------- d-----w- c:\program files\Common Files\ArcSoft 2010-06-09 00:30 . 2010-06-17 17:13 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-09 00:30 . 2010-06-17 17:13 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2010-06-04 02:03 . 2009-02-17 20:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-03 16:27 . 2010-06-03 16:27 -------- d-----w- c:\program files\Kodak 2010-05-23 00:14 . 2010-05-23 00:14 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\msvcp71.dll 2010-05-23 00:14 . 2010-05-23 00:14 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\jmc.dll 2010-05-23 00:14 . 2010-05-23 00:14 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6cffc76e-n\msvcr71.dll 2010-05-23 00:14 . 2010-05-23 00:14 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-157dba78-n\decora-sse.dll 2010-05-23 00:14 . 2010-05-23 00:14 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-157dba78-n\decora-d3d.dll 2010-05-21 21:14 . 2009-10-09 18:50 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 00:30 . 2010-06-17 18:09 282624 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll 2010-05-10 00:30 . 2010-06-17 18:09 110592 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll 2010-05-10 00:30 . 2010-06-17 18:09 872448 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\mtp@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMTPWin32.dll 2010-05-10 00:28 . 2010-06-17 18:09 13312 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGracenoteStub.dll 2010-05-10 00:28 . 2010-06-17 18:09 571904 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_sdkmanager.dll 2010-05-10 00:28 . 2010-06-17 18:09 154624 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_search.dll 2010-05-10 00:28 . 2010-06-17 18:09 114688 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_link.dll 2010-05-10 00:28 . 2010-06-17 18:09 81920 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGracenote.dll 2010-05-10 00:28 . 2010-06-17 18:09 81408 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_musicid_cd.dll 2010-05-10 00:28 . 2010-06-17 18:09 13312 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGearworksStub.dll 2010-05-10 00:28 . 2010-06-17 18:09 65536 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGearworksCD.dll 2010-05-10 00:28 . 2010-06-17 18:09 394600 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwrks32.dll 2010-05-10 00:28 . 2010-06-17 18:09 3573096 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gearaw32.dll 2010-05-10 00:28 . 2010-06-17 18:09 238952 ----a-w- c:\documents and settings\User\Application Data\Songbird2\Profiles\3ni0hwu8.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwlangen.dll 2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-05 23:05 . 2010-05-05 23:05 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\msvcp71.dll 2010-05-05 23:05 . 2010-05-05 23:05 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\jmc.dll 2010-05-05 23:05 . 2010-05-05 23:05 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b72f3b8-n\msvcr71.dll 2010-05-05 23:05 . 2010-05-05 23:05 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-495447ae-n\decora-sse.dll 2010-05-05 23:05 . 2010-05-05 23:05 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-495447ae-n\decora-d3d.dll 2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2002-09-11 14:26 . 2009-02-18 03:38 63730 ------w- c:\program files\viewsonicinstruct_xp.pdf 2009-12-05 23:05 . 2008-12-19 05:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2009-10-23 1171784] "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2009-08-13 2684200] "regsdkrl32"="c:\documents and settings\User\Application Data\regsdkrl32\regsdkrl13.exe" [2010-07-15 717671] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "DeltTray"="DeltTray.exe" [2002-12-06 56320] "D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-13 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-07-01 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264] c:\documents and settings\Employee\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2009-7-24 6574687] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\aTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VisualSVN Server\\bin\\VisualSVNServer.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\IBP 11\\IBP.exe"= "c:\\Program Files\\Brother\\Brmfl08g\\FAXRX.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server "42234:TCP"= 42234:TCP:Tor "42235:TCP"= 42235:TCP:Tor2 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/17/2010 9:09 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/17/2010 9:09 AM 17744] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [6/8/2010 5:35 PM 36224] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/18/2008 9:42 PM 57376] S2 gupdate1c961977cf66bd0;Google Update Service (gupdate1c961977cf66bd0);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2008 10:06 PM 133104] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [12/18/2008 9:42 PM 547744] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys --> c:\windows\system32\DRIVERS\deltaII.sys [?] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2008 10:01 PM 30192] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [12/18/2008 9:42 PM 352338] S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [5/19/2009 10:42 PM 12288] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/13/2008 4:29 PM 222976] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [6/8/2010 5:35 PM 134912] --- Other Services/Drivers In Memory --- *Deregistered* - ArcRec . Contents of the 'Scheduled Tasks' folder 2010-07-20 c:\windows\Tasks\Areca back up.job - c:\documents and settings\User\backup.bat [2009-01-03 20:28] 2010-07-06 c:\windows\Tasks\GBM - Back-up-2010-Full.job - c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2009-11-12 13:27] 2010-07-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 05:28] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 12:51] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 12:51] 2010-07-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20] 2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{734A11C6-048D-440C-8716-169B76AF0734}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sneakerscomputers.com/start IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\abijm2bk.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) HKLM-Run-ssttursys - rqppmm.dll HKLM-Run-jkjkjkdrv - hgfcdc.dll HKU-Default-Run-wvwurpsys - rqppmm.dll HKU-Default-Run-ssrsrpdrv - hgfcdc.dll Notify-AtiExtEvent - (no file) AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-21 15:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f4,6f,4f,a9,cf,2f,e7,e9,ad,05,dd,66,30,b1,3e,9a,23,6e,0d,f5,bc, b0,47,ab,11,aa,6f,ff,3c,1e,22,65,fd,8e,05,62,50,c0,08,26,71,6e,e1,8d,59,e9,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f4,6f,4f,a9,cf,2f,e7,e9,ad,05,dd,66,30,b1,3e,9a,23,6e,0d,f5,bc, b0,47,ab,11,aa,6f,ff,3c,1e,22,65,fd,8e,05,62,50,c0,08,26,71,6e,e1,8d,59,e9,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3440) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe c:\program files\Photodex\ProShowGold\ScsiAccess.exe c:\windows\system32\DeltTray.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2010-07-21 15:44:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-21 22:44 Pre-Run: 120,913,842,176 bytes free Post-Run: 120,874,672,128 bytes free - - End Of File - - 91161DA24FFC92D3B531667A1A2316D8
  5. Hi, I have followed some of the other posts that had problems with the Vundo removal so I worked ahead. I hope you can help me. I hope I didn't forget anything, thanks in advance! DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 16:14:21.98 on Mon 07/19/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2794 [GMT -7:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\DeltTray.exe C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe C:\Documents and Settings\User\Application Data\regsdkrl32\regsdkrl13.exe C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\User\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.sneakerscomputers.com/start BHO: {074c1dc5-9320-4a9a-947d-c042949c6216} - ContributeBHO Class BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup uRun: [AdobeBridge] uRun: [regsdkrl32] c:\documents and settings\user\application data\regsdkrl32\regsdkrl13.exe uRun: [fccyabdrv] rundll32.exe "hgfcdc.dll",s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [DeltTray] DeltTray.exe mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [rqpnlldrv] rundll32.exe "hgfcdc.dll",s mRun: [ssttursys] rundll32.exe "rqppmm.dll",DllRegisterServer dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [wvwurpsys] rundll32.exe "rqppmm.dll",DllRegisterServer StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll LSA: Authentication Packages = msv1_0 rqppmm.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\abijm2bk.default\ FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\photodex presenter\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-17 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-17 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-17 40384] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064] R2 VisualSVNServer;VisualSVN Server;c:\program files\visualsvn server\httpd-wrapper.bat [2008-10-10 172] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-6-8 36224] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-12-18 57376] S2 gupdate1c961977cf66bd0;Google Update Service (gupdate1c961977cf66bd0);c:\program files\google\update\GoogleUpdate.exe [2008-12-18 133104] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2008-12-18 547744] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-17 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-17 40384] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-18 30192] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\rangebooster g wda-2320\jswutil\jswpsapi.exe [2008-12-18 352338] S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2009-5-19 12288] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-13 222976] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-6-8 134912] =============== Created Last 30 ================ 2010-07-19 23:00:47 0 d-----w- C:\1da461a0591a2016d3c019bae0c5 2010-07-17 22:42:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-17 22:42:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-17 22:42:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-17 22:38:50 0 d--h--w- c:\windows\PIF 2010-07-17 22:28:02 0 d-----w- c:\program files\CleanUp! 2010-07-17 22:23:32 0 d-----w- c:\program files\common files\Little Registry Cleaner 2010-07-17 22:23:02 0 d-----w- c:\program files\Little Registry Cleaner 2010-07-17 22:20:14 0 d-----w- C:\cmdcons 2010-07-17 22:17:51 98816 ----a-w- c:\windows\sed.exe 2010-07-17 22:17:51 77312 ----a-w- c:\windows\MBR.exe 2010-07-17 22:17:51 256512 ----a-w- c:\windows\PEV.exe 2010-07-17 22:17:51 161792 ----a-w- c:\windows\SWREG.exe 2010-07-17 22:17:41 0 d-s---w- C:\ComboFix 2010-07-17 20:39:09 0 d--h--w- C:\WindowsLiveSyncTemp 2010-07-17 19:28:42 0 d-----w- c:\program files\Trend Micro 2010-07-17 16:09:06 38848 ----a-w- c:\windows\avastSS.scr 2010-07-17 16:09:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-07-17 00:32:03 94720 ---ha-w- c:\windows\system32\xxywtu.dll 2010-07-17 00:21:46 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes 2010-07-17 00:21:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-15 02:20:37 94208 ---ha-w- c:\windows\system32\hgfcdc.dll 2010-07-15 02:18:10 0 d-----w- c:\program files\Photodex Presenter 2010-07-15 02:18:01 0 d-----w- c:\program files\Photodex 2010-07-15 02:15:45 0 d-----w- c:\docume~1\user\applic~1\Photodex 2010-07-15 02:15:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Photodex 2010-07-15 02:15:41 0 d-----w- c:\docume~1\user\applic~1\regsdkrl32 2010-07-15 02:15:39 2 ----a-w- c:\documents and settings\user\tenmy.ini 2010-07-15 02:15:36 140288 ----a-w- c:\windows\system32\pcre3.dll 2010-07-15 02:15:34 68096 ---ha-w- c:\windows\system32\rqppmm.dll 2010-07-15 02:15:33 717671 ----a-w- c:\documents and settings\user\regsdkrl13.exe 2010-06-24 16:25:33 0 d-----w- c:\docume~1\user\applic~1\Tor 2010-06-24 16:25:30 0 d-----w- c:\program files\Vidalia Bundle 2010-06-21 16:58:09 0 d-----w- c:\program files\Vimeo Uploader ==================== Find3M ==================== 2010-07-01 18:37:12 73312 ----a-w- c:\windows\system32\drivers\adfs.sys 2010-06-09 00:30:22 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-09 00:30:22 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2002-09-11 14:26:52 63730 ------w- c:\program files\viewsonicinstruct_xp.pdf ============= FINISH: 16:14:36.04 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-20 09:00:10 Windows 5.1.2600 Service Pack 3 Running: 5rdi26oh.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kwpyrfow.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF79AA138] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xF4 0x6F 0x4F 0xA9 ... ---- EOF - GMER 1.0.15 ---- Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.