Jump to content

Almost every application is not a vaild win32 application..


Recommended Posts

have run sfc /scannow but after restarting the com the error appear again...

malwarebytes / combofix cant be run because of the error.

ran sfc /scannow again and was again able to run malwarebytes and hijackthis the log below..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:27:00 AM, on 2/18/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\My Documents\Downloads\ComboFix.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Java\jre6\launch4j-tmp\frd.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.sg.yahoo.com/?p=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1247417385734

O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: McAfee Application Installer Cleanup (0054411261059908) (0054411261059908mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005441~1.EXE (file missing)

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe

--

End of file - 9175 bytes

Malwarebytes' Anti-Malware 1.44

Database version: 3754

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/18/2010 11:09:52 AM

mbam-log-2010-02-18 (11-09-52).txt

Scan type: Quick Scan

Objects scanned: 113621

Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Edited by Maurice Naggar
Merged into 1 single post
Link to post
Share on other sites

ComboFix 10-02-16.03 - Owner 02/18/2010 12:03:41.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.273 [GMT 8:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))

.

2010-02-18 02:25 . 2010-02-18 02:57 -------- dc----w- c:\windows\LastGood

2010-02-17 16:36 . 2008-04-13 21:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-02-17 16:36 . 2001-08-17 14:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-02-17 16:36 . 2008-04-13 21:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-02-17 16:36 . 2001-08-17 14:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-02-17 16:36 . 2001-08-17 14:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-02-17 16:36 . 2001-08-17 14:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-02-17 16:36 . 2001-08-17 04:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-02-17 16:35 . 2008-04-13 14:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-02-17 16:35 . 2008-04-13 16:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-02-17 16:35 . 2008-04-13 14:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-02-17 16:35 . 2008-04-13 21:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-02-17 16:35 . 2008-04-13 16:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-02-17 16:35 . 2008-04-13 14:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-02-17 16:35 . 2001-08-17 04:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-02-17 16:35 . 2001-08-17 05:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2010-02-17 16:35 . 2001-08-17 14:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2010-02-17 16:35 . 2001-08-17 05:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2010-02-17 16:35 . 2008-04-13 16:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2010-02-17 16:35 . 2008-04-13 14:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2010-02-17 16:33 . 2001-08-17 05:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-02-17 16:32 . 2001-08-17 14:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-02-17 16:31 . 2001-08-17 06:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-02-17 16:31 . 2001-08-17 06:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-02-17 16:31 . 2001-08-17 04:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-02-17 16:31 . 2001-08-17 04:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-02-17 16:31 . 2001-08-17 04:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-02-17 16:31 . 2001-08-17 06:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-02-17 16:31 . 2008-04-13 16:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-02-17 16:31 . 2001-08-17 04:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-02-17 16:31 . 2001-08-17 04:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-02-17 16:31 . 2001-08-17 05:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-02-17 16:31 . 2001-08-17 05:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2010-02-17 16:31 . 2001-08-17 04:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-02-17 16:29 . 2001-08-17 04:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-02-17 16:28 . 2008-04-13 16:06 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys

2010-02-17 16:27 . 2001-08-17 04:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2010-02-17 16:26 . 2001-08-17 06:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2010-02-17 16:25 . 2008-04-13 15:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys

2010-02-17 16:24 . 2001-08-17 14:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll

2010-02-17 16:23 . 2001-08-17 06:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys

2010-02-17 16:23 . 2001-08-17 06:07 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys

2010-02-17 16:23 . 2008-04-13 13:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys

2010-02-17 16:23 . 2001-08-17 14:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe

2010-02-17 16:23 . 2001-08-17 04:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys

2010-02-17 16:23 . 2001-08-17 04:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys

2010-02-17 16:23 . 2001-08-17 04:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys

2010-02-17 16:23 . 2001-08-17 04:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys

2010-02-17 16:23 . 2008-04-13 14:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys

2010-02-17 16:23 . 2001-08-17 04:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys

2010-02-17 16:21 . 2008-04-13 15:53 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys

2010-02-17 16:20 . 2001-08-17 06:56 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll

2010-02-17 16:19 . 2001-08-17 06:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2010-02-17 16:18 . 2001-08-17 04:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2010-02-17 16:17 . 2008-04-13 16:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-02-17 16:16 . 2001-08-17 06:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2010-02-17 16:15 . 2001-08-17 05:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys

2010-02-17 16:14 . 2001-08-17 06:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll

2010-02-17 16:13 . 2001-08-17 05:28 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys

2010-02-17 16:12 . 2001-08-17 05:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys

2010-02-17 16:11 . 2001-08-17 05:52 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys

2010-02-17 16:10 . 2001-08-17 06:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys

2010-02-17 16:09 . 2001-08-17 04:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys

2010-02-17 16:08 . 2001-08-17 04:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2010-02-17 16:07 . 2001-08-17 06:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-02-15 05:54 . 2010-01-21 12:48 84912 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\NAVENG.SYS

2010-02-15 05:54 . 2010-01-21 12:48 177520 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\NAVENG32.DLL

2010-02-15 05:54 . 2010-01-21 12:48 1647984 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\NAVEX32A.DLL

2010-02-15 05:54 . 2010-01-21 12:48 1323568 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\NAVEX15.SYS

2010-02-15 05:54 . 2010-01-21 12:48 371248 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\EECTRL.SYS

2010-02-15 05:54 . 2010-01-21 12:48 2747440 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\CCERASER.DLL

2010-02-15 05:54 . 2010-01-21 12:48 259440 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\ECMSVR32.DLL

2010-02-15 05:54 . 2010-01-21 12:48 102448 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100214.004\ERASER.SYS

2010-02-10 08:48 . 2010-02-10 08:51 -------- dc----w- c:\program files\NextLink

2010-02-10 08:38 . 2008-03-21 05:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll

2010-02-10 08:31 . 2010-02-10 08:24 25512 -c--a-w- c:\windows\system32\drivers\ggsemc.sys

2010-02-10 08:31 . 2010-02-10 08:24 13224 -c--a-w- c:\windows\system32\drivers\ggflt.sys

2010-02-10 08:31 . 2010-02-10 08:24 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-02-10 08:26 . 2010-02-10 08:24 27632 -c--a-w- c:\windows\system32\drivers\seehcri.sys

2010-02-10 08:22 . 2010-02-10 08:22 -------- dc----w- c:\program files\Sony Ericsson

2010-01-29 14:43 . 2004-01-25 16:18 217088 -c--a-w- c:\windows\system32\yv12vfw.dll

2010-01-29 14:43 . 2009-05-29 21:31 881664 -c--a-w- c:\windows\system32\xvidcore.dll

2010-01-29 14:43 . 2009-05-29 21:37 205824 -c--a-w- c:\windows\system32\xvidvfw.dll

2010-01-29 14:43 . 2010-01-05 18:00 85504 -c--a-w- c:\windows\system32\ff_vfw.dll

2010-01-25 09:01 . 2009-12-12 14:15 178176 -c--a-w- c:\windows\system32\unrar.dll

2010-01-25 04:31 . 2010-01-25 04:31 -------- dc----w- c:\documents and settings\Owner\Application Data\AVI ReComp

2010-01-25 04:05 . 2010-01-25 04:28 -------- dc----w- c:\program files\Gabest

2010-01-25 04:04 . 2010-01-25 04:28 -------- dc----w- c:\program files\AviSynth 2.5

2010-01-25 04:03 . 2010-01-25 04:29 -------- dc----w- c:\program files\AVI ReComp

2010-01-25 03:40 . 2010-01-25 04:51 -------- dc----w- c:\documents and settings\Owner\Application Data\avidemux

2010-01-25 03:35 . 2010-01-29 15:27 -------- dc----w- c:\program files\Avidemux 2.5

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-18 03:30 . 2009-07-19 13:11 117760 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-17 16:49 . 2009-07-14 13:59 -------- dc----w- c:\program files\Common Files\Adobe

2010-02-17 12:33 . 2009-07-22 14:31 -------- dc----w- c:\program files\a-squared Anti-Malware

2010-02-10 08:46 . 2009-07-14 13:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-02-10 08:38 . 2010-02-10 08:38 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2010-02-10 08:38 . 2010-02-10 08:38 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-02-08 13:12 . 2009-09-29 15:47 -------- dc----w- c:\program files\Driver Magician

2010-02-04 15:54 . 2009-07-13 12:47 -------- dc----w- c:\program files\Lexmark X1100 Series

2010-01-29 14:53 . 2009-11-10 22:36 -------- dc----w- c:\program files\K-Lite Codec Pack

2010-01-25 08:52 . 2009-07-12 17:08 -------- dc----w- c:\program files\Microsoft Silverlight

2010-01-12 15:41 . 2010-01-12 15:41 52224 -c--a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-12 15:37 . 2009-07-19 13:10 -------- dc----w- c:\program files\SUPERAntiSpyware

2010-01-08 18:03 . 2009-07-14 07:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton

2010-01-08 18:00 . 2009-12-13 04:18 -------- dc----w- c:\program files\Symantec

2010-01-08 18:00 . 2009-12-13 04:18 805 -c--a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-01-08 18:00 . 2009-12-13 04:18 7443 -c--a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-01-08 18:00 . 2009-12-13 04:18 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL

2010-01-08 18:00 . 2009-12-13 04:18 124976 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-01-08 17:34 . 2009-07-14 07:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-08 16:29 . 2009-08-05 13:13 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-07 08:07 . 2009-07-14 07:17 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 08:07 . 2009-07-14 07:17 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:50 . 2008-04-14 12:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:14 . 2008-04-14 12:00 916480 -c--a-w- c:\windows\system32\wininet.dll

2009-12-17 07:13 . 2010-01-08 18:00 893296 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll

2009-12-16 18:43 . 2009-03-08 08:28 343040 -c--a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2008-04-14 12:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll

2009-12-10 03:16 . 2010-01-08 18:03 784752 -c--a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

2009-12-08 19:26 . 2008-04-14 12:00 2145280 -c--a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2008-04-14 00:01 2023936 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-08 02:21 . 2010-01-08 18:00 1117040 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\hsplayer.dll

2009-12-05 07:25 . 2010-01-08 17:59 610704 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\bbRGen.dll

2009-12-05 07:25 . 2010-01-08 17:59 201616 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHRules.dll

2009-12-05 07:25 . 2010-01-08 17:59 1405840 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHEngine.dll

2009-12-04 18:22 . 2008-04-14 12:00 455424 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-27 17:11 . 2008-04-14 12:00 1291776 -c--a-w- c:\windows\system32\quartz.dll

2009-11-27 17:11 . 2008-04-14 05:42 17920 -c--a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:07 . 2008-04-14 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07 . 2001-08-17 22:36 8704 -c--a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07 . 2008-04-14 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07 . 2008-04-14 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:07 . 2008-04-14 05:41 48128 -c--a-w- c:\windows\system32\iyuv_32.dll

2009-11-26 06:40 . 2010-01-08 18:00 529456 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys

2009-11-26 06:40 . 2010-01-08 18:00 668720 -c--a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx64.sys

2009-11-21 15:51 . 2008-04-14 12:00 471552 -c--a-w- c:\windows\AppPatch\aclayers.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2010-02-17 3347784]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-11 05:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk

backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-21 17:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

2006-08-07 02:06 700416 -c----w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-07-13 01:08 133104 -c--atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 03:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

2003-08-19 14:43 57344 -c--a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 17:54 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

2009-06-05 02:58 53248 -c--a-w- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-11-10 10:32 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-01-12 15:37 2002160 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0400000.07F\SymDS.sys [1/9/2010 2:00 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0400000.07F\SymEFA.sys [1/9/2010 2:00 AM 172592]

R1 a2injectiondriver;a2injectiondriver;c:\program files\a-squared Anti-Malware\a2dix86.sys [2/13/2010 5:16 PM 36056]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\a-squared Anti-Malware\a2util32.sys [2/13/2010 5:16 PM 9328]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [1/9/2010 2:00 AM 529456]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0400000.07F\cchpx86.sys [1/9/2010 2:00 AM 501888]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0400000.07F\Ironx86.sys [1/9/2010 2:00 AM 116272]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [7/22/2009 10:31 PM 1914984]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2009 3:17 PM 236368]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/12/2009 9:02 PM 93320]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe [1/9/2010 1:59 AM 126392]

R3 a2acc;a2acc;c:\program files\a-squared Anti-Malware\a2accx86.sys [2/13/2010 5:16 PM 67720]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/15/2009 1:28 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [1/9/2010 2:00 AM 329592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2009 3:17 PM 19160]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2/10/2010 4:26 PM 27632]

S2 0054411261059908mcinstcleanup;McAfee Application Installer Cleanup (0054411261059908);c:\windows\TEMP\005441~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\005441~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [7/19/2009 5:43 PM 45696]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/19/2009 6:16 PM 1684736]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2/10/2010 4:31 PM 13224]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [10/29/2009 6:31 PM 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [10/29/2009 6:31 PM 79104]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [7/19/2009 5:43 PM 56960]

.

Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1993962763-1801674531-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 01:08]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1993962763-1801674531-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 01:08]

2010-02-17 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-14 08:07]

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{4EFC2657-3C4A-402E-935C-B5FF45C2FB78}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sg.yahoo.com/

uInternet Settings,ProxyServer = proxy.singnet.com.sg:8080

uInternet Settings,ProxyOverride = <local>

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-18 12:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.0.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1276)

c:\windows\system32\WININET.dll

c:\program files\a-squared Anti-Malware\a2hooks32.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\WS2HELP.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-02-18 12:15:04

ComboFix-quarantined-files.txt 2010-02-18 04:14

Pre-Run: 44,755,288,064 bytes free

Post-Run: 44,710,305,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 77DD9BEB0BDF246EEBCBDC5565BD833A

Link to post
Share on other sites

  • 2 weeks later...

Hello Rainbow1112,

Have you resolved your issues ? Please advise.

If you have not, and you need guided help here, do the following:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.