Jump to content

Really need some help with Combo Fix


Recommended Posts

THNK YOU!! Here is the log

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

.

Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-19 18:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3456)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-07-19 18:13:24

ComboFix-quarantined-files.txt 2010-07-19 22:13

ComboFix2.txt 2010-07-19 17:35

ComboFix3.txt 2009-11-17 21:19

Pre-Run: 165,762,002,944 bytes free

Post-Run: 165,743,779,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 3810C571F21001F0240E4092DEC4528E

Link to post
Share on other sites

HERE IS DDS LOG

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 18:31:34.98 on Mon 07/19/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.258 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\PD6000SM.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\zHotkey.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PD6000StatusMonitor] c:\windows\system32\PD6000SM.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HostManager] c:\program files\common files\aol\1155222575\ee\AOLHostManager.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CHotkey] zHotkey.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_02\bin\jusched.exe"

StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-22 93320]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-10 30192]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

=============== Created Last 30 ================

2010-07-19 22:03:37 0 d-sha-r- C:\cmdcons

2010-07-19 17:09:40 77312 ----a-w- c:\windows\MBR.exe

2010-07-19 15:33:26 49265 ----a-w- c:\windows\system32\jpicpl32.cpl

2010-07-19 04:04:58 38848 ----a-w- c:\windows\avastSS.scr

2010-07-18 15:44:37 0 d-----w- C:\spoolerlogs

2010-07-18 15:43:18 16384 ----a-w- c:\windows\~DF3978.tmp

2010-07-11 04:26:42 0 d-----w- c:\docume~1\owner~1.you\applic~1\MSNInstaller

==================== Find3M ====================

2010-07-19 06:13:47 28078 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat

2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe

2008-04-25 14:36:55 449784 ----a-w- c:\program files\msgr8us.exe

1998-02-10 23:34:48 128000 ----a-w- c:\program files\UNWISE.EXE

2009-11-06 16:05:24 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-11-17 22:00:41 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2008-12-03 02:11:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

2009-11-09 19:58:04 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 18:32:18.87 ===============

Link to post
Share on other sites

Sorry here is the whole log

ComboFix 10-07-18.05 - Owner 07/19/2010 13:21:03.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.579 [GMT -4:00]

Running from: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\-1663827251

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\GoToAssistDownloadHelper.exe

c:\windows\igeyogovi.dll

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\29358.exe

c:\windows\system32\491.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\logs

c:\windows\system32\logs\Settings.dat

c:\windows\Tasks\fzvlzcog.job

c:\windows\uvebuhog.dll

c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\sym_u3.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))

.

2010-07-19 04:05 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-07-19 04:05 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-07-19 04:05 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-07-19 04:05 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-07-19 04:05 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-07-19 04:05 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-07-19 04:05 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-07-19 04:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-07-19 04:04 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-07-18 15:44 . 2010-07-18 15:44 -------- d-----w- C:\spoolerlogs

2010-07-18 15:40 . 2010-07-18 15:59 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\tvejivncc

2010-07-11 04:26 . 2010-07-11 04:26 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\MSNInstaller

2010-06-24 16:32 . 2010-06-24 17:04 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\rldxfmitr

2010-06-19 23:52 . 2010-06-20 03:19 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\wcvtywynm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-19 06:13 . 2006-10-23 14:48 28078 ----a-w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\wklnhst.dat

2010-07-18 15:43 . 2010-07-18 15:43 16384 ----a-w- c:\windows\~DF3978.tmp

2010-06-22 21:44 . 2010-02-18 12:32 419776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-06-22 03:31 . 2010-01-20 04:34 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\ZoomBrowser EX

2010-06-15 04:16 . 2009-09-23 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-10 22:59 . 2006-08-10 15:09 -------- d-----w- c:\program files\America Online 9.0

2010-05-27 05:45 . 2010-03-02 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-29 19:39 . 2010-03-02 04:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-03-02 04:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-04-25 14:36 . 2008-04-25 14:36 449784 ----a-w- c:\program files\msgr8us.exe

1998-02-10 23:34 . 2007-01-13 20:26 128000 ----a-w- c:\program files\UNWISE.EXE

.

((((((((((((((((((((((((((((( SnapShot@2009-11-17_21.06.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

- 2006-06-17 09:23 . 2009-11-05 08:22 72108 c:\windows\system32\perfc009.dat

+ 2006-06-17 09:23 . 2010-06-20 14:54 72108 c:\windows\system32\perfc009.dat

- 2006-08-10 15:24 . 2008-09-08 17:19 16105 c:\windows\system32\Lang\TradChin.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 16105 c:\windows\system32\Lang\TradChin.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 20305 c:\windows\system32\Lang\Thai.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 20305 c:\windows\system32\Lang\Thai.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 22252 c:\windows\system32\Lang\SWEDISH.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 22252 c:\windows\system32\Lang\SWEDISH.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 25526 c:\windows\system32\Lang\Spanish.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 25526 c:\windows\system32\Lang\Spanish.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 15224 c:\windows\system32\Lang\SimChin.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 15224 c:\windows\system32\Lang\SimChin.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 24205 c:\windows\system32\Lang\Russian.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 24205 c:\windows\system32\Lang\Russian.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 24139 c:\windows\system32\Lang\Portuguese.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 24139 c:\windows\system32\Lang\Portuguese.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 23011 c:\windows\system32\Lang\Portuguese(Brazil).bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 23011 c:\windows\system32\Lang\Portuguese(Brazil).bin

- 2006-08-10 15:24 . 2008-09-08 17:19 22098 c:\windows\system32\Lang\Polish.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 22098 c:\windows\system32\Lang\Polish.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 18617 c:\windows\system32\Lang\Korean.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 18617 c:\windows\system32\Lang\Korean.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 22506 c:\windows\system32\Lang\Japanese.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 22506 c:\windows\system32\Lang\Japanese.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 25297 c:\windows\system32\Lang\Italian.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 25297 c:\windows\system32\Lang\Italian.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 22982 c:\windows\system32\Lang\Greek.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 22982 c:\windows\system32\Lang\Greek.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 23724 c:\windows\system32\Lang\German.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 23724 c:\windows\system32\Lang\German.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 25175 c:\windows\system32\Lang\French.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 25175 c:\windows\system32\Lang\French.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 20429 c:\windows\system32\Lang\English.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 20429 c:\windows\system32\Lang\English.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 23657 c:\windows\system32\Lang\Dutch.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 23657 c:\windows\system32\Lang\Dutch.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 22368 c:\windows\system32\Lang\Danish.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 22368 c:\windows\system32\Lang\Danish.bin

+ 2006-08-10 15:24 . 2009-11-23 16:42 19713 c:\windows\system32\Lang\Arabic.bin

- 2006-08-10 15:24 . 2008-09-08 17:19 19713 c:\windows\system32\Lang\Arabic.bin

+ 2008-09-07 18:21 . 2005-03-04 09:07 49250 c:\windows\system32\javaw.exe

+ 2008-09-07 18:21 . 2005-03-04 09:06 49248 c:\windows\system32\java.exe

+ 2007-10-09 18:13 . 2007-10-09 18:13 38144 c:\windows\system32\drivers\EAPPkt.sys

+ 2009-11-17 21:59 . 2009-11-17 21:59 21035 c:\windows\system32\drivers\AegisP.sys

+ 2004-08-04 06:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys

+ 2006-08-10 15:12 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys

+ 2009-11-17 21:09 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe

+ 2009-11-17 21:09 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe

+ 2009-11-17 21:09 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe

+ 2009-11-17 21:09 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe

+ 2009-11-17 21:09 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll

+ 2009-11-17 21:09 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe

+ 2009-11-17 21:09 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll

+ 2009-11-17 21:09 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys

+ 2009-11-17 21:09 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys

+ 2009-11-17 21:09 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe

+ 2009-11-17 21:09 . 2004-08-10 19:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys

- 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-11-09 16:57 . 2009-11-17 21:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat

+ 2009-11-09 16:57 . 2009-11-17 22:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat

- 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-09-08 16:54 . 2005-07-14 15:48 40960 c:\windows\system32\ChCfg.exe

- 2008-09-08 16:54 . 2005-07-14 14:48 40960 c:\windows\system32\ChCfg.exe

+ 2009-11-17 21:58 . 2009-11-17 21:58 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe

+ 2009-11-17 21:58 . 2009-11-17 21:58 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe

- 2008-09-08 16:53 . 2005-05-02 16:43 69632 c:\windows\Alcmtr.exe

+ 2009-11-19 04:26 . 2005-05-02 17:43 69632 c:\windows\ALCMTR.EXE

+ 2006-08-10 15:12 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll

+ 2009-11-17 21:09 . 2004-08-10 19:00 2944 c:\windows\system32\dllcache\cache\null.sys

+ 2009-11-17 21:09 . 2004-08-10 19:00 4224 c:\windows\system32\dllcache\cache\beep.sys

+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2004-01-07 16:21 . 2004-01-07 15:21 237936 c:\windows\system32\unicows.dll

- 2004-01-07 16:21 . 2004-01-07 16:21 237936 c:\windows\system32\unicows.dll

+ 2006-10-11 20:05 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIRES.DLL

+ 2006-10-11 20:05 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIDRVUI.DLL

+ 2006-10-11 20:05 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIDRV.DLL

+ 2006-06-17 09:23 . 2010-06-20 14:54 444358 c:\windows\system32\perfh009.dat

- 2006-06-17 09:23 . 2009-11-05 08:22 444358 c:\windows\system32\perfh009.dat

+ 2008-09-07 18:21 . 2005-03-04 10:36 127078 c:\windows\system32\javaws.exe

+ 2007-12-28 20:02 . 2007-12-28 20:02 287232 c:\windows\system32\drivers\wg111v3.sys

+ 2004-03-16 17:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys

+ 2004-08-04 06:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys

+ 2009-11-17 21:09 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe

+ 2009-11-17 21:09 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\cache\wininet.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll

+ 2009-11-17 21:09 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys

+ 2009-11-17 21:09 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe

+ 2009-11-17 21:09 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll

+ 2009-11-17 21:09 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys

+ 2009-11-17 21:09 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll

+ 2009-11-17 21:09 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll

+ 2009-11-17 21:09 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll

+ 2009-11-17 21:09 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll

+ 2009-11-17 21:09 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll

+ 2009-11-17 21:09 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll

+ 2010-03-02 02:21 . 2010-03-02 02:21 219648 c:\windows\Installer\16ddf6.msi

+ 2009-02-26 03:32 . 2009-12-11 06:03 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe

- 2009-02-26 03:32 . 2009-02-26 03:32 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe

+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2009-11-17 21:09 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll

+ 2009-11-17 21:09 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe

+ 2009-11-17 21:09 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

+ 2009-11-17 21:09 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe

+ 2009-12-11 06:03 . 2009-12-11 06:03 3762688 c:\windows\Installer\2a05195d.msi

- 2008-09-08 16:53 . 2005-11-09 09:14 15473664 c:\windows\RTHDCPL.exe

+ 2008-09-08 16:53 . 2005-11-09 10:14 15473664 c:\windows\RTHDCPL.exe

+ 2009-11-17 21:56 . 2009-11-17 21:56 17638912 c:\windows\Downloaded Installations\{BBDA860C-E4CC-4246-93D2-7E1E7698BB91}\NETGEAR WG111v3 wireless USB 2.0 adapter.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7311360]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"PD6000StatusMonitor"="c:\windows\system32\PD6000SM.EXE" [2003-02-21 266240]

"nwiz"="nwiz.exe" [2005-11-30 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-30 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"HostManager"="c:\program files\Common Files\AOL\1155222575\EE\AOLHostManager.exe" [2004-11-03 125528]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"CHotkey"="zHotkey.exe" [2004-12-09 550912]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Start Menu\Programs\Startup\

HotSync Manager.LNK - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

.

Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

.

- - - - ORPHANS REMOVED - - - -

BHO-{7a367c32-8288-483f-8e4e-85a844d815a5} - bemadoko.dll

HKU-Default-Run-AntiVirus Plus - c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(680)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\zHotkey.exe

c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE

c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\windows\arservice.exe

c:\windows\RTHDCPL.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\windows\system32\ScsiAccess.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2010-07-19 13:35:19 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-19 17:35

ComboFix2.txt 2009-11-17 21:19

Pre-Run: 165,829,419,008 bytes free

Post-Run: 165,800,259,584 bytes free

- - End Of File - - C10F0C52032576C306A1086E9B85AA9D

Link to post
Share on other sites

Thank you again

Here is the MBAM Quick Scan log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4326

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

7/19/2010 9:11:26 PM

mbam-log-2010-07-19 (21-11-26).txt

Scan type: Quick scan

Objects scanned: 144387

Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select No.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Folder::

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\tvejivncc

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\rldxfmitr

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\wcvtywynm

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hi-

Here are the logs

ComboFix 10-07-19.05 - Owner 07/20/2010 14:01:13.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.409 [GMT -4:00]

Running from: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\rldxfmitr

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\tvejivncc

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\wcvtywynm

.

((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))

.

2010-07-19 22:41 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-07-19 22:40 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-19 22:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-07-19 04:05 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-07-19 04:05 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-07-19 04:05 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-07-19 04:05 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-07-19 04:05 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-07-19 04:05 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-07-19 04:05 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-07-19 04:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-07-19 04:04 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-07-18 15:44 . 2010-07-18 15:44 -------- d-----w- C:\spoolerlogs

2010-07-11 04:26 . 2010-07-11 04:26 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\MSNInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-20 01:20 . 2006-10-23 14:48 28078 ----a-w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\wklnhst.dat

2010-07-18 15:43 . 2010-07-18 15:43 16384 ----a-w- c:\windows\~DF3978.tmp

2010-06-22 03:31 . 2010-01-20 04:34 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\ZoomBrowser EX

2010-06-15 04:16 . 2009-09-23 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-14 14:31 . 2006-06-17 09:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 22:59 . 2006-08-10 15:09 -------- d-----w- c:\program files\America Online 9.0

2010-05-27 05:45 . 2010-03-02 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-04 17:20 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20 . 2009-09-10 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll

2010-05-02 05:22 . 2006-06-17 09:23 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 19:39 . 2010-03-02 04:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-03-02 04:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-04-25 14:36 . 2008-04-25 14:36 449784 ----a-w- c:\program files\msgr8us.exe

1998-02-10 23:34 . 2007-01-13 20:26 128000 ----a-w- c:\program files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7311360]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"PD6000StatusMonitor"="c:\windows\system32\PD6000SM.EXE" [2003-02-21 266240]

"nwiz"="nwiz.exe" [2005-11-30 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-30 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"HostManager"="c:\program files\Common Files\AOL\1155222575\EE\AOLHostManager.exe" [2004-11-03 125528]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"CHotkey"="zHotkey.exe" [2004-12-09 550912]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]

c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Start Menu\Programs\Startup\

HotSync Manager.LNK - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Palm\\HOTSYNC.EXE"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

.

Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-20 14:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-07-20 14:08:56

ComboFix-quarantined-files.txt 2010-07-20 18:08

ComboFix2.txt 2010-07-20 17:21

ComboFix3.txt 2010-07-20 05:16

ComboFix4.txt 2010-07-19 22:13

ComboFix5.txt 2010-07-20 17:54

Pre-Run: 164,272,013,312 bytes free

Post-Run: 164,249,165,824 bytes free

- - End Of File - - 01104DD23E0E4ED8AFABB684B9E3832B

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 14:13:05.42 on Tue 07/20/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.361 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\zHotkey.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PD6000StatusMonitor] c:\windows\system32\PD6000SM.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HostManager] c:\program files\common files\aol\1155222575\ee\AOLHostManager.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [CHotkey] zHotkey.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_02\bin\jusched.exe"

StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-22 93320]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-10 30192]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

=============== Created Last 30 ================

2010-07-20 17:05:55 98816 ----a-w- c:\windows\sed.exe

2010-07-20 17:05:55 77312 ----a-w- c:\windows\MBR.exe

2010-07-20 17:05:55 256512 ----a-w- c:\windows\PEV.exe

2010-07-20 17:05:55 161792 ----a-w- c:\windows\SWREG.exe

2010-07-19 22:41:04 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-07-19 22:40:46 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-19 22:39:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-07-19 22:03:37 0 d-sha-r- C:\cmdcons

2010-07-19 15:33:26 49265 ----a-w- c:\windows\system32\jpicpl32.cpl

2010-07-19 04:04:58 38848 ----a-w- c:\windows\avastSS.scr

2010-07-18 15:44:37 0 d-----w- C:\spoolerlogs

2010-07-18 15:43:18 16384 ----a-w- c:\windows\~DF3978.tmp

2010-07-11 04:26:42 0 d-----w- c:\docume~1\owner~1.you\applic~1\MSNInstaller

==================== Find3M ====================

2010-07-20 01:20:55 28078 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat

2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2008-04-25 14:36:55 449784 ----a-w- c:\program files\msgr8us.exe

1998-02-10 23:34:48 128000 ----a-w- c:\program files\UNWISE.EXE

2009-11-06 16:05:24 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-11-17 22:00:41 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2008-12-03 02:11:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat

2009-11-09 19:58:04 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 14:13:13.78 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Weird.

Run this instead; make sure you are using Internet Explorer.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your Desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

Link to post
Share on other sites

The ESET OnlineScan worked with no problem Here is the report-

C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Application Data\Sun\Java\Deployment\cache\6.0\6\49e26146-23cf8ed9 multiple threats

C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP137\A0011302.sys Win32/Olmarik.ZC trojan

Link to post
Share on other sites

  • Staff

Hi,

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

  • Staff

Hi,

What I said previously:

After that, proceed with running the SecurityCheck program as outlined in Post #11.

Please don't run F-Secure again; look below those instructions. I'll repeat them for you here:

Download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Hi, Thanks!!

Here is Security Check checkup.txt;

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Free Antivirus

ESET Online Scanner v3

CA eTrust PestPatrol

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 21

Out of date Java installed!

Adobe Flash Player

Adobe Reader 7.0

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

ALWILS~1 Avast5 avastUI.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Adobe Reader 7.0

Restart your computer.

Get the latest version of Adobe Reader.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Are you experiencing any other issues? If not, now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Sunbelt Personal Firewall

Comodo

Outpost

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.