Stubborn infected file plus other random symptoms
Page 1 of 3 123 LastLast
Results 1 to 15 of 43

Thread: Stubborn infected file plus other random symptoms

  1. #1
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    Post Stubborn infected file plus other random symptoms

    Hi.

    I am having problems with a .3gp file i am sure is infected.
    It is in a folder on my desktop and i am unable to delete it -when i try to take it to the recycle bin it just freezes up. The folder originally also contained other files which could not be deleted but i eventually managed to remove them from the command prompt - but this one WILL NOT be moved!

    I have Norton360 virus software and have even been through the online support and they are unable to remove it via remote connect (but they couldnt remove the files i eventually managed to delete!)

    I have full-scanned with Norton360, AVG free, AVG Anti-Root Kit, Malwarebytes which dont pick up any infections at all.

    I have also tried removing the file using FileASSASSIN software but the program just 'not responding' each time i try.

    Since this all started i am also now getting lots of 'ASSERT Failed' error messages (sample attached) when i CLOSE programs (i am not sure what these mean). Windows Explorer keeps randomly crashing and restarting and my Recycle Bin keeps losing its icon (although the 'Recycle Bin' label text remains and is still usable)

    I would really appreciate some help with this as i am now at a loss of what to do - i have tried everything i could find suggested to do.

    Thanks
    Attached Images Attached Images

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, read here: http://discussions.virtualdr.com/sho...d.php?t=167915, and post required logs.

  3. #3
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4657

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    20/09/2010 20:39:32
    mbam-log-2010-09-20 (20-39-32).txt

    Scan type: Quick scan
    Objects scanned: 146486
    Time elapsed: 4 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  4. #4
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66
    Unable to complete STEP 2 (

    Computer 'blue screen crashes' when running this scan. Happened twice. I also tried renaming the .exe file.

    I'll try moving on to STEP THREE if thats ok (unless you have another suggestion?) ...

  5. #5
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    DDS.txt (post 1 of 2 - too many characters)

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Michelle at 21:14:28.85 on 20/09/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1921 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\HidService.exe
    C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Michelle\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://uk.yahoo.com/
    uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
    mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - c:\program files\addthis toolbar\Helper.dll
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Freecause Toolbar BHO: {9ebf8aaf-0a31-4786-909a-97a0ef101743} - c:\program files\addthis toolbar\Toolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: FreecycleMemberBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\freecycle\FreecycleMember.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [AdobeBridge]
    mRun: [eRecoveryService]
    mRun: [<NO NAME>]
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quark.webex.com/client/T27L/event/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: avgrsstx.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\gnyntiyk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\michelle\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-25 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-25 173104]
    R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-2 96512]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-9-17 3968]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-17 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-17 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-17 243024]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-25 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100917.001\IDSvix86.sys [2010-9-18 344112]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-25 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-5-25 339504]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-17 308136]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-25 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-16 102448]
    R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2009-8-8 138112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-11-10 86696]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-11-10 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-11-10 114472]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-11-11 108328]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-11-11 104616]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-4-2 24576]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
    S4 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S4 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]

    =============== Created Last 30 ================

  6. #6
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    DDS.txt (post 2 of 2 - too many characters)

    =============== Created Last 30 ================

    2010-09-20 19:57:45 93056 ----a-w- C:\uwlcqkow.sys
    2010-09-20 19:54:46 343948415 ----a-w- c:\windows\MEMORY.DMP
    2010-09-17 18:42:59 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-09-17 18:33:59 0 d-----w- c:\program files\FileASSASSIN
    2010-09-17 18:23:48 0 d-----w- c:\users\michelle\appdata\roaming\Malwarebytes
    2010-09-17 18:23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 18:23:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 18:23:28 0 d-----w- c:\programdata\Malwarebytes
    2010-09-17 18:23:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 14:22:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-17 14:22:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-17 14:21:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-17 14:21:55 0 d-----w- c:\windows\system32\drivers\Avg
    2010-09-17 14:19:15 0 d-----w- c:\program files\AVG
    2010-09-17 14:18:58 0 d-----w- c:\programdata\avg9
    2010-09-15 19:03:36 0 d-----w- c:\windows\LMID291.tmp
    2010-09-15 16:00:38 0 d-----w- c:\windows\system32\N360_BACKUP
    2010-09-15 12:42:44 0 d-----w- c:\users\michelle\appdata\roaming\App Launcher Gadget
    2010-09-15 11:57:14 0 d-----w- c:\users\michelle\desktop icons
    2010-09-15 11:46:57 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-15 11:46:55 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 11:46:54 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-15 11:46:50 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-14 20:29:25 0 d-----w- c:\programdata\TEMP
    2010-09-14 20:26:34 0 d-----w- c:\programdata\PC Tools
    2010-09-14 18:27:33 0 d-----w- c:\windows\LMI57EF.tmp
    2010-09-09 17:53:12 0 d-----w- c:\users\michelle\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-09-02 14:53:21 0 d-----w- c:\program files\iPod
    2010-09-02 14:53:20 0 d-----w- c:\program files\iTunes
    2010-08-29 13:37:20 0 d-----w- c:\users\michelle\appdata\roaming\Adobe Mini Bridge CS5
    2010-08-29 13:37:19 0 d-----w- c:\users\michelle\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-08-29 12:00:19 1228400 ----a-w- c:\users\michelle\Photoshop_12_LS1.exe
    2010-08-29 12:00:19 1026293791 ----a-w- c:\users\michelle\Photoshop_12_LS1.7z

    ==================== Find3M ====================

    2010-09-20 20:05:15 35189 ----a-w- c:\programdata\nvModes.dat
    2010-09-02 14:50:33 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-09-02 14:50:33 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-09-02 14:50:33 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-07-18 21:00:34 294060 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-07 13:26:23 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-07-04 22:11:46 60872 ----a-w- c:\windows\fonts\AirConditioner.ttf
    2010-06-29 10:25:53 1228360 ----a-w- c:\users\michelle\InDesign_7_LS1.exe
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-17 09:23:17 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-05-31 19:09:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2009-08-07 12:32:11 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 21:15:30.07 ===============

  7. #7
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/04/2009 20:38:25
    System Uptime: 20/09/2010 21:03:55 (0 hours ago)

    Motherboard: Packard Bell BV | | PBGL00
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | AM2 | 2300/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 582 GiB total, 332.282 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    7-Zip 9.15 beta
    Acrobat.com
    AddThis Toolbar
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS5
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop CS5
    Adobe Reader 9.1
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    ArcSoft TotalMedia Extreme
    ATI Catalyst Install Manager
    µTorrent
    AVG Anti-Rootkit Free
    AVG Free 9.0
    AviSynth 2.5
    Bluesoleil2.7.0.13 VoIP Release 071227
    Bonjour
    CCleaner
    Choice Guard
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 3.0.0.7
    Creative WebCam Center
    Creative WebCam Vista Plus Driver (1.02.02.0414)
    Creative WebCam Vista Plus User's Guide (English)
    EASEUS Data Recovery Wizard Professional 4.3.6
    EasyBits Magic Desktop
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    EPSON PhotoQuicker3.5
    EPSON PRINT Image Framer Tool2.1
    EPSON Printer Software
    EPSON Scan
    EPSON Smart Panel
    EPSON Web-To-Page
    ESPRX620 Series Reference Guide
    ESPRX620 Software Guide
    Facebook Plug-In
    File Uploader
    FileASSASSIN
    FileOpen Client
    FileZilla Client 3.3.0.1
    Freecycle Internet Explorer Plugin
    Garmin City Navigator Europe NT 2009 Update
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    GearDrvs
    Get Yahoo! Messenger
    Google Earth
    Google Update Helper
    HDReg
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    K-Lite Codec Pack 5.5.1 (Full)
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    MetaBoli
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Microsoft Works 9.0 SE
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.5.11)
    MP3 To Ringtone Gold 8.0
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    Nikon FotoShare
    Nikon Message Center
    Nikon Transfer
    Norton 360
    Norton Internet Security
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Packard Bell ImageWriter
    Packard Bell Recovery Management
    Packard Bell Updator
    PDF Settings
    PDF Settings CS5
    PictureProject
    PIF DESIGNER2.1
    PowerISO
    PVSonyDll
    QuarkXPress
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    Safari
    ScanToWeb
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Skype Toolbars
    Skype™ 4.2
    Sony Picture Utility
    Sony USB Driver
    The Extractor
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb973514)
    VLC media player 1.0.0
    WebEx
    Winamp
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Install Manager
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== End Of File ===========================

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    It is in a folder on my desktop and i am unable to delete it
    What is exact location and a name of that folder?
    Right click on it, click "Properties" and tell me what "Location" line says.
    I need info from both fields indicated below:



    =================================================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

  9. #9
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66
    EXACT FOLDER LOCATION:

    Folder name: Alsmemorycard
    Location: C:\Users\Michelle\Desktop

    (Attributes: 'Read-only' is blued out - but unable to change as reverts back)

  10. #10
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    MBR Check log

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Packard Bell BV
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: PACKARD BELL BV
    System Product Name: IMEDIA A5518 UK
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 169):
    0x8284D000 \SystemRoot\system32\ntkrnlpa.exe
    0x8281A000 \SystemRoot\system32\hal.dll
    0x8040A000 \SystemRoot\system32\kdcom.dll
    0x80411000 \SystemRoot\system32\PSHED.dll
    0x80422000 \SystemRoot\system32\BOOTVID.dll
    0x8042A000 \SystemRoot\system32\CLFS.SYS
    0x8046B000 \SystemRoot\system32\CI.dll
    0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8060A000 \SystemRoot\system32\drivers\acpi.sys
    0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80661000 \SystemRoot\system32\drivers\pci.sys
    0x80688000 \SystemRoot\System32\DRIVERS\avgarkt.sys
    0x8068A000 \SystemRoot\System32\drivers\partmgr.sys
    0x80699000 \SystemRoot\system32\drivers\volmgr.sys
    0x806A8000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806F2000 \SystemRoot\system32\drivers\pciide.sys
    0x806F9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80707000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80717000 \SystemRoot\system32\drivers\atapi.sys
    0x8071F000 \SystemRoot\system32\drivers\ataport.SYS
    0x8073D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8076F000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
    0x807C5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82E0B000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
    0x82E38000 \SystemRoot\system32\Drivers\PxHelp20.sys
    0x82E41000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82EB2000 \SystemRoot\system32\drivers\ndis.sys
    0x82FBD000 \SystemRoot\system32\drivers\msrpc.sys
    0x8B60E000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B649000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B733000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B74E000 \SystemRoot\System32\Drivers\vbtenum.sys
    0x8B80B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B91B000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B954000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B95C000 \SystemRoot\System32\Drivers\mup.sys
    0x8B96B000 \SystemRoot\System32\drivers\ecache.sys
    0x8B992000 \SystemRoot\system32\drivers\disk.sys
    0x8B9A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8B9C4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8B9CD000 \SystemRoot\System32\Drivers\BTHidMgr.sys
    0x8B9D4000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x8B800000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8B752000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8B75B000 \SystemRoot\system32\DRIVERS\processr.sys
    0x91E03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9290B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x9290D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x929AE000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B76A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x929BA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x929CA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x929D8000 \SystemRoot\system32\drivers\Afc.sys
    0x929E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x929F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8B7B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8B7C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x82FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x91A0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91A9C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x91AAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x91ABA000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x91AC5000 \SystemRoot\System32\Drivers\VcommMgr.sys
    0x91ACF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x91AFE000 \SystemRoot\system32\DRIVERS\storport.sys
    0x91B3F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x91B4A000 \SystemRoot\system32\DRIVERS\blueletaudio.sys
    0x91B51000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x91B7E000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x91BA3000 \SystemRoot\system32\DRIVERS\ks.sys
    0x91BCD000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
    0x91BD3000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x91BDB000 \SystemRoot\system32\drivers\modem.sys
    0x91BE8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x91A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x807D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x805D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x805E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x92C0C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x92C21000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
    0x92C24000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x92C30000 \SystemRoot\system32\DRIVERS\VComm.sys
    0x92C37000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x92C41000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x92C51000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x92C6E000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x92C94000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x92C96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x92CA0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x92CAD000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x92CE2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x93000000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x93201000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
    0x93258000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
    0x93277000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x9328C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9328E000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
    0x93298000 \SystemRoot\system32\DRIVERS\V0090Vid.sys
    0x932BA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x9420E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100920.050\NAVEX15.SYS
    0x9435A000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x9437F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100920.050\NAVENG.SYS
    0x94393000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9439C000 \SystemRoot\System32\Drivers\Null.SYS
    0x943A3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x943AA000 \SystemRoot\System32\DRIVERS\AvgArCln.sys
    0x943B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x943BB000 \SystemRoot\System32\drivers\vga.sys
    0x943C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x943E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x943F0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x94200000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x932C7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x943AB000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x932D5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x932EB000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
    0x93344000 \SystemRoot\system32\DRIVERS\smb.sys
    0x93358000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x93392000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92CF3000 \SystemRoot\system32\drivers\afd.sys
    0x933C4000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x933DA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x933E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x943F8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x92D55000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92D91000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92D9B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSvix86.sys
    0x9BE02000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x9BE60000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9BE7D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9BE94000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
    0x9BF13000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
    0x9BFBF000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x9BFC5000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x92D3B000 \SystemRoot\system32\drivers\archlp.sys
    0x9D009000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x9D031000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9D03E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9D049000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xA6470000 \SystemRoot\System32\win32k.sys
    0x9D051000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9D05B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xA6690000 \SystemRoot\System32\TSDDD.dll
    0xA66B0000 \SystemRoot\System32\cdd.dll
    0x9D06A000 \SystemRoot\system32\drivers\luafv.sys
    0x9D085000 \SystemRoot\system32\drivers\spsys.sys
    0x9D135000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9D145000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9D158000 \SystemRoot\system32\drivers\HTTP.sys
    0x9D1C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9D1E2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8B9DC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xAC80D000 \SystemRoot\system32\drivers\mrxdav.sys
    0xAC82E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAC84D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xAC886000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAC89E000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAC8C5000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA66C0000 \SystemRoot\System32\ATMFD.DLL
    0xAC92B000 \??\C:\Windows\system32\drivers\int15.sys
    0xAEA0B000 \SystemRoot\system32\drivers\peauth.sys
    0xAEAE9000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAEAF3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAEAFF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xAEB14000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xAEB26000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77490000 \Windows\System32\ntdll.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    544 C:\Windows\System32\smss.exe
    632 csrss.exe
    692 C:\Windows\System32\wininit.exe
    704 csrss.exe
    712 C:\Program Files\AVG\AVG9\avgchsvx.exe
    740 C:\Windows\System32\winlogon.exe
    760 C:\Program Files\AVG\AVG9\avgrsx.exe
    812 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1148 C:\Windows\System32\services.exe
    1160 C:\Windows\System32\lsass.exe
    1168 C:\Windows\System32\lsm.exe
    1324 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\nvvsvc.exe
    1392 C:\Windows\System32\svchost.exe
    1536 C:\Windows\System32\svchost.exe
    1588 C:\Windows\System32\svchost.exe
    1600 C:\Windows\System32\svchost.exe
    1684 C:\Windows\System32\audiodg.exe
    1708 C:\Windows\System32\svchost.exe
    1728 C:\Windows\System32\SLsvc.exe
    1780 C:\Windows\System32\svchost.exe
    1892 C:\Windows\System32\nvvsvc.exe
    1932 C:\Windows\System32\svchost.exe
    608 C:\Windows\System32\spoolsv.exe
    636 C:\Windows\System32\svchost.exe
    2176 C:\Windows\System32\svchost.exe
    2188 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2200 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    2220 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    2244 C:\Program Files\Bonjour\mDNSResponder.exe
    2396 C:\Windows\System32\HidService.exe
    2456 C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
    2524 C:\Windows\System32\svchost.exe
    2564 C:\Windows\System32\svchost.exe
    2692 C:\Windows\System32\svchost.exe
    2752 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2788 C:\Windows\System32\SearchIndexer.exe
    2876 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2944 WUDFHost.exe
    2980 C:\Program Files\AVG\AVG9\avgnsx.exe
    3352 C:\Windows\System32\taskeng.exe
    3868 dllhost.exe
    3960 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    4040 C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
    1996 C:\Program Files\Google\Update\GoogleUpdate.exe
    3908 C:\Windows\System32\taskeng.exe
    3992 C:\Windows\System32\dwm.exe
    4136 C:\Windows\explorer.exe
    4324 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    4360 C:\Program Files\iTunes\iTunesHelper.exe
    4368 C:\Program Files\AVG\AVG9\avgtray.exe
    4428 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4512 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5108 C:\Program Files\iPod\bin\iPodService.exe
    5332 C:\Program Files\Internet Explorer\iexplore.exe
    5364 C:\Program Files\Internet Explorer\iexplore.exe
    5596 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    4192 C:\Windows\System32\notepad.exe
    1492 C:\Windows\System32\SearchProtocolHost.exe
    1276 C:\Windows\System32\SearchFilterHost.exe
    4700 C:\Program Files\Internet Explorer\iexplore.exe
    5676 taskeng.exe
    4648 C:\Users\Michelle\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD6400AAKS-22A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

  11. #11
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    Also managed to get GMER to run... heres the log :)

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-21 08:47:35
    Windows 6.0.6002 Service Pack 2
    Running: GMER.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\uwlcqkow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 88166120 ZwAlertResumeThread
    SSDT 8815B118 ZwAlertThread
    SSDT 88CEC4A0 ZwAllocateVirtualMemory
    SSDT 8800CB58 ZwAlpcConnectPort
    SSDT 88513E90 ZwAssignProcessToJobObject
    SSDT 88CF28F8 ZwCreateMutant
    SSDT 88CF7CF8 ZwCreateSymbolicLinkObject
    SSDT 88CE9FB0 ZwCreateThread
    SSDT 884E8048 ZwDebugActiveProcess
    SSDT 88CEBF38 ZwDuplicateObject
    SSDT 88CEBB98 ZwFreeVirtualMemory
    SSDT 8818B108 ZwImpersonateAnonymousToken
    SSDT 88169068 ZwImpersonateThread
    SSDT 8800CB20 ZwLoadDriver
    SSDT 88CEBA38 ZwMapViewOfSection
    SSDT 88261120 ZwOpenEvent
    SSDT 88CEC808 ZwOpenProcess
    SSDT 880FEA08 ZwOpenProcessToken
    SSDT 884FE250 ZwOpenSection
    SSDT 88CEC6F8 ZwOpenThread
    SSDT 88CF6A38 ZwProtectVirtualMemory
    SSDT 8811B068 ZwResumeThread
    SSDT 880F2118 ZwSetContextThread
    SSDT 88CEB820 ZwSetInformationProcess
    SSDT 881856B8 ZwSetSystemInformation
    SSDT 8818D120 ZwSuspendProcess
    SSDT 884CB110 ZwSuspendThread
    SSDT 880BD4B0 ZwTerminateProcess
    SSDT 88219110 ZwTerminateThread
    SSDT 8810CBD8 ZwUnmapViewOfSection
    SSDT 88CEBE68 ZwWriteVirtualMemory
    SSDT 88CF61D8 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 828F8880 8 Bytes [20, 61, 16, 88, 18, B1, 15, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 828F8894 4 Bytes [A0, C4, CE, 88]
    .text ntkrnlpa.exe!KeSetEvent + 13D 828F88A0 4 Bytes [58, CB, 00, 88]
    .text ntkrnlpa.exe!KeSetEvent + 191 828F88F4 4 Bytes [90, 3E, 51, 88]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 828F8958 4 Bytes [F8, 28, CF, 88]
    .text ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74147817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7419A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7414BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7413F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7413E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74178395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7414DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7413FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7413FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7416C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7413D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74136853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7413687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74142AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Good

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

  13. #13
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    ComboFix (Post 1 of 2 - text too long)

    ComboFix 10-09-22.02 - Michelle 22/09/2010 23:41:34.4.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1769 [GMT 1:00]
    Running from: c:\users\Michelle\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
    .

    2010-09-22 22:50 . 2010-09-22 22:51 -------- d-----w- c:\users\Michelle\AppData\Local\temp
    2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-20 19:57 . 2010-09-20 19:57 93056 ----a-w- C:\uwlcqkow.sys
    2010-09-17 18:42 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-09-17 18:33 . 2010-09-17 18:33 -------- d-----w- c:\program files\FileASSASSIN
    2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
    2010-09-17 18:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 18:23 . 2010-09-20 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\programdata\Malwarebytes
    2010-09-17 18:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 14:22 . 2010-09-17 14:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-17 14:22 . 2010-09-17 14:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-17 14:21 . 2010-09-17 14:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-17 14:21 . 2010-09-22 13:07 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-09-17 14:21 . 2010-09-17 14:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-09-17 14:19 . 2010-09-17 14:19 -------- d-----w- c:\program files\AVG
    2010-09-17 14:18 . 2010-09-17 14:19 -------- d-----w- c:\programdata\avg9
    2010-09-15 19:03 . 2010-09-16 00:03 -------- d-----w- c:\windows\LMID291.tmp
    2010-09-15 16:00 . 2010-09-15 16:00 -------- d-----w- c:\windows\system32\N360_BACKUP
    2010-09-15 12:42 . 2010-09-15 12:42 -------- d-----w- c:\users\Michelle\AppData\Roaming\App Launcher Gadget
    2010-09-15 11:57 . 2010-09-18 16:08 -------- d-----w- c:\users\Michelle\desktop icons
    2010-09-15 11:46 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-15 11:46 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 11:46 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-15 11:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-14 20:26 . 2010-09-14 20:27 76704968 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe
    2010-09-14 20:26 . 2010-09-14 20:26 -------- d-----w- c:\programdata\PC Tools
    2010-09-14 18:29 . 2010-09-15 19:22 -------- d-----w- c:\users\Michelle\AppData\Local\NPE
    2010-09-14 18:27 . 2010-09-15 11:40 -------- d-----w- c:\windows\LMI57EF.tmp
    2010-09-10 11:28 . 2010-09-10 11:28 53632 ----a-w- c:\users\Michelle\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-09-09 17:53 . 2010-09-09 17:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-09-02 14:53 . 2010-09-02 14:53 -------- d-----w- c:\program files\iPod
    2010-09-02 14:53 . 2010-09-02 14:54 -------- d-----w- c:\program files\iTunes
    2010-09-02 14:48 . 2010-09-02 14:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-08-30 19:43 . 2010-08-30 19:43 -------- d-----w- c:\program files\Common Files\Skype
    2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\Adobe Mini Bridge CS5
    2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-08-29 13:28 . 2010-08-29 11:47 167 ----a-w- c:\programdata\Adobe\CS5\jre\Disable Activation.cmd
    2010-08-29 12:00 . 2010-08-29 12:19 1228400 ----a-w- c:\users\Michelle\Photoshop_12_LS1.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-22 22:51 . 2010-06-29 10:14 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-22 20:53 . 2009-11-17 14:15 35189 ----a-w- c:\programdata\nvModes.dat
    2010-09-18 21:25 . 2009-07-08 11:06 -------- d-----w- c:\users\Michelle\AppData\Roaming\uTorrent
    2010-09-16 20:01 . 2009-12-29 14:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Media Player Classic
    2010-09-15 21:24 . 2009-08-05 12:25 -------- d-----w- c:\users\Michelle\AppData\Roaming\Winamp
    2010-09-15 21:24 . 2009-03-21 07:23 -------- d-----w- c:\program files\Microsoft Works
    2010-09-15 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-09-14 18:29 . 2009-03-21 07:45 -------- d-----w- c:\programdata\Norton
    2010-09-11 18:54 . 2009-07-08 10:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\Vso
    2010-09-10 11:28 . 2010-06-29 10:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-09-09 13:13 . 2010-06-29 10:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-09-06 11:16 . 2009-03-21 07:31 -------- d-----w- c:\program files\Google
    2010-09-06 11:13 . 2009-07-08 08:54 -------- d-----w- c:\program files\CCleaner
    2010-09-02 14:53 . 2009-08-11 20:35 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-30 22:28 . 2009-08-23 20:51 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
    2010-08-30 19:40 . 2009-08-12 23:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\skypePM
    2010-08-29 12:38 . 2009-03-21 07:42 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-20 12:19 . 2009-07-20 11:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\vlc
    2010-08-20 08:53 . 2009-07-08 11:07 -------- d-----w- c:\program files\uTorrent
    2010-08-19 15:15 . 2010-08-19 15:14 -------- d-----w- c:\program files\QuickTime
    2010-08-13 10:15 . 2010-08-13 10:06 680 ----a-w- c:\users\Michelle\AppData\Local\d3d9caps.dat
    2010-08-12 08:58 . 2010-08-12 08:58 -------- d-----w- c:\programdata\F-Secure
    2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\FileOpen
    2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\programdata\FileOpen
    2010-08-08 19:58 . 2010-08-08 19:58 14846 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
    2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\program files\FileOpen
    2010-08-05 21:01 . 2010-08-05 21:01 -------- d-----w- c:\program files\7-Zip
    2010-07-28 20:14 . 2009-07-07 19:49 -------- d-----w- c:\programdata\FLEXnet
    2010-07-18 21:00 . 2010-02-19 20:26 294060 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-07 13:26 . 2009-07-07 18:05 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-06-29 10:25 . 2010-06-29 10:15 1228360 ----a-w- c:\users\Michelle\InDesign_7_LS1.exe
    2010-06-26 06:05 . 2010-08-12 10:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-08-12 10:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:02 . 2010-08-12 10:03 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 04:25 . 2010-08-12 10:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-22_16.55.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2010-09-22 20:54 73546 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-07 17:58 . 2010-09-22 20:55 19782 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3795328490-2948772482-1105704417-1000_UserData.bin
    - 2009-07-07 17:54 . 2010-09-22 13:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-07 17:54 . 2010-09-22 20:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-07 17:54 . 2010-09-22 20:53 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-07 17:54 . 2010-09-22 13:14 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-07 17:54 . 2010-09-22 13:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-07 17:54 . 2010-09-22 20:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-08 15:44 . 2010-09-22 22:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-08 15:44 . 2010-09-22 14:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-20 14:40 . 2010-09-22 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-20 14:40 . 2010-09-22 20:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 13:05 . 2010-09-22 20:55 109246 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 10:33 . 2010-09-22 20:51 612902 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2010-09-22 13:08 612902 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2010-09-22 20:51 110212 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2010-09-22 13:08 110212 c:\windows\System32\perfc009.dat
    .

  14. #14
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    ComboFix (Post 2 of 2 - text too long)

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2009-10-08 242688]

    [HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
    2009-10-08 16:20 1437184 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]

    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]

    [HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
    [HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-17 2065760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "RequireSignedAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
    backup=c:\windows\pss\StupAssist.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
    backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FujiKeyboard]
    2008-09-18 09:13 79416 ----a-w- c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-03-26 05:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-11-02 10:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
    R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Michelle\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
    R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 135664]
    R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
    R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
    S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-17 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-17 243024]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSvix86.sys [2010-05-28 344112]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-17 308136]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
    S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]

    2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]

    2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
    FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-22 23:50
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-09-22 23:55:12
    ComboFix-quarantined-files.txt 2010-09-22 22:55
    ComboFix2.txt 2010-09-22 22:29
    ComboFix3.txt 2010-09-22 17:25
    ComboFix4.txt 2010-09-22 16:58

    Pre-Run: 358,790,303,744 bytes free
    Post-Run: 358,780,784,640 bytes free

    - - End Of File - - 622063904F616D2928B5C6DA5822CF73

  15. #15
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    66

    P.S. re: ComboFix

    I had to run this program 3 or 4 times due to 'user error' - i.e. i forgot to turn off one of anti-viruses, my son switched pc off etc.

    Also unable to open c:\ComboFix.txt (and most other programs!) due to 'Illegal operation attempted on a registry key that has been marked for deletion' error box - is this normal??

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •