1 Attachment(s)
Stubborn infected file plus other random symptoms
Hi.
I am having problems with a .3gp file i am sure is infected.
It is in a folder on my desktop and i am unable to delete it -when i try to take it to the recycle bin it just freezes up. The folder originally also contained other files which could not be deleted but i eventually managed to remove them from the command prompt - but this one WILL NOT be moved!
I have Norton360 virus software and have even been through the online support and they are unable to remove it via remote connect (but they couldnt remove the files i eventually managed to delete!)
I have full-scanned with Norton360, AVG free, AVG Anti-Root Kit, Malwarebytes which dont pick up any infections at all.
I have also tried removing the file using FileASSASSIN software but the program just 'not responding' each time i try.
Since this all started i am also now getting lots of 'ASSERT Failed' error messages (sample attached) when i CLOSE programs (i am not sure what these mean). Windows Explorer keeps randomly crashing and restarting and my Recycle Bin keeps losing its icon (although the 'Recycle Bin' label text remains and is still usable)
I would really appreciate some help with this as i am now at a loss of what to do - i have tried everything i could find suggested to do.
Thanks :confused:
DDS.txt (post 1 of 2 - too many characters)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Michelle at 21:14:28.85 on 20/09/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1921 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\HidService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michelle\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://uk.yahoo.com/
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - c:\program files\addthis toolbar\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Freecause Toolbar BHO: {9ebf8aaf-0a31-4786-909a-97a0ef101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FreecycleMemberBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\freecycle\FreecycleMember.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge]
mRun: [eRecoveryService]
mRun: [<NO NAME>]
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quark.webex.com/client/T27L/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\gnyntiyk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michelle\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-25 173104]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-2 96512]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-9-17 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-17 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-17 243024]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100917.001\IDSvix86.sys [2010-9-18 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-25 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-5-25 339504]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-17 308136]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-25 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-16 102448]
R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2009-8-8 138112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-11-10 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-11-10 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-11-10 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-11-11 108328]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-11-11 104616]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-4-2 24576]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S4 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
=============== Created Last 30 ================
DDS.txt (post 2 of 2 - too many characters)
=============== Created Last 30 ================
2010-09-20 19:57:45 93056 ----a-w- C:\uwlcqkow.sys
2010-09-20 19:54:46 343948415 ----a-w- c:\windows\MEMORY.DMP
2010-09-17 18:42:59 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-17 18:33:59 0 d-----w- c:\program files\FileASSASSIN
2010-09-17 18:23:48 0 d-----w- c:\users\michelle\appdata\roaming\Malwarebytes
2010-09-17 18:23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 18:23:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 18:23:28 0 d-----w- c:\programdata\Malwarebytes
2010-09-17 18:23:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 14:22:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-17 14:22:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-17 14:21:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-17 14:21:55 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-17 14:19:15 0 d-----w- c:\program files\AVG
2010-09-17 14:18:58 0 d-----w- c:\programdata\avg9
2010-09-15 19:03:36 0 d-----w- c:\windows\LMID291.tmp
2010-09-15 16:00:38 0 d-----w- c:\windows\system32\N360_BACKUP
2010-09-15 12:42:44 0 d-----w- c:\users\michelle\appdata\roaming\App Launcher Gadget
2010-09-15 11:57:14 0 d-----w- c:\users\michelle\desktop icons
2010-09-15 11:46:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:46:55 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:46:54 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:46:50 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 20:29:25 0 d-----w- c:\programdata\TEMP
2010-09-14 20:26:34 0 d-----w- c:\programdata\PC Tools
2010-09-14 18:27:33 0 d-----w- c:\windows\LMI57EF.tmp
2010-09-09 17:53:12 0 d-----w- c:\users\michelle\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-02 14:53:21 0 d-----w- c:\program files\iPod
2010-09-02 14:53:20 0 d-----w- c:\program files\iTunes
2010-08-29 13:37:20 0 d-----w- c:\users\michelle\appdata\roaming\Adobe Mini Bridge CS5
2010-08-29 13:37:19 0 d-----w- c:\users\michelle\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-29 12:00:19 1228400 ----a-w- c:\users\michelle\Photoshop_12_LS1.exe
2010-08-29 12:00:19 1026293791 ----a-w- c:\users\michelle\Photoshop_12_LS1.7z
==================== Find3M ====================
2010-09-20 20:05:15 35189 ----a-w- c:\programdata\nvModes.dat
2010-09-02 14:50:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-02 14:50:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-02 14:50:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 21:00:34 294060 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-07 13:26:23 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-04 22:11:46 60872 ----a-w- c:\windows\fonts\AirConditioner.ttf
2010-06-29 10:25:53 1228360 ----a-w- c:\users\michelle\InDesign_7_LS1.exe
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 09:23:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-31 19:09:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-08-07 12:32:11 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 21:15:30.07 ===============
Also managed to get GMER to run... heres the log :)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-21 08:47:35
Windows 6.0.6002 Service Pack 2
Running: GMER.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\uwlcqkow.sys
---- System - GMER 1.0.15 ----
SSDT 88166120 ZwAlertResumeThread
SSDT 8815B118 ZwAlertThread
SSDT 88CEC4A0 ZwAllocateVirtualMemory
SSDT 8800CB58 ZwAlpcConnectPort
SSDT 88513E90 ZwAssignProcessToJobObject
SSDT 88CF28F8 ZwCreateMutant
SSDT 88CF7CF8 ZwCreateSymbolicLinkObject
SSDT 88CE9FB0 ZwCreateThread
SSDT 884E8048 ZwDebugActiveProcess
SSDT 88CEBF38 ZwDuplicateObject
SSDT 88CEBB98 ZwFreeVirtualMemory
SSDT 8818B108 ZwImpersonateAnonymousToken
SSDT 88169068 ZwImpersonateThread
SSDT 8800CB20 ZwLoadDriver
SSDT 88CEBA38 ZwMapViewOfSection
SSDT 88261120 ZwOpenEvent
SSDT 88CEC808 ZwOpenProcess
SSDT 880FEA08 ZwOpenProcessToken
SSDT 884FE250 ZwOpenSection
SSDT 88CEC6F8 ZwOpenThread
SSDT 88CF6A38 ZwProtectVirtualMemory
SSDT 8811B068 ZwResumeThread
SSDT 880F2118 ZwSetContextThread
SSDT 88CEB820 ZwSetInformationProcess
SSDT 881856B8 ZwSetSystemInformation
SSDT 8818D120 ZwSuspendProcess
SSDT 884CB110 ZwSuspendThread
SSDT 880BD4B0 ZwTerminateProcess
SSDT 88219110 ZwTerminateThread
SSDT 8810CBD8 ZwUnmapViewOfSection
SSDT 88CEBE68 ZwWriteVirtualMemory
SSDT 88CF61D8 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 828F8880 8 Bytes [20, 61, 16, 88, 18, B1, 15, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 828F8894 4 Bytes [A0, C4, CE, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 828F88A0 4 Bytes [58, CB, 00, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 828F88F4 4 Bytes [90, 3E, 51, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828F8958 4 Bytes [F8, 28, CF, 88]
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74147817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7419A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7414BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7413F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7413E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74178395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7414DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7413FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7413FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7416C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7413D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74136853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7413687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74142AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
ComboFix (Post 1 of 2 - text too long)
ComboFix 10-09-22.02 - Michelle 22/09/2010 23:41:34.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1769 [GMT 1:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.
2010-09-22 22:50 . 2010-09-22 22:51 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 19:57 . 2010-09-20 19:57 93056 ----a-w- C:\uwlcqkow.sys
2010-09-17 18:42 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-17 18:33 . 2010-09-17 18:33 -------- d-----w- c:\program files\FileASSASSIN
2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
2010-09-17 18:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 18:23 . 2010-09-20 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 18:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 14:22 . 2010-09-17 14:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-17 14:22 . 2010-09-17 14:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-17 14:21 . 2010-09-17 14:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-17 14:21 . 2010-09-22 13:07 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-17 14:21 . 2010-09-17 14:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-17 14:19 . 2010-09-17 14:19 -------- d-----w- c:\program files\AVG
2010-09-17 14:18 . 2010-09-17 14:19 -------- d-----w- c:\programdata\avg9
2010-09-15 19:03 . 2010-09-16 00:03 -------- d-----w- c:\windows\LMID291.tmp
2010-09-15 16:00 . 2010-09-15 16:00 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-09-15 12:42 . 2010-09-15 12:42 -------- d-----w- c:\users\Michelle\AppData\Roaming\App Launcher Gadget
2010-09-15 11:57 . 2010-09-18 16:08 -------- d-----w- c:\users\Michelle\desktop icons
2010-09-15 11:46 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:46 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:46 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 20:26 . 2010-09-14 20:27 76704968 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe
2010-09-14 20:26 . 2010-09-14 20:26 -------- d-----w- c:\programdata\PC Tools
2010-09-14 18:29 . 2010-09-15 19:22 -------- d-----w- c:\users\Michelle\AppData\Local\NPE
2010-09-14 18:27 . 2010-09-15 11:40 -------- d-----w- c:\windows\LMI57EF.tmp
2010-09-10 11:28 . 2010-09-10 11:28 53632 ----a-w- c:\users\Michelle\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-09-09 17:53 . 2010-09-09 17:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-02 14:53 . 2010-09-02 14:53 -------- d-----w- c:\program files\iPod
2010-09-02 14:53 . 2010-09-02 14:54 -------- d-----w- c:\program files\iTunes
2010-09-02 14:48 . 2010-09-02 14:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 19:43 . 2010-08-30 19:43 -------- d-----w- c:\program files\Common Files\Skype
2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-29 13:28 . 2010-08-29 11:47 167 ----a-w- c:\programdata\Adobe\CS5\jre\Disable Activation.cmd
2010-08-29 12:00 . 2010-08-29 12:19 1228400 ----a-w- c:\users\Michelle\Photoshop_12_LS1.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:51 . 2010-06-29 10:14 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 20:53 . 2009-11-17 14:15 35189 ----a-w- c:\programdata\nvModes.dat
2010-09-18 21:25 . 2009-07-08 11:06 -------- d-----w- c:\users\Michelle\AppData\Roaming\uTorrent
2010-09-16 20:01 . 2009-12-29 14:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Media Player Classic
2010-09-15 21:24 . 2009-08-05 12:25 -------- d-----w- c:\users\Michelle\AppData\Roaming\Winamp
2010-09-15 21:24 . 2009-03-21 07:23 -------- d-----w- c:\program files\Microsoft Works
2010-09-15 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:29 . 2009-03-21 07:45 -------- d-----w- c:\programdata\Norton
2010-09-11 18:54 . 2009-07-08 10:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\Vso
2010-09-10 11:28 . 2010-06-29 10:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-09 13:13 . 2010-06-29 10:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-09-06 11:16 . 2009-03-21 07:31 -------- d-----w- c:\program files\Google
2010-09-06 11:13 . 2009-07-08 08:54 -------- d-----w- c:\program files\CCleaner
2010-09-02 14:53 . 2009-08-11 20:35 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 22:28 . 2009-08-23 20:51 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
2010-08-30 19:40 . 2009-08-12 23:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\skypePM
2010-08-29 12:38 . 2009-03-21 07:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 12:19 . 2009-07-20 11:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\vlc
2010-08-20 08:53 . 2009-07-08 11:07 -------- d-----w- c:\program files\uTorrent
2010-08-19 15:15 . 2010-08-19 15:14 -------- d-----w- c:\program files\QuickTime
2010-08-13 10:15 . 2010-08-13 10:06 680 ----a-w- c:\users\Michelle\AppData\Local\d3d9caps.dat
2010-08-12 08:58 . 2010-08-12 08:58 -------- d-----w- c:\programdata\F-Secure
2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\FileOpen
2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\programdata\FileOpen
2010-08-08 19:58 . 2010-08-08 19:58 14846 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\program files\FileOpen
2010-08-05 21:01 . 2010-08-05 21:01 -------- d-----w- c:\program files\7-Zip
2010-07-28 20:14 . 2009-07-07 19:49 -------- d-----w- c:\programdata\FLEXnet
2010-07-18 21:00 . 2010-02-19 20:26 294060 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-07 13:26 . 2009-07-07 18:05 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-29 10:25 . 2010-06-29 10:15 1228360 ----a-w- c:\users\Michelle\InDesign_7_LS1.exe
2010-06-26 06:05 . 2010-08-12 10:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 10:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 10:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 10:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_16.55.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-22 20:54 73546 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-07 17:58 . 2010-09-22 20:55 19782 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3795328490-2948772482-1105704417-1000_UserData.bin
- 2009-07-07 17:54 . 2010-09-22 13:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 17:54 . 2010-09-22 13:14 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 17:54 . 2010-09-22 13:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2010-09-22 20:55 109246 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-09-22 20:51 612902 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-22 13:08 612902 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-22 20:51 110212 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-09-22 13:08 110212 c:\windows\System32\perfc009.dat
.
ComboFix (Post 2 of 2 - text too long)
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2009-10-08 242688]
[HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
2009-10-08 16:20 1437184 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-17 2065760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
backup=c:\windows\pss\StupAssist.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FujiKeyboard]
2008-09-18 09:13 79416 ----a-w- c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 05:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-02 10:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Michelle\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 135664]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-17 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-17 243024]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-17 308136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 23:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-22 23:55:12
ComboFix-quarantined-files.txt 2010-09-22 22:55
ComboFix2.txt 2010-09-22 22:29
ComboFix3.txt 2010-09-22 17:25
ComboFix4.txt 2010-09-22 16:58
Pre-Run: 358,790,303,744 bytes free
Post-Run: 358,780,784,640 bytes free
- - End Of File - - 622063904F616D2928B5C6DA5822CF73