September 19th, 2010, 02:41 PM
#1
Stubborn infected file plus other random symptoms
Hi.
I am having problems with a .3gp file i am sure is infected.
It is in a folder on my desktop and i am unable to delete it -when i try to take it to the recycle bin it just freezes up. The folder originally also contained other files which could not be deleted but i eventually managed to remove them from the command prompt - but this one WILL NOT be moved!
I have Norton360 virus software and have even been through the online support and they are unable to remove it via remote connect (but they couldnt remove the files i eventually managed to delete!)
I have full-scanned with Norton360, AVG free, AVG Anti-Root Kit, Malwarebytes which dont pick up any infections at all.
I have also tried removing the file using FileASSASSIN software but the program just 'not responding' each time i try.
Since this all started i am also now getting lots of 'ASSERT Failed' error messages (sample attached) when i CLOSE programs (i am not sure what these mean). Windows Explorer keeps randomly crashing and restarting and my Recycle Bin keeps losing its icon (although the 'Recycle Bin' label text remains and is still usable)
I would really appreciate some help with this as i am now at a loss of what to do - i have tried everything i could find suggested to do.
Thanks
Attached Images
September 19th, 2010, 06:43 PM
#2
Welcome aboard
Please, read here: http://discussions.virtualdr.com/sho...d.php?t=167915 , and post required logs.
September 20th, 2010, 03:44 PM
#3
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4657
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
20/09/2010 20:39:32
mbam-log-2010-09-20 (20-39-32).txt
Scan type: Quick scan
Objects scanned: 146486
Time elapsed: 4 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
September 20th, 2010, 04:12 PM
#4
Unable to complete STEP 2 (
Computer 'blue screen crashes' when running this scan. Happened twice. I also tried renaming the .exe file.
I'll try moving on to STEP THREE if thats ok (unless you have another suggestion?) ...
September 20th, 2010, 04:30 PM
#5
DDS.txt (post 1 of 2 - too many characters)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Michelle at 21:14:28.85 on 20/09/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1921 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\HidService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michelle\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://uk.yahoo.com/
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - c:\program files\addthis toolbar\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Freecause Toolbar BHO: {9ebf8aaf-0a31-4786-909a-97a0ef101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FreecycleMemberBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\freecycle\FreecycleMember.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge]
mRun: [eRecoveryService]
mRun: [<NO NAME>]
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quark.webex.com/client/T27L/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\gnyntiyk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michelle\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\michelle\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-25 173104]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-2 96512]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-9-17 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-17 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-17 243024]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100917.001\IDSvix86.sys [2010-9-18 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-25 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-5-25 339504]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-17 308136]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-25 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-16 102448]
R3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2009-8-8 138112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-11-10 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-11-10 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-11-10 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-11-11 108328]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-11-11 104616]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-4-2 24576]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S4 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
=============== Created Last 30 ================
September 20th, 2010, 04:31 PM
#6
DDS.txt (post 2 of 2 - too many characters)
=============== Created Last 30 ================
2010-09-20 19:57:45 93056 ----a-w- C:\uwlcqkow.sys
2010-09-20 19:54:46 343948415 ----a-w- c:\windows\MEMORY.DMP
2010-09-17 18:42:59 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-17 18:33:59 0 d-----w- c:\program files\FileASSASSIN
2010-09-17 18:23:48 0 d-----w- c:\users\michelle\appdata\roaming\Malwarebytes
2010-09-17 18:23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 18:23:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 18:23:28 0 d-----w- c:\programdata\Malwarebytes
2010-09-17 18:23:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 14:22:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-17 14:22:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-17 14:21:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-17 14:21:55 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-17 14:19:15 0 d-----w- c:\program files\AVG
2010-09-17 14:18:58 0 d-----w- c:\programdata\avg9
2010-09-15 19:03:36 0 d-----w- c:\windows\LMID291.tmp
2010-09-15 16:00:38 0 d-----w- c:\windows\system32\N360_BACKUP
2010-09-15 12:42:44 0 d-----w- c:\users\michelle\appdata\roaming\App Launcher Gadget
2010-09-15 11:57:14 0 d-----w- c:\users\michelle\desktop icons
2010-09-15 11:46:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:46:55 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:46:54 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:46:50 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 20:29:25 0 d-----w- c:\programdata\TEMP
2010-09-14 20:26:34 0 d-----w- c:\programdata\PC Tools
2010-09-14 18:27:33 0 d-----w- c:\windows\LMI57EF.tmp
2010-09-09 17:53:12 0 d-----w- c:\users\michelle\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-02 14:53:21 0 d-----w- c:\program files\iPod
2010-09-02 14:53:20 0 d-----w- c:\program files\iTunes
2010-08-29 13:37:20 0 d-----w- c:\users\michelle\appdata\roaming\Adobe Mini Bridge CS5
2010-08-29 13:37:19 0 d-----w- c:\users\michelle\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-29 12:00:19 1228400 ----a-w- c:\users\michelle\Photoshop_12_LS1.exe
2010-08-29 12:00:19 1026293791 ----a-w- c:\users\michelle\Photoshop_12_LS1.7z
==================== Find3M ====================
2010-09-20 20:05:15 35189 ----a-w- c:\programdata\nvModes.dat
2010-09-02 14:50:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-02 14:50:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-02 14:50:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 21:00:34 294060 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-07 13:26:23 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-04 22:11:46 60872 ----a-w- c:\windows\fonts\AirConditioner.ttf
2010-06-29 10:25:53 1228360 ----a-w- c:\users\michelle\InDesign_7_LS1.exe
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 09:23:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-31 19:09:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-31 19:09:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-08-07 12:32:11 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 21:15:30.07 ===============
September 20th, 2010, 04:33 PM
#7
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/04/2009 20:38:25
System Uptime: 20/09/2010 21:03:55 (0 hours ago)
Motherboard: Packard Bell BV | | PBGL00
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | AM2 | 2300/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 582 GiB total, 332.282 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
7-Zip 9.15 beta
Acrobat.com
AddThis Toolbar
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS5
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft TotalMedia Extreme
ATI Catalyst Install Manager
µTorrent
AVG Anti-Rootkit Free
AVG Free 9.0
AviSynth 2.5
Bluesoleil2.7.0.13 VoIP Release 071227
Bonjour
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.7
Creative WebCam Center
Creative WebCam Vista Plus Driver (1.02.02.0414)
Creative WebCam Vista Plus User's Guide (English)
EASEUS Data Recovery Wizard Professional 4.3.6
EasyBits Magic Desktop
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESPRX620 Series Reference Guide
ESPRX620 Software Guide
Facebook Plug-In
File Uploader
FileASSASSIN
FileOpen Client
FileZilla Client 3.3.0.1
Freecycle Internet Explorer Plugin
Garmin City Navigator Europe NT 2009 Update
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
GearDrvs
Get Yahoo! Messenger
Google Earth
Google Update Helper
HDReg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Full)
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MetaBoli
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 9.0 SE
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.5.11)
MP3 To Ringtone Gold 8.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Nikon FotoShare
Nikon Message Center
Nikon Transfer
Norton 360
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Packard Bell ImageWriter
Packard Bell Recovery Management
Packard Bell Updator
PDF Settings
PDF Settings CS5
PictureProject
PIF DESIGNER2.1
PowerISO
PVSonyDll
QuarkXPress
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RocketDock 1.3.5
Safari
ScanToWeb
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype Toolbars
Skype™ 4.2
Sony Picture Utility
Sony USB Driver
The Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
VLC media player 1.0.0
WebEx
Winamp
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
==== End Of File ===========================
September 20th, 2010, 05:48 PM
#8
It is in a folder on my desktop and i am unable to delete it
What is exact location and a name of that folder?
Right click on it, click "Properties" and tell me what "Location" line says.
I need info from both fields indicated below:
=================================================================================================
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator ).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
September 21st, 2010, 04:03 AM
#9
EXACT FOLDER LOCATION:
Folder name: Alsmemorycard
Location: C:\Users\Michelle\Desktop
(Attributes: 'Read-only' is blued out - but unable to change as reverts back)
September 21st, 2010, 04:06 AM
#10
MBR Check log
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: PACKARD BELL BV
System Product Name: IMEDIA A5518 UK
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 169):
0x8284D000 \SystemRoot\system32\ntkrnlpa.exe
0x8281A000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\System32\DRIVERS\avgarkt.sys
0x8068A000 \SystemRoot\System32\drivers\partmgr.sys
0x80699000 \SystemRoot\system32\drivers\volmgr.sys
0x806A8000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F2000 \SystemRoot\system32\drivers\pciide.sys
0x806F9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80707000 \SystemRoot\System32\drivers\mountmgr.sys
0x80717000 \SystemRoot\system32\drivers\atapi.sys
0x8071F000 \SystemRoot\system32\drivers\ataport.SYS
0x8073D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8076F000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
0x807C5000 \SystemRoot\system32\drivers\fileinfo.sys
0x82E0B000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
0x82E38000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x82E41000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82EB2000 \SystemRoot\system32\drivers\ndis.sys
0x82FBD000 \SystemRoot\system32\drivers\msrpc.sys
0x8B60E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B649000 \SystemRoot\System32\drivers\tcpip.sys
0x8B733000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B74E000 \SystemRoot\System32\Drivers\vbtenum.sys
0x8B80B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B91B000 \SystemRoot\system32\drivers\volsnap.sys
0x8B954000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95C000 \SystemRoot\System32\Drivers\mup.sys
0x8B96B000 \SystemRoot\System32\drivers\ecache.sys
0x8B992000 \SystemRoot\system32\drivers\disk.sys
0x8B9A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B9C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9CD000 \SystemRoot\System32\Drivers\BTHidMgr.sys
0x8B9D4000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B752000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B75B000 \SystemRoot\system32\DRIVERS\processr.sys
0x91E03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9290B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9290D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x929AE000 \SystemRoot\System32\drivers\watchdog.sys
0x8B76A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x929BA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x929CA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x929D8000 \SystemRoot\system32\drivers\Afc.sys
0x929E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x929F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B7B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B7C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x82FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91A0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91A9C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91AAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91ABA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91AC5000 \SystemRoot\System32\Drivers\VcommMgr.sys
0x91ACF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x91AFE000 \SystemRoot\system32\DRIVERS\storport.sys
0x91B3F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91B4A000 \SystemRoot\system32\DRIVERS\blueletaudio.sys
0x91B51000 \SystemRoot\system32\DRIVERS\portcls.sys
0x91B7E000 \SystemRoot\system32\DRIVERS\drmk.sys
0x91BA3000 \SystemRoot\system32\DRIVERS\ks.sys
0x91BCD000 \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys
0x91BD3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x91BDB000 \SystemRoot\system32\drivers\modem.sys
0x91BE8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92C0C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92C21000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
0x92C24000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92C30000 \SystemRoot\system32\DRIVERS\VComm.sys
0x92C37000 \SystemRoot\system32\DRIVERS\serenum.sys
0x92C41000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92C51000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x92C6E000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x92C94000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92C96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92CA0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92CAD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92CE2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93000000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x93201000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
0x93258000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
0x93277000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9328C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9328E000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
0x93298000 \SystemRoot\system32\DRIVERS\V0090Vid.sys
0x932BA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9420E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100920.050\NAVEX15.SYS
0x9435A000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9437F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100920.050\NAVENG.SYS
0x94393000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9439C000 \SystemRoot\System32\Drivers\Null.SYS
0x943A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x943AA000 \SystemRoot\System32\DRIVERS\AvgArCln.sys
0x943B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x943BB000 \SystemRoot\System32\drivers\vga.sys
0x943C7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x943E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x943F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x94200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x932C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x943AB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x932D5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x932EB000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
0x93344000 \SystemRoot\system32\DRIVERS\smb.sys
0x93358000 \SystemRoot\System32\Drivers\avgtdix.sys
0x93392000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92CF3000 \SystemRoot\system32\drivers\afd.sys
0x933C4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x933DA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x933E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x943F8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x92D55000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92D91000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92D9B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSvix86.sys
0x9BE02000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9BE60000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9BE7D000 \SystemRoot\System32\Drivers\dfsc.sys
0x9BE94000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
0x9BF13000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
0x9BFBF000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9BFC5000 \SystemRoot\System32\Drivers\avgldx86.sys
0x92D3B000 \SystemRoot\system32\drivers\archlp.sys
0x9D009000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9D031000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9D03E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9D049000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA6470000 \SystemRoot\System32\win32k.sys
0x9D051000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D05B000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA6690000 \SystemRoot\System32\TSDDD.dll
0xA66B0000 \SystemRoot\System32\cdd.dll
0x9D06A000 \SystemRoot\system32\drivers\luafv.sys
0x9D085000 \SystemRoot\system32\drivers\spsys.sys
0x9D135000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D145000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D158000 \SystemRoot\system32\drivers\HTTP.sys
0x9D1C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D1E2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B9DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC80D000 \SystemRoot\system32\drivers\mrxdav.sys
0xAC82E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC84D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC886000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC89E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC8C5000 \SystemRoot\System32\DRIVERS\srv.sys
0xA66C0000 \SystemRoot\System32\ATMFD.DLL
0xAC92B000 \??\C:\Windows\system32\drivers\int15.sys
0xAEA0B000 \SystemRoot\system32\drivers\peauth.sys
0xAEAE9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAEAF3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEAFF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAEB14000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAEB26000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77490000 \Windows\System32\ntdll.dll
Processes (total 65):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
632 csrss.exe
692 C:\Windows\System32\wininit.exe
704 csrss.exe
712 C:\Program Files\AVG\AVG9\avgchsvx.exe
740 C:\Windows\System32\winlogon.exe
760 C:\Program Files\AVG\AVG9\avgrsx.exe
812 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1148 C:\Windows\System32\services.exe
1160 C:\Windows\System32\lsass.exe
1168 C:\Windows\System32\lsm.exe
1324 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\nvvsvc.exe
1392 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\audiodg.exe
1708 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\SLsvc.exe
1780 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\nvvsvc.exe
1932 C:\Windows\System32\svchost.exe
608 C:\Windows\System32\spoolsv.exe
636 C:\Windows\System32\svchost.exe
2176 C:\Windows\System32\svchost.exe
2188 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2200 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2220 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
2244 C:\Program Files\Bonjour\mDNSResponder.exe
2396 C:\Windows\System32\HidService.exe
2456 C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
2524 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\svchost.exe
2692 C:\Windows\System32\svchost.exe
2752 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2788 C:\Windows\System32\SearchIndexer.exe
2876 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2944 WUDFHost.exe
2980 C:\Program Files\AVG\AVG9\avgnsx.exe
3352 C:\Windows\System32\taskeng.exe
3868 dllhost.exe
3960 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4040 C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe
1996 C:\Program Files\Google\Update\GoogleUpdate.exe
3908 C:\Windows\System32\taskeng.exe
3992 C:\Windows\System32\dwm.exe
4136 C:\Windows\explorer.exe
4324 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
4360 C:\Program Files\iTunes\iTunesHelper.exe
4368 C:\Program Files\AVG\AVG9\avgtray.exe
4428 C:\Program Files\Windows Media Player\wmpnscfg.exe
4512 C:\Program Files\Windows Media Player\wmpnetwk.exe
5108 C:\Program Files\iPod\bin\iPodService.exe
5332 C:\Program Files\Internet Explorer\iexplore.exe
5364 C:\Program Files\Internet Explorer\iexplore.exe
5596 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
4192 C:\Windows\System32\notepad.exe
1492 C:\Windows\System32\SearchProtocolHost.exe
1276 C:\Windows\System32\SearchFilterHost.exe
4700 C:\Program Files\Internet Explorer\iexplore.exe
5676 taskeng.exe
4648 C:\Users\Michelle\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD6400AAKS-22A7B2, Rev: 01.03B01
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
September 21st, 2010, 04:07 AM
#11
Also managed to get GMER to run... heres the log :)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-21 08:47:35
Windows 6.0.6002 Service Pack 2
Running: GMER.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\uwlcqkow.sys
---- System - GMER 1.0.15 ----
SSDT 88166120 ZwAlertResumeThread
SSDT 8815B118 ZwAlertThread
SSDT 88CEC4A0 ZwAllocateVirtualMemory
SSDT 8800CB58 ZwAlpcConnectPort
SSDT 88513E90 ZwAssignProcessToJobObject
SSDT 88CF28F8 ZwCreateMutant
SSDT 88CF7CF8 ZwCreateSymbolicLinkObject
SSDT 88CE9FB0 ZwCreateThread
SSDT 884E8048 ZwDebugActiveProcess
SSDT 88CEBF38 ZwDuplicateObject
SSDT 88CEBB98 ZwFreeVirtualMemory
SSDT 8818B108 ZwImpersonateAnonymousToken
SSDT 88169068 ZwImpersonateThread
SSDT 8800CB20 ZwLoadDriver
SSDT 88CEBA38 ZwMapViewOfSection
SSDT 88261120 ZwOpenEvent
SSDT 88CEC808 ZwOpenProcess
SSDT 880FEA08 ZwOpenProcessToken
SSDT 884FE250 ZwOpenSection
SSDT 88CEC6F8 ZwOpenThread
SSDT 88CF6A38 ZwProtectVirtualMemory
SSDT 8811B068 ZwResumeThread
SSDT 880F2118 ZwSetContextThread
SSDT 88CEB820 ZwSetInformationProcess
SSDT 881856B8 ZwSetSystemInformation
SSDT 8818D120 ZwSuspendProcess
SSDT 884CB110 ZwSuspendThread
SSDT 880BD4B0 ZwTerminateProcess
SSDT 88219110 ZwTerminateThread
SSDT 8810CBD8 ZwUnmapViewOfSection
SSDT 88CEBE68 ZwWriteVirtualMemory
SSDT 88CF61D8 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 828F8880 8 Bytes [20, 61, 16, 88, 18, B1, 15, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 828F8894 4 Bytes [A0, C4, CE, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 828F88A0 4 Bytes [58, CB, 00, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 828F88F4 4 Bytes [90, 3E, 51, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828F8958 4 Bytes [F8, 28, CF, 88]
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74147817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7419A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7414BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7413F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7413E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74178395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7414DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7413FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7413FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7416C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7413D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74136853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7413687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74142AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
September 21st, 2010, 03:35 PM
#12
Good
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus , script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" .Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console , please allow it.
NOTE 2. If Combofix asks you to update the program, always do so .
Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
September 23rd, 2010, 02:00 AM
#13
ComboFix (Post 1 of 2 - text too long)
ComboFix 10-09-22.02 - Michelle 22/09/2010 23:41:34.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1769 [GMT 1:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.
2010-09-22 22:50 . 2010-09-22 22:51 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-22 22:50 . 2010-09-22 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 19:57 . 2010-09-20 19:57 93056 ----a-w- C:\uwlcqkow.sys
2010-09-17 18:42 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-09-17 18:33 . 2010-09-17 18:33 -------- d-----w- c:\program files\FileASSASSIN
2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
2010-09-17 18:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 18:23 . 2010-09-20 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 18:23 . 2010-09-17 18:23 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 18:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 14:22 . 2010-09-17 14:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-17 14:22 . 2010-09-17 14:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-17 14:21 . 2010-09-17 14:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-17 14:21 . 2010-09-22 13:07 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-17 14:21 . 2010-09-17 14:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-17 14:19 . 2010-09-17 14:19 -------- d-----w- c:\program files\AVG
2010-09-17 14:18 . 2010-09-17 14:19 -------- d-----w- c:\programdata\avg9
2010-09-15 19:03 . 2010-09-16 00:03 -------- d-----w- c:\windows\LMID291.tmp
2010-09-15 16:00 . 2010-09-15 16:00 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-09-15 12:42 . 2010-09-15 12:42 -------- d-----w- c:\users\Michelle\AppData\Roaming\App Launcher Gadget
2010-09-15 11:57 . 2010-09-18 16:08 -------- d-----w- c:\users\Michelle\desktop icons
2010-09-15 11:46 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:46 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:46 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 20:26 . 2010-09-14 20:27 76704968 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe
2010-09-14 20:26 . 2010-09-14 20:26 -------- d-----w- c:\programdata\PC Tools
2010-09-14 18:29 . 2010-09-15 19:22 -------- d-----w- c:\users\Michelle\AppData\Local\NPE
2010-09-14 18:27 . 2010-09-15 11:40 -------- d-----w- c:\windows\LMI57EF.tmp
2010-09-10 11:28 . 2010-09-10 11:28 53632 ----a-w- c:\users\Michelle\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-09-09 17:53 . 2010-09-09 17:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-02 14:53 . 2010-09-02 14:53 -------- d-----w- c:\program files\iPod
2010-09-02 14:53 . 2010-09-02 14:54 -------- d-----w- c:\program files\iTunes
2010-09-02 14:48 . 2010-09-02 14:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 19:43 . 2010-08-30 19:43 -------- d-----w- c:\program files\Common Files\Skype
2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-29 13:37 . 2010-08-29 13:37 -------- d-----w- c:\users\Michelle\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-29 13:28 . 2010-08-29 11:47 167 ----a-w- c:\programdata\Adobe\CS5\jre\Disable Activation.cmd
2010-08-29 12:00 . 2010-08-29 12:19 1228400 ----a-w- c:\users\Michelle\Photoshop_12_LS1.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:51 . 2010-06-29 10:14 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 20:53 . 2009-11-17 14:15 35189 ----a-w- c:\programdata\nvModes.dat
2010-09-18 21:25 . 2009-07-08 11:06 -------- d-----w- c:\users\Michelle\AppData\Roaming\uTorrent
2010-09-16 20:01 . 2009-12-29 14:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\Media Player Classic
2010-09-15 21:24 . 2009-08-05 12:25 -------- d-----w- c:\users\Michelle\AppData\Roaming\Winamp
2010-09-15 21:24 . 2009-03-21 07:23 -------- d-----w- c:\program files\Microsoft Works
2010-09-15 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:29 . 2009-03-21 07:45 -------- d-----w- c:\programdata\Norton
2010-09-11 18:54 . 2009-07-08 10:53 -------- d-----w- c:\users\Michelle\AppData\Roaming\Vso
2010-09-10 11:28 . 2010-06-29 10:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-09 13:13 . 2010-06-29 10:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-09-06 11:16 . 2009-03-21 07:31 -------- d-----w- c:\program files\Google
2010-09-06 11:13 . 2009-07-08 08:54 -------- d-----w- c:\program files\CCleaner
2010-09-02 14:53 . 2009-08-11 20:35 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 22:28 . 2009-08-23 20:51 -------- d-----w- c:\users\Michelle\AppData\Roaming\Skype
2010-08-30 19:40 . 2009-08-12 23:00 -------- d-----w- c:\users\Michelle\AppData\Roaming\skypePM
2010-08-29 12:38 . 2009-03-21 07:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 12:19 . 2009-07-20 11:41 -------- d-----w- c:\users\Michelle\AppData\Roaming\vlc
2010-08-20 08:53 . 2009-07-08 11:07 -------- d-----w- c:\program files\uTorrent
2010-08-19 15:15 . 2010-08-19 15:14 -------- d-----w- c:\program files\QuickTime
2010-08-13 10:15 . 2010-08-13 10:06 680 ----a-w- c:\users\Michelle\AppData\Local\d3d9caps.dat
2010-08-12 08:58 . 2010-08-12 08:58 -------- d-----w- c:\programdata\F-Secure
2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\FileOpen
2010-08-10 12:40 . 2010-08-10 12:40 -------- d-----w- c:\programdata\FileOpen
2010-08-08 19:58 . 2010-08-08 19:58 14846 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2010-08-08 19:57 . 2010-08-08 19:57 -------- d-----w- c:\program files\FileOpen
2010-08-05 21:01 . 2010-08-05 21:01 -------- d-----w- c:\program files\7-Zip
2010-07-28 20:14 . 2009-07-07 19:49 -------- d-----w- c:\programdata\FLEXnet
2010-07-18 21:00 . 2010-02-19 20:26 294060 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-07 13:26 . 2009-07-07 18:05 214752 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-29 10:25 . 2010-06-29 10:15 1228360 ----a-w- c:\users\Michelle\InDesign_7_LS1.exe
2010-06-26 06:05 . 2010-08-12 10:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 10:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 10:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 10:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_16.55.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-22 20:54 73546 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-07 17:58 . 2010-09-22 20:55 19782 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3795328490-2948772482-1105704417-1000_UserData.bin
- 2009-07-07 17:54 . 2010-09-22 13:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 17:54 . 2010-09-22 13:14 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-07 17:54 . 2010-09-22 13:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-07 17:54 . 2010-09-22 20:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-08 15:44 . 2010-09-22 14:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-08 15:44 . 2010-09-22 22:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-20 14:40 . 2010-09-22 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-20 14:40 . 2010-09-22 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-22 13:03 . 2010-09-22 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-22 20:45 . 2010-09-22 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2010-09-22 20:55 109246 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-09-22 20:51 612902 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-22 13:08 612902 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-22 20:51 110212 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-09-22 13:08 110212 c:\windows\System32\perfc009.dat
.
September 23rd, 2010, 02:01 AM
#14
ComboFix (Post 2 of 2 - text too long)
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2009-10-08 242688]
[HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
2009-10-08 16:20 1437184 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2009-10-08 1437184]
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-17 2065760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StupAssist.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StupAssist.lnk
backup=c:\windows\pss\StupAssist.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FujiKeyboard]
2008-09-18 09:13 79416 ----a-w- c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-03-26 05:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-02 10:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Michelle\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 135664]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-17 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-17 243024]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-17 308136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 21:41]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{DD27CBEB-6AA0-426C-BA3D-652FFABF076C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091210075554
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\gnyntiyk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 23:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-22 23:55:12
ComboFix-quarantined-files.txt 2010-09-22 22:55
ComboFix2.txt 2010-09-22 22:29
ComboFix3.txt 2010-09-22 17:25
ComboFix4.txt 2010-09-22 16:58
Pre-Run: 358,790,303,744 bytes free
Post-Run: 358,780,784,640 bytes free
- - End Of File - - 622063904F616D2928B5C6DA5822CF73
September 23rd, 2010, 02:07 AM
#15
P.S. re: ComboFix
I had to run this program 3 or 4 times due to 'user error' - i.e. i forgot to turn off one of anti-viruses, my son switched pc off etc.
Also unable to open c:\ComboFix.txt (and most other programs!) due to 'Illegal operation attempted on a registry key that has been marked for deletion' error box - is this normal??
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules