-
I've got a right media prob. DDS & SPYBOT LOGS ATTACHED
DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 22:22:09.40 on 15/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1048 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trigold\Update\TRUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://bbc.co.uk/news
uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe1.dll
uURLSearchHooks: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe1.dll
{02478d38-c3f9-4efb-9b51-7695eca05670}
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe1.dll
TB: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\MSSYSMGR.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: threesixtytraining.co.uk\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btc.webex.com/client/T25LSP41EP13-LOCKDOWN/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B5475F04-47B0-4D4E-BFE7-E842F18F1492} = 4.2.2.2,4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-23 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-23 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-23 242896]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-23 308064]
R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-8 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936]
R2 TRUService;TrigoldCrystal Update Service;c:\program files\trigold\update\TRUService.exe [2009-10-31 135816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\plcnd532.sys --> c:\windows\system32\drivers\PLCND532.sys [?]
=============== Created Last 30 ================
2010-06-10 20:19:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 19:50:30 0 d-----w- c:\windows\system32\LogFiles
2010-06-09 19:50:03 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-06-05 20:42:53 0 d-----w- c:\windows\system32\XPSViewer
2010-06-05 20:42:12 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-05 20:42:12 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-05 20:42:12 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-05 20:42:12 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-05 20:42:12 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-05 20:42:12 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-05 20:42:12 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-05 15:38:59 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-06-05 14:12:10 0 d-sh--w- c:\documents and settings\admin\IETldCache
2010-06-05 14:00:08 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-05 13:59:56 0 d-----w- c:\windows\ie8updates
2010-06-05 13:59:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-05 13:59:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-05 13:58:14 0 dc-h--w- c:\windows\ie8
2010-06-05 12:56:25 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-06-05 12:55:10 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-06-05 12:23:09 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-29 09:09:06 0 d-----w- c:\program files\NETGEAR XAV101 Configuration Utility
2010-05-28 12:13:13 0 d-s---w- C:\ComboFix
2010-05-24 21:51:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 21:51:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 23:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-23 23:14:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 22:44:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 22:43:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 22:43:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 22:43:47 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-19 19:38:57 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-19 19:38:49 40960 ----a-w- c:\windows\system32\F5D7051.dll
2010-05-19 19:38:49 29184 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2010-05-19 19:38:49 13824 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2010-05-19 19:38:47 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-19 19:38:47 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-19 19:38:47 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-19 19:38:46 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2010-05-19 19:38:46 0 d-----w- c:\program files\Belkin
==================== Find3M ====================
2010-05-14 12:00:54 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-05-06 17:43:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 10:05:36 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 22:22:51.01 ===============
SPYBOT
--- Report generated: 2010-06-06 15:33 ---
Right Media: Tracking cookie (Internet Explorer: Admin) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-04-22 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-05-25 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-05-25 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-05-25 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-05-25 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-05-25 Includes\Malware.sbi (*)
2010-05-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-05-18 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-05-25 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-05-25 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-05-26 Includes\Trojans.sbi (*)
2010-05-25 Includes\TrojansC-02.sbi (*)
2010-05-25 Includes\TrojansC-03.sbi (*)
2010-05-25 Includes\TrojansC-04.sbi (*)
2010-05-25 Includes\TrojansC-05.sbi (*)
2010-05-25 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
km2357 was helping me before but due to my inactivity it got archived. Apologies
http://forums.spybot.info/showthread...087#post373087
-
Cookies aren't really much you have to be concerned about. They can be controlled somewhat from within settings in your browser.
To help show all files:
FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
Next: navigate to c:\windows\system32\
see if you can find this file:
winsys2.exe
If so go to the link below and using the browse button find the file again on your computer. Click on it and select open, then click the send button to upload the file.
http://www.bleepingcomputer.com/subm...php?channel=67
-
Unable to do above as page does not load up. I have noticed my computer is working slowly and some sites taking ages to load up or don't load up at all. I know its not my ISP cos I can browse perfectly fine when I use my laptop wirelessly
-
I've managed to do above finally got the site to open and uploaded the file as it was presetn winsys. What do I do now?
-
I did not receive the file (winsys2.exe) We will get another download to use. Its called combofix. Appears you have already used it. You can use a utility to remove it then get a new copy. Its updated often. Also read the guide first then apply the directions on your own machine.
To remove current copy of combofix:
Please download OTCleanIt and save it to desktop.
http://oldtimer.geekstogo.com/OTC.exe
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Current version of combofix:
Guide to using Combofix
Post the combofix log in your reply
-
ComboFix 10-06-29.02 - Admin 29/06/2010 22:10:33.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1344 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.
2010-06-21 21:10 . 2010-06-21 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
2010-06-21 21:10 . 2010-06-21 21:10 -------- d-----w- c:\program files\IObit
2010-06-18 22:05 . 2010-06-21 07:31 -------- d-----w- C:\$AVG8.VAULT$
2010-06-18 09:37 . 2010-06-17 22:03 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2010-06-17 22:03 . 2010-06-17 22:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-17 22:03 . 2010-06-17 22:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-17 22:03 . 2010-06-17 22:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-17 22:03 . 2010-06-27 08:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 22:03 . 2010-06-17 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-10 20:19 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 19:50 . 2010-06-09 19:50 -------- d-----w- c:\windows\system32\LogFiles
2010-06-09 19:50 . 2010-06-09 19:50 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-05 20:42 . 2010-06-05 20:42 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-05 20:42 . 2010-06-05 20:42 -------- d-----w- c:\program files\MSBuild
2010-06-05 20:42 . 2010-06-05 20:42 -------- d-----w- c:\program files\Reference Assemblies
2010-06-05 20:42 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-06-05 20:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-05 20:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-05 20:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-05 20:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-05 20:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-05 20:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-05 20:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-05 20:42 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-06-05 15:38 . 2010-06-05 15:38 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-06-05 14:12 . 2010-06-05 14:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-05 14:12 . 2010-06-05 14:12 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2010-06-05 14:00 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-05 13:59 . 2010-06-05 13:59 -------- d-----w- c:\windows\ie8updates
2010-06-05 13:59 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-05 13:59 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-05 13:58 . 2010-06-05 13:59 -------- dc-h--w- c:\windows\ie8
2010-06-05 12:56 . 2010-06-05 12:56 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-06-05 12:55 . 2010-06-05 12:55 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-06-05 12:23 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 21:03 . 2009-11-12 17:43 -------- d-----w- c:\documents and settings\Admin\Application Data\HPAppData
2010-06-29 20:58 . 2008-08-13 11:35 87248 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:01 . 2010-05-08 13:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 14:45 . 2009-11-06 14:55 -------- d-----w- c:\program files\Common Files\F1
2010-06-21 21:23 . 2008-10-21 18:53 -------- d-----w- c:\program files\Motorola Phone Tools
2010-06-21 21:23 . 2008-08-14 20:32 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-06-17 22:03 . 2010-04-22 23:02 -------- d-----w- c:\program files\AVG
2010-06-12 21:52 . 2010-05-08 14:02 -------- d-----w- c:\documents and settings\Admin\Application Data\Registry Mechanic
2010-06-05 12:56 . 2009-11-03 18:53 -------- d-----w- c:\program files\Microsoft SQL Server
2010-05-29 10:41 . 2010-05-29 09:09 -------- d-----w- c:\program files\NETGEAR XAV101 Configuration Utility
2010-05-25 09:06 . 2010-05-25 09:06 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-245eaaef-n\msvcp71.dll
2010-05-25 09:06 . 2010-05-25 09:06 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-245eaaef-n\jmc.dll
2010-05-25 09:06 . 2010-05-25 09:06 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bc4112e-n\decora-sse.dll
2010-05-25 09:06 . 2010-05-25 09:06 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-245eaaef-n\msvcr71.dll
2010-05-25 09:06 . 2010-05-25 09:06 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1bc4112e-n\decora-d3d.dll
2010-05-24 21:51 . 2010-04-26 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 23:14 . 2010-05-23 23:14 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 23:14 . 2010-05-23 23:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 23:14 . 2010-05-23 23:14 -------- d-----w- c:\program files\Java
2010-05-19 19:38 . 2010-05-19 19:38 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-19 19:38 . 2010-05-19 19:38 -------- d-----w- c:\program files\Belkin
2010-05-14 17:57 . 2009-03-05 16:44 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
2010-05-14 12:00 . 2004-08-04 12:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-05-11 10:06 . 2010-01-03 17:26 -------- d-----w- c:\program files\W1zardm0ds.co.uk
2010-05-10 08:58 . 2010-05-09 20:45 -------- d-----w- c:\program files\CleanMyPC Popup Blocker
2010-05-08 13:47 . 2010-05-08 13:47 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-08 13:32 . 2010-04-28 18:00 -------- d-----w- c:\documents and settings\Admin\Application Data\Sammsoft
2010-05-08 09:52 . 2010-05-06 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2010-05-07 19:10 . 2008-08-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-07 19:09 . 2010-05-06 17:41 -------- d-----w- c:\program files\Lavasoft
2010-05-07 15:16 . 2010-05-07 15:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-05-06 18:31 . 2008-08-14 19:58 -------- d-----w- c:\program files\thechatterbox.cc
2010-05-06 17:43 . 2010-05-06 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-05-24 21:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-05-24 21:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 12:55 . 2010-04-23 12:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 12:55 . 2010-04-23 12:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-20 10:05 . 2008-08-13 19:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2010-05-28 2515552]
"{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
2010-05-28 12:07 2515552 ----a-w- c:\program files\thechatterbox.cc\tbthe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813cf69b-bebf-423d-9936-eb451ffab26f}]
2010-05-11 10:06 2515552 ----a-w- c:\program files\W1zardm0ds.co.uk\tbW1z0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2010-05-28 2515552]
"{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe1.dll" [2010-05-28 2515552]
"{813CF69B-BEBF-423D-9936-EB451FFAB26F}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
[HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE" [2005-02-26 212992]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-06-18 2046816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-17 22:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/06/2010 23:03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/06/2010 23:03 108552]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [07/06/2010 18:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/06/2010 18:07 166632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/06/2010 23:03 297752]
R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/05/2010 14:47 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/06/2010 18:07 840936]
R2 TRUService;TrigoldCrystal Update Service;c:\program files\Trigold\Update\TRUService.exe [31/10/2009 20:02 135816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2010 21:04 136176]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys --> c:\windows\system32\Drivers\PLCND532.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-11-18 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-18 13:53]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]
2010-06-29 c:\windows\Tasks\User_Feed_Synchronization-{68DFDEC6-2F83-4F60-8D66-BF7C129A124A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bbc.co.uk/news
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B5475F04-47B0-4D4E-BFE7-E842F18F1492} = 4.2.2.2,4.2.2.1
DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-PremierBuilder - Test Insurer - Legal & General GIology - c:\program files\Legal & General\GIology\GIology
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 22:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(17036)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-06-29 22:24:57
ComboFix-quarantined-files.txt 2010-06-29 21:24
Pre-Run: 89,065,046,016 bytes free
Post-Run: 89,079,562,240 bytes free
- - End Of File - - 59353DA016D4BA9C1EC874A957C7BD0E
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules