View Full Version : Infected
fcabanski
2009-05-03, 08:14
I can't go to most vanti virus software web sites like spybot's, I can't install spybot, it cannot connect to the server, and it seems the virus is blocking installing other software such as AVG.
Kaspersky installs but when run gives an error, as do others like Malwarebytes.
"Malwarebytes anti-malware has stopped working.
"A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
Here is the HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:37 AM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3}: NameServer = 85.255.112.192,85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA859631-21FD-4801-89A5-40B9F001A94B}: NameServer = 85.255.112.192,85.255.112.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.192,85.255.112.25
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.192,85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.192,85.255.112.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 4967 bytes
Hi fcabanski,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
fcabanski
2009-05-04, 21:39
Here is attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 12:48:36 PM
System Uptime: 5/3/2009 5:56:09 PM (20 hours ago)
Motherboard: Gateway | | RTL
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1600/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 108.838 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP23: 4/23/2009 11:52:27 PM - Installed Java(TM) 6 Update 13
RP24: 4/24/2009 2:00:27 PM - Scheduled Checkpoint
RP25: 4/25/2009 2:51:25 PM - Scheduled Checkpoint
RP26: 4/26/2009 5:15:36 AM - Scheduled Checkpoint
RP27: 4/26/2009 9:26:31 PM - Scheduled Checkpoint
RP28: 4/27/2009 3:40:56 PM - Windows Update
RP29: 4/28/2009 2:10:21 PM - Scheduled Checkpoint
RP30: 4/28/2009 10:55:28 PM - Installed Windows Media Player Firefox Plugin
RP31: 4/30/2009 2:58:28 AM - Scheduled Checkpoint
RP32: 4/30/2009 11:51:23 PM - Windows Update
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Creative Suite 4 Web Premium
Adobe CS4 American English Speech Analysis Models
Adobe Dynamiclink Support
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Setup
Adobe Soundbooth CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Belarc Advisor 7.2
ffdshow [rev 1723] [2007-12-24]
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Kaspersky Anti-Virus 2009
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
OpenOffice.org 3.0
REALTEK RTL8187B Wireless LAN Driver
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
TVersity Codec Pack 1.2
TVersity Media Server 1.5 Beta
US122 Driver 3.40
VLC media player 0.9.9
Windows Media Player Firefox Plugin
WinRAR archiver
==== Event Viewer Messages From Past Week ========
5/3/2009 5:58:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while
waiting for the Kaspersky Anti-Virus service to connect.
5/3/2009 5:58:10 PM, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus service failed to start due
to the following error: The service did not respond to the start or control request in a timely fashion.
5/3/2009 5:56:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:36:20 PM on 5/3/2009 was
unexpected.
5/3/2009 4:17:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while
waiting for a transaction response from the PlugPlay service.
5/2/2009 9:15:25 PM, Error: EventLog [6008] - The previous system shutdown at 6:26:16 PM on 5/2/2009 was
unexpected.
5/2/2009 6:19:50 PM, Error: Service Control Manager [7000] - The AVG Free On-access Scanner Minifilter Driver x86
service failed to start due to the following error: The system cannot find message text for message number 0xAVG
Free On-access Scanner Minifilter Driver x86 in the message file for The system cannot find message text for
message number 0x%1 in the message file for %2..
5/2/2009 10:06:30 PM, Error: Service Control Manager [7000] - The Kaspersky Lab Driver service failed to start due
to the following error: The system cannot find message text for message number 0xKaspersky Lab Driver in the
message file for The system cannot find message text for message number 0x%1 in the message file for %2..
4/28/2009 2:49:41 PM, Error: Service Control Manager [7000] - The BANTExt service failed to start due to the
following error: The system cannot find the file specified.
4/27/2009 8:49:34 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due
to the following error: The service cannot be started, either because it is disabled or because it has no enabled
devices associated with it.
4/27/2009 8:40:20 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated
unexpectedly. It has done this 1 time(s).
4/27/2009 6:40:11 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the
Network Card with network address 00164479AFFD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent
a DHCPNACK message).
4/27/2009 12:28:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings
do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-
A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This
security permission can be modified using the Component Services administrative tool.
4/27/2009 12:24:49 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown
error '0x80004004'. The best proximity time detected was -1 milliseconds.
==== End Of File ===========================
Here is DDS
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 13:37:18.44 on Mon 05/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.862 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3
\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.192,85.255.112.25
TCP: {842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3} = 85.255.112.192,85.255.112.25
TCP: {FA859631-21FD-4801-89A5-40B9F001A94B} = 85.255.112.192,85.255.112.25
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-1-13 346112]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2009-4-23 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2009-4-23 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2009-4-23 39168]
=============== Created Last 30 ================
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-03 00:09 <DIR> --d----- c:\program files\Trend Micro
2009-05-02 22:07 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-05-02 22:07 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-05-02 22:06 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-05-02 22:00 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-05-02 22:00 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-05-02 21:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-02 21:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 21:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-02 21:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-02 21:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-02 21:49 <DIR> --d----- c:\users\owner\appdata\roaming\QuickScan
2009-05-02 18:24 <DIR> a-d----- c:\programdata\TEMP
2009-05-02 10:01 322 ---shr-- C:\autorun.inf
2009-05-01 20:45 7 a------- c:\windows\sbacknt.bin
2009-05-01 20:24 <DIR> --d----- c:\program files\common files\Totem Shared
2009-04-24 00:13 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-04-24 00:13 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-04-24 00:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-04-24 00:13 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 00:13 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-24 00:13 <DIR> --d----- c:\program files\ffdshow
2009-04-24 00:13 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-04-24 00:12 <DIR> --d----- c:\program files\TVersity
2009-04-23 23:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-23 21:10 163,485,837 a------- c:\windows\MEMORY.DMP
2009-04-23 20:52 471,040 a------- c:\windows\system32\US122cp.cpl
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A24.dll
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A16.dll
2009-04-23 20:52 131,968 a------- c:\windows\system32\drivers\US122.sys
2009-04-23 20:52 39,168 a------- c:\windows\system32\drivers\US122Wdm.sys
2009-04-23 20:52 18,304 a------- c:\windows\system32\drivers\US122DL.sys
2009-04-23 20:52 <DIR> --d----- c:\program files\US122
2009-04-23 13:14 <DIR> --d----- c:\programdata\FLEXnet
2009-04-23 13:08 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-04-23 11:56 763 a------- c:\windows\Setup_ver1.1497.0.exe
2009-04-23 11:48 <DIR> --d----- c:\programdata\Adobe
2009-04-23 11:11 <DIR> --d----- c:\users\owner\appdata\roaming\OpenOffice.org
2009-04-23 11:08 <DIR> --d----- c:\program files\JRE
2009-04-23 11:08 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-22 23:27 <DIR> --d----- c:\program files\VideoLAN
2009-04-22 19:39 <DIR> --d----- c:\program files\Belarc
2009-04-16 13:57 <DIR> --d----- c:\windows\system32\x64
2009-04-16 13:52 2,048 a------- c:\windows\system32\tzres.dll
2009-04-16 13:43 <DIR> --d----- c:\windows\Panther
2009-04-16 13:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-04-16 13:43 333,203 a--shr-- C:\bootmgr
2009-04-16 13:43 <DIR> --dsh--- C:\Boot
2009-04-16 13:42 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-04-16 13:42 <DIR> --d----- c:\windows\system32\OEM
2009-04-16 13:36 <DIR> --dsh--- c:\windows\Installer
2009-04-16 13:33 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-16 13:33 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-16 13:33 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 13:33 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-16 13:33 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-16 13:33 11,264 a------- c:\windows\system32\icardres.dll
2009-04-16 13:33 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 13:33 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-16 13:27 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-16 13:27 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-16 13:27 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-16 13:27 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-16 13:27 83,968 a------- c:\windows\system32\mscories.dll
2009-04-16 13:24 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-16 13:22 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-16 13:22 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-16 13:17 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-16 13:15 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-16 13:15 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-16 13:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-16 13:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-16 13:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-16 13:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-16 13:02 16,052 a------- c:\windows\system32\results.xml
2009-04-16 13:00 337,920 a------- c:\windows\system\rtl8187B.sys
2009-04-16 13:00 <DIR> --d----- c:\windows\OPTIONS
2009-04-16 13:00 <DIR> --d----- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-04-16 12:58 920,088 a------- c:\windows\system32\igxpun.exe
2009-04-16 12:58 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-04-16 12:58 <DIR> --d----- c:\windows\system32\Lang
2009-04-16 12:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-16 12:58 <DIR> --d----- c:\program files\Synaptics
2009-04-16 12:55 <DIR> --d----- C:\Intel
2009-04-16 12:53 <DIR> --d----- c:\users\Owner
2009-04-16 12:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
==================== Find3M ====================
2009-05-02 22:07 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-02 22:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-02 22:07 51,200 a------- c:\windows\inf\infpub.dat
2009-04-16 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-26 10:00 64,000 a------- c:\windows\system32\drivers\RTSTOR.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-06 11:06 140,800 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 08:54 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 21:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 13:38:00.02 ===============
Ok. Let's continue.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
fcabanski
2009-05-04, 22:23
After running combofix I can now reach safer-networking.org and it appears my clicks are no longer being hijacked.
Here is the combofix log:
ComboFix 09-05-03.6 - Owner 05/04/2009 14:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1137 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\recycler\S-6-2-60-100012815-100004722-100020005-9146.com
c:\windows\system32\drivers\gxvxchcuxnxcmprxboppsyfbhixrwptpiimug.sys
c:\windows\system32\gxvxcavgxbkkbiwdtepjlmxylifwndqwemvrr.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gxvxcserv.sys
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-03 22:56 . 2009-05-04 19:10 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-03 22:56 . 2009-05-04 19:10 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-03 05:09 . 2009-05-03 05:09 -------- d-----w c:\program files\Trend Micro
2009-05-03 03:07 . 2009-05-03 03:07 96976 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-03 03:07 . 2009-05-03 03:07 87855 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-03 03:06 . 2009-05-03 03:06 -------- d-----w c:\program files\Kaspersky Lab
2009-05-03 03:06 . 2009-05-03 03:07 -------- d-----w c:\programdata\Kaspersky Lab
2009-05-03 03:06 . 2009-05-03 03:07 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-05-03 03:00 . 2009-05-03 03:00 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-05-03 03:00 . 2009-05-03 03:00 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-05-03 02:51 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 02:51 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\programdata\Malwarebytes
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 02:49 . 2009-05-04 04:48 -------- d-----w c:\users\Owner\AppData\Roaming\QuickScan
2009-05-02 23:24 . 2009-05-03 02:24 -------- d---a-w c:\programdata\TEMP
2009-05-02 23:24 . 2009-05-03 02:24 -------- d---a-w c:\users\All Users\TEMP
2009-05-02 01:45 . 2009-05-02 01:46 7 ----a-w c:\windows\sbacknt.bin
2009-05-02 01:24 . 2009-05-02 01:24 -------- d-----w c:\program files\Common Files\Totem Shared
2009-04-28 02:18 . 2009-04-28 02:18 -------- d-----w c:\windows\Sun
2009-04-24 05:13 . 2007-12-24 18:47 7680 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-24 05:13 . 2007-11-29 17:52 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-04-24 05:13 . 2007-11-29 17:52 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-24 05:13 . 2007-11-29 17:52 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-24 05:13 . 2009-04-24 05:13 -------- d-----w c:\program files\ffdshow
2009-04-24 05:13 . 2009-04-24 05:14 -------- d-----w c:\program files\TVersity Codec Pack
2009-04-24 05:12 . 2009-04-24 05:12 -------- d-----w c:\program files\TVersity
2009-04-24 04:53 . 2009-04-24 04:52 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 01:52 . 2007-08-29 20:58 172032 ----a-w c:\windows\system32\U122_A24.dll
2009-04-24 01:52 . 2007-08-29 20:55 172032 ----a-w c:\windows\system32\U122_A16.dll
2009-04-24 01:52 . 2007-08-29 20:50 39168 ----a-w c:\windows\system32\drivers\US122Wdm.sys
2009-04-24 01:52 . 2007-08-29 20:50 131968 ----a-w c:\windows\system32\drivers\US122.sys
2009-04-24 01:52 . 2007-08-29 20:50 18304 ----a-w c:\windows\system32\drivers\US122DL.sys
2009-04-24 01:52 . 2009-04-24 01:52 -------- d-----w c:\program files\US122
2009-04-23 22:55 . 2009-04-23 22:55 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-23 18:14 . 2009-04-23 18:14 -------- d-----w c:\programdata\FLEXnet
2009-04-23 18:14 . 2009-04-23 18:14 -------- d-----w c:\users\All Users\FLEXnet
2009-04-23 18:08 . 2009-04-23 18:08 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-23 16:56 . 2009-04-23 17:12 763 ----a-w c:\windows\Setup_ver1.1497.0.exe
2009-04-23 16:52 . 2009-04-23 18:48 -------- d-----w c:\users\Owner\AppData\Local\Adobe
2009-04-23 16:48 . 2009-04-23 18:10 -------- d-----w c:\users\All Users\Adobe
2009-04-23 16:47 . 2009-04-23 18:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 16:11 . 2009-04-23 16:11 -------- d-----w c:\users\Owner\AppData\Roaming\OpenOffice.org
2009-04-23 16:08 . 2009-04-23 16:08 -------- d-----w c:\program files\JRE
2009-04-23 16:08 . 2009-04-23 16:08 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-23 16:06 . 2009-04-24 04:52 -------- d-----w c:\program files\Java
2009-04-23 16:06 . 2009-04-23 16:06 -------- d-----w c:\program files\Common Files\Java
2009-04-23 04:28 . 2009-04-23 05:03 -------- d-----w c:\users\Owner\AppData\Roaming\vlc
2009-04-23 04:27 . 2009-04-23 04:27 -------- d-----w c:\program files\VideoLAN
2009-04-23 03:31 . 2009-04-23 03:31 -------- d-----w c:\users\Owner\AppData\Local\Mozilla
2009-04-23 01:13 . 2009-04-23 01:13 -------- d-----w c:\users\Owner\AppData\Local\MigWiz
2009-04-23 00:39 . 2009-04-23 00:39 -------- d-----w c:\program files\Belarc
2009-04-22 23:20 . 2009-04-23 01:12 -------- d-----w c:\windows\system32\Macromed
2009-04-16 18:52 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-16 18:43 . 2009-04-16 17:48 -------- d-----w c:\windows\Panther
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-sh--w C:\Boot
2009-04-16 18:42 . 2009-04-16 18:42 -------- d-----w c:\windows\system32\OEM
2009-04-16 18:36 . 2009-05-03 03:07 -------- d-sh--w c:\windows\Installer
2009-04-16 18:33 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-16 18:33 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 18:33 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-16 18:33 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-16 18:33 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-16 18:33 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 18:33 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-16 18:27 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-16 18:27 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-16 18:27 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-16 18:27 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-16 18:27 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-16 18:24 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-16 18:22 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-16 18:22 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-04-16 18:17 . 2008-04-26 08:08 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-16 18:15 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-16 18:15 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-16 18:10 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-16 18:10 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-04-16 18:10 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-04-16 18:10 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-04-16 18:10 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-16 18:10 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-04-16 18:10 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-16 18:10 . 2008-10-16 20:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-04-16 18:10 . 2008-10-16 21:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-04-16 18:00 . 2008-06-26 16:25 337920 ----a-w c:\windows\system\rtl8187B.sys
2009-04-16 18:00 . 2009-04-16 18:00 -------- d-----w c:\windows\OPTIONS
2009-04-16 18:00 . 2009-04-16 18:00 -------- d-----w c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-04-16 18:00 . 2009-04-16 18:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 17:59 . 2009-04-16 17:59 -------- d-----w c:\users\Owner\AppData\Roaming\InstallShield
2009-04-16 17:58 . 2009-04-16 17:58 -------- d-----w c:\windows\system32\Lang
2009-04-16 17:58 . 2006-11-10 23:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-04-16 17:58 . 2008-02-12 03:13 920088 ----a-w c:\windows\system32\igxpun.exe
2009-04-16 17:58 . 2009-04-16 17:58 -------- d-----w c:\program files\Synaptics
2009-04-16 17:55 . 2009-04-16 17:55 -------- d-----w c:\program files\Intel
2009-04-16 17:55 . 2009-04-16 18:00 -------- d-----w C:\Intel
2009-04-16 17:53 . 2009-05-03 03:07 -------- d-----w c:\users\Owner
2009-04-16 17:51 . 2009-04-16 17:51 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
2009-04-16 17:51 . 2009-04-23 18:47 -------- d-----w c:\windows\Debug
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 19:10 . 2009-05-03 22:56 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-04 19:10 . 2009-05-03 22:56 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-03 03:07 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-03 03:07 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-03 03:07 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-23 18:15 . 2009-04-16 17:54 52776 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 19:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 19:07 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 17:58 . 2009-04-16 17:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-16 17:54 . 2009-04-16 17:54 680 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-04-16 17:48 . 2009-04-16 17:48 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-26 15:00 . 2009-03-26 15:00 64000 ----a-w c:\windows\system32\drivers\RTSTOR.sys
2009-03-17 03:38 . 2009-04-16 18:21 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:21 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-06 16:06 . 2009-03-06 16:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 13:54 . 2009-03-05 13:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 04:46 . 2009-04-16 18:21 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 18:21 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 18:20 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 18:21 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 18:21 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 18:21 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 18:20 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 18:21 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 18:21 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 18:21 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 18:21 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 18:21 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 18:20 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 18:21 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 18:21 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-12 206088]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EDFCB82C-0F85-4174-8D91-EF25DBBF08B5}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{9A07EEEB-094A-427C-9A17-0C1479D7134D}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"TCP Query User{B6E96AEE-66D9-4AB2-B61F-88B8565F8C8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3D87AC95-7BB9-45B6-9507-72EB9C528A52}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122.sys [2007-08-29 131968]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DL.sys [2007-08-29 18304]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdm.sys [2007-08-29 39168]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 14:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-04 14:17
ComboFix-quarantined-files.txt 2009-05-04 19:17
Pre-Run: 116,492,193,792 bytes free
Post-Run: 116,568,469,504 bytes free
226 --- E O F --- 2009-05-01 04:51
And the new DDS Log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:22:07.77 on Mon 05/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1124 [GMT -5:00]
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\Explorer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-1-13 346112]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2009-4-23 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2009-4-23 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2009-4-23 39168]
=============== Created Last 30 ================
2009-05-04 14:06 161,792 a------- c:\windows\SWREG.exe
2009-05-04 14:06 98,816 a------- c:\windows\sed.exe
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-03 17:56 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-03 00:09 <DIR> --d----- c:\program files\Trend Micro
2009-05-02 22:07 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-05-02 22:07 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-05-02 22:06 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-05-02 22:00 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-05-02 22:00 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-05-02 21:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-02 21:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 21:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-02 21:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-02 21:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-02 21:49 <DIR> --d----- c:\users\owner\appdata\roaming\QuickScan
2009-05-02 18:24 <DIR> a-d----- c:\programdata\TEMP
2009-05-01 20:45 7 a------- c:\windows\sbacknt.bin
2009-05-01 20:24 <DIR> --d----- c:\program files\common files\Totem Shared
2009-04-24 00:13 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-04-24 00:13 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-04-24 00:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-04-24 00:13 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 00:13 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-24 00:13 <DIR> --d----- c:\program files\ffdshow
2009-04-24 00:13 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-04-24 00:12 <DIR> --d----- c:\program files\TVersity
2009-04-23 23:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-23 21:10 163,485,837 a------- c:\windows\MEMORY.DMP
2009-04-23 20:52 471,040 a------- c:\windows\system32\US122cp.cpl
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A24.dll
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A16.dll
2009-04-23 20:52 131,968 a------- c:\windows\system32\drivers\US122.sys
2009-04-23 20:52 39,168 a------- c:\windows\system32\drivers\US122Wdm.sys
2009-04-23 20:52 18,304 a------- c:\windows\system32\drivers\US122DL.sys
2009-04-23 20:52 <DIR> --d----- c:\program files\US122
2009-04-23 13:14 <DIR> --d----- c:\programdata\FLEXnet
2009-04-23 13:08 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-04-23 11:56 763 a------- c:\windows\Setup_ver1.1497.0.exe
2009-04-23 11:48 <DIR> --d----- c:\programdata\Adobe
2009-04-23 11:11 <DIR> --d----- c:\users\owner\appdata\roaming\OpenOffice.org
2009-04-23 11:08 <DIR> --d----- c:\program files\JRE
2009-04-23 11:08 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-22 23:27 <DIR> --d----- c:\program files\VideoLAN
2009-04-22 19:39 <DIR> --d----- c:\program files\Belarc
2009-04-16 13:52 2,048 a------- c:\windows\system32\tzres.dll
2009-04-16 13:43 <DIR> --d----- c:\windows\Panther
2009-04-16 13:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-04-16 13:43 333,203 a--shr-- C:\bootmgr
2009-04-16 13:43 <DIR> --dsh--- C:\Boot
2009-04-16 13:42 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-04-16 13:42 <DIR> --d----- c:\windows\system32\OEM
2009-04-16 13:36 <DIR> --dsh--- c:\windows\Installer
2009-04-16 13:33 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-16 13:33 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-16 13:33 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 13:33 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-16 13:33 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-16 13:33 11,264 a------- c:\windows\system32\icardres.dll
2009-04-16 13:33 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 13:33 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-16 13:27 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-16 13:27 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-16 13:27 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-16 13:27 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-16 13:27 83,968 a------- c:\windows\system32\mscories.dll
2009-04-16 13:24 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-16 13:22 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-16 13:22 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-16 13:17 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-16 13:15 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-16 13:15 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-16 13:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-16 13:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-16 13:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-16 13:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-16 13:02 16,052 a------- c:\windows\system32\results.xml
2009-04-16 13:00 337,920 a------- c:\windows\system\rtl8187B.sys
2009-04-16 13:00 <DIR> --d----- c:\windows\OPTIONS
2009-04-16 13:00 <DIR> --d----- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-04-16 12:58 920,088 a------- c:\windows\system32\igxpun.exe
2009-04-16 12:58 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-04-16 12:58 <DIR> --d----- c:\windows\system32\Lang
2009-04-16 12:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-16 12:58 <DIR> --d----- c:\program files\Synaptics
2009-04-16 12:55 <DIR> --d----- C:\Intel
2009-04-16 12:53 <DIR> --d----- c:\users\Owner
2009-04-16 12:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
==================== Find3M ====================
2009-05-02 22:07 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-02 22:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-02 22:07 51,200 a------- c:\windows\inf\infpub.dat
2009-04-16 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-26 10:00 64,000 a------- c:\windows\system32\drivers\RTSTOR.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-06 11:06 140,800 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 08:54 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 21:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 14:22:38.52 ===============
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Uninstall vulnerable Java 6 Update 7.
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!
Upload following file to http://www.virustotal.com and post back the results:
c:\windows\Setup_ver1.1497.0.exe
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\sbacknt.bin
FileLook::
c:\windows\Setup_ver1.1497.0.exe
Folder::
c:\program files\utorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B6E96AEE-66D9-4AB2-B61F-88B8565F8C8A}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{3D87AC95-7BB9-45B6-9507-72EB9C528A52}c:\\program files\\utorrent\\utorrent.exe"=-
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
fcabanski
2009-05-06, 08:07
utorrent had been installed, but I uninstalled it when the problem occurred, before running any of the scans. Not sure why it's still appearing - it is no longer present in the programs and features list.
Here is the result of virustotal - 0/40 infected. I am running the other steps.
File Setup_ver1.1497.0.exe received on 05.06.2009 07:03:46 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.06 -
AhnLab-V3 5.0.0.2 2009.05.05 -
AntiVir 7.9.0.160 2009.05.05 -
Antiy-AVL 2.0.3.1 2009.05.05 -
Authentium 5.1.2.4 2009.05.06 -
Avast 4.8.1335.0 2009.05.05 -
AVG 8.5.0.327 2009.05.05 -
BitDefender 7.2 2009.05.06 -
CAT-QuickHeal 10.00 2009.05.05 -
ClamAV 0.94.1 2009.05.06 -
Comodo 1151 2009.05.05 -
DrWeb 5.0.0.12182 2009.05.06 -
eSafe 7.0.17.0 2009.05.05 -
eTrust-Vet 31.6.6490 2009.05.05 -
F-Prot 4.4.4.56 2009.05.05 -
F-Secure 8.0.14470.0 2009.05.06 -
Fortinet 3.117.0.0 2009.05.06 -
GData 19 2009.05.06 -
Ikarus T3.1.1.49.0 2009.05.06 -
K7AntiVirus 7.10.723 2009.05.05 -
Kaspersky 7.0.0.125 2009.05.06 -
McAfee 5606 2009.05.05 -
McAfee+Artemis 5606 2009.05.05 -
McAfee-GW-Edition 6.7.6 2009.05.06 -
Microsoft 1.4602 2009.05.06 -
NOD32 4054 2009.05.05 -
Norman 6.01.05 2009.05.05 -
nProtect 2009.1.8.0 2009.05.06 -
Panda 10.0.0.14 2009.05.05 -
PCTools 4.4.2.0 2009.05.05 -
Prevx1 3.0 2009.05.06 -
Rising 21.28.20.00 2009.05.06 -
Sophos 4.41.0 2009.05.06 -
Sunbelt 3.2.1858.2 2009.05.06 -
Symantec 1.4.4.12 2009.05.06 -
TheHacker 6.3.4.1.319 2009.05.05 -
TrendMicro 8.950.0.1092 2009.05.06 -
VBA32 3.12.10.4 2009.05.05 -
ViRobot 2009.5.6.1720 2009.05.06 -
VirusBuster 4.6.5.0 2009.05.05 -
Additional information
File size: 763 bytes
MD5...: 43ddf5f1cd1fcd80f243fbc2d38ac490
SHA1..: f7139b81035742ee725885d3cd8f5e433d655a5f
SHA256: 5c8e7eaa664827ba1f72e9d77f8e55c328a7c2443aaeee7072d098eb61ac7cfa
SHA512: 557d93d2e6dc214bd0e49d3a0d49a973df5fb26efe74273fa01832be28447c94
66ca6653a7169eee25427d8bf5d9b0b67f825e0d7d2060f5fc77131f33df397e
ssdeep: 12:YqX71sH6QclfVIXbsx0sDY0wXVEXVXMaqSMG4k9yHPuvoy6sjJNEXVXMaqSMG
4k1:Vqsq4xMTFuZpMG4kQHPuvorsjJNuZpMo
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
fcabanski
2009-05-06, 08:21
ComboFix 09-05-05.03 - Owner 05/06/2009 0:10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1111 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\cfscript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FILE ::
c:\windows\sbacknt.bin
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\sbacknt.bin
.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-05-03 22:56 . 2009-05-05 18:09 131104 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-03 22:56 . 2009-05-05 23:24 917536 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-03 05:09 . 2009-05-03 05:09 -------- d-----w c:\program files\Trend Micro
2009-05-03 03:07 . 2009-05-05 18:01 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-03 03:07 . 2009-05-05 18:01 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-03 03:06 . 2009-05-03 03:06 -------- d-----w c:\program files\Kaspersky Lab
2009-05-03 03:06 . 2009-05-03 03:07 -------- d-----w c:\programdata\Kaspersky Lab
2009-05-03 03:06 . 2009-05-03 03:07 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-05-03 03:00 . 2009-05-03 03:00 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-05-03 03:00 . 2009-05-03 03:00 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-05-03 02:51 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 02:51 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\programdata\Malwarebytes
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 02:51 . 2009-05-03 02:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 02:49 . 2009-05-04 04:48 -------- d-----w c:\users\Owner\AppData\Roaming\QuickScan
2009-05-02 23:24 . 2009-05-03 02:24 -------- d---a-w c:\programdata\TEMP
2009-05-02 23:24 . 2009-05-03 02:24 -------- d---a-w c:\users\All Users\TEMP
2009-05-02 01:24 . 2009-05-02 01:24 -------- d-----w c:\program files\Common Files\Totem Shared
2009-04-28 02:18 . 2009-04-28 02:18 -------- d-----w c:\windows\Sun
2009-04-24 05:13 . 2007-12-24 18:47 7680 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-24 05:13 . 2007-11-29 17:52 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-04-24 05:13 . 2007-11-29 17:52 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-24 05:13 . 2007-11-29 17:52 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-24 05:13 . 2009-04-24 05:13 -------- d-----w c:\program files\ffdshow
2009-04-24 05:13 . 2009-04-24 05:14 -------- d-----w c:\program files\TVersity Codec Pack
2009-04-24 05:12 . 2009-04-24 05:12 -------- d-----w c:\program files\TVersity
2009-04-24 04:53 . 2009-04-24 04:52 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 01:52 . 2007-08-29 20:58 172032 ----a-w c:\windows\system32\U122_A24.dll
2009-04-24 01:52 . 2007-08-29 20:55 172032 ----a-w c:\windows\system32\U122_A16.dll
2009-04-24 01:52 . 2007-08-29 20:50 39168 ----a-w c:\windows\system32\drivers\US122Wdm.sys
2009-04-24 01:52 . 2007-08-29 20:50 131968 ----a-w c:\windows\system32\drivers\US122.sys
2009-04-24 01:52 . 2007-08-29 20:50 18304 ----a-w c:\windows\system32\drivers\US122DL.sys
2009-04-24 01:52 . 2009-04-24 01:52 -------- d-----w c:\program files\US122
2009-04-23 22:55 . 2009-04-23 22:55 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-23 18:14 . 2009-04-23 18:14 -------- d-----w c:\programdata\FLEXnet
2009-04-23 18:14 . 2009-04-23 18:14 -------- d-----w c:\users\All Users\FLEXnet
2009-04-23 18:08 . 2009-04-23 18:08 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-23 16:56 . 2009-04-23 17:12 763 ----a-w c:\windows\Setup_ver1.1497.0.exe
2009-04-23 16:52 . 2009-04-23 18:48 -------- d-----w c:\users\Owner\AppData\Local\Adobe
2009-04-23 16:48 . 2009-04-23 18:10 -------- d-----w c:\users\All Users\Adobe
2009-04-23 16:47 . 2009-04-23 18:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 16:11 . 2009-04-23 16:11 -------- d-----w c:\users\Owner\AppData\Roaming\OpenOffice.org
2009-04-23 16:08 . 2009-04-23 16:08 -------- d-----w c:\program files\JRE
2009-04-23 16:08 . 2009-04-23 16:08 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-23 16:06 . 2009-05-06 05:01 -------- d-----w c:\program files\Java
2009-04-23 16:06 . 2009-04-23 16:06 -------- d-----w c:\program files\Common Files\Java
2009-04-23 04:28 . 2009-04-23 05:03 -------- d-----w c:\users\Owner\AppData\Roaming\vlc
2009-04-23 04:27 . 2009-04-23 04:27 -------- d-----w c:\program files\VideoLAN
2009-04-23 03:31 . 2009-04-23 03:31 -------- d-----w c:\users\Owner\AppData\Local\Mozilla
2009-04-23 01:13 . 2009-04-23 01:13 -------- d-----w c:\users\Owner\AppData\Local\MigWiz
2009-04-23 00:39 . 2009-04-23 00:39 -------- d-----w c:\program files\Belarc
2009-04-22 23:20 . 2009-04-23 01:12 -------- d-----w c:\windows\system32\Macromed
2009-04-16 18:52 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-16 18:43 . 2009-04-16 17:48 -------- d-----w c:\windows\Panther
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-sh--w C:\Boot
2009-04-16 18:42 . 2009-04-16 18:42 -------- d-----w c:\windows\system32\OEM
2009-04-16 18:36 . 2009-05-06 05:02 -------- d-sh--w c:\windows\Installer
2009-04-16 18:33 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-16 18:33 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 18:33 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-16 18:33 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-16 18:33 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-16 18:33 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 18:33 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-16 18:27 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-16 18:27 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-16 18:27 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-16 18:27 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-16 18:27 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-16 18:24 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll
2009-04-16 18:22 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-16 18:22 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-04-16 18:17 . 2008-04-26 08:08 1314816 ----a-w c:\windows\system32\quartz.dll
2009-04-16 18:15 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-16 18:15 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-04-16 18:10 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-16 18:10 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-04-16 18:10 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-04-16 18:10 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-04-16 18:10 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-16 18:10 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-04-16 18:10 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-16 18:10 . 2008-10-16 20:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-04-16 18:10 . 2008-10-16 21:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-04-16 18:00 . 2008-06-26 16:25 337920 ----a-w c:\windows\system\rtl8187B.sys
2009-04-16 18:00 . 2009-04-16 18:00 -------- d-----w c:\windows\OPTIONS
2009-04-16 18:00 . 2009-04-16 18:00 -------- d-----w c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-04-16 18:00 . 2009-04-16 18:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 17:59 . 2009-04-16 17:59 -------- d-----w c:\users\Owner\AppData\Roaming\InstallShield
2009-04-16 17:58 . 2009-04-16 17:58 -------- d-----w c:\windows\system32\Lang
2009-04-16 17:58 . 2006-11-10 23:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-04-16 17:58 . 2008-02-12 03:13 920088 ----a-w c:\windows\system32\igxpun.exe
2009-04-16 17:58 . 2009-04-16 17:58 -------- d-----w c:\program files\Synaptics
2009-04-16 17:55 . 2009-04-16 17:55 -------- d-----w c:\program files\Intel
2009-04-16 17:55 . 2009-04-16 18:00 -------- d-----w C:\Intel
2009-04-16 17:53 . 2009-05-03 03:07 -------- d-----w c:\users\Owner
2009-04-16 17:51 . 2009-04-16 17:51 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
2009-04-16 17:51 . 2009-04-23 18:47 -------- d-----w c:\windows\Debug
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 22:04 . 2009-05-03 22:56 8192 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-05 18:17 . 2009-05-03 22:56 1528 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-05 18:01 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-03 03:07 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-03 03:07 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-03 03:07 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-23 18:15 . 2009-04-16 17:54 52776 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 19:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 19:07 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-16 17:58 . 2009-04-16 17:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-16 17:54 . 2009-04-16 17:54 680 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-04-16 17:48 . 2009-04-16 17:48 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-26 15:00 . 2009-03-26 15:00 64000 ----a-w c:\windows\system32\drivers\RTSTOR.sys
2009-03-17 03:38 . 2009-04-16 18:21 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:21 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-06 16:06 . 2009-03-06 16:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 13:54 . 2009-03-05 13:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 04:46 . 2009-04-16 18:21 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 18:21 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 18:20 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 18:21 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 18:21 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 18:21 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 18:20 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 18:21 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 18:21 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 18:21 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 18:21 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 18:21 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 18:20 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 18:21 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 18:21 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Setup_ver1.1497.0.exe -- Not a PE file.
File Size: 763
Created Time: 2009-04-23 16:56
Modified Time: 2009-04-23 17:12
Accessed Time: 2009-04-23 16:56
MD5: 43DDF5F1CD1FCD80F243FBC2D38AC490
SHA: F7139B81035742EE725885D3CD8F5E433D655A5F
((((((((((((((((((((((((((((( SnapShot@2009-05-04_19.15.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-05 17:16 28884 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-05 17:16 58518 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-06 05:06 . 2009-05-06 05:06 20480 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3f1e131a-n\jogl_awt.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 57344 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5b902232-6e017e19-n\Decora-SSE.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 20480 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-58e62c21-n\gluegen-rt.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 24064 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3e0cb44c-n\Decora-D3D.dll
+ 2009-04-16 17:55 . 2009-05-05 17:16 5766 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1900823155-2928093892-1064168173-1000_UserData.bin
- 2009-05-04 19:11 . 2009-05-04 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-05 17:14 . 2009-05-05 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-04 19:11 . 2009-05-04 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-05 17:14 . 2009-05-05 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-05 17:18 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-03 23:01 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-05 17:18 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-03 23:01 101350 c:\windows\System32\perfc009.dat
+ 2009-05-03 03:06 . 2009-05-05 18:01 239120 c:\windows\System32\drivers\klif.sys
+ 2009-05-06 05:06 . 2009-05-06 05:06 114688 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3f1e131a-n\jogl_cg.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 315392 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3f1e131a-n\jogl.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 348160 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-21e66e86-n\msvcr71.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 499712 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-21e66e86-n\msvcp71.dll
+ 2009-05-06 05:06 . 2009-05-06 05:06 499712 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-21e66e86-n\jmc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-05 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EDFCB82C-0F85-4174-8D91-EF25DBBF08B5}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{9A07EEEB-094A-427C-9A17-0C1479D7134D}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 5:28 PM 20496]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [1/13/2009 11:56 AM 346112]
S3 US122;US122 Driver;c:\windows\System32\drivers\US122.sys [4/23/2009 8:52 PM 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\System32\drivers\US122DL.sys [4/23/2009 8:52 PM 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\System32\drivers\US122Wdm.sys [4/23/2009 8:52 PM 39168]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 00:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-06 0:14
ComboFix-quarantined-files.txt 2009-05-06 05:14
ComboFix2.txt 2009-05-04 19:17
Pre-Run: 120,580,149,248 bytes free
Post-Run: 120,250,519,552 bytes free
242 --- E O F --- 2009-05-05 00:03
fcabanski
2009-05-06, 11:01
Here's the new DDS:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 2:58:03.71 on Wed 05/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.924 [GMT -5:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe
C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
============= SERVICES / DRIVERS ===============
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-1-13 346112]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2009-4-23 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2009-4-23 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2009-4-23 39168]
=============== Created Last 30 ================
2009-05-06 00:08 <DIR> --d----- C:\ComboFix
2009-05-04 14:06 161,792 a------- c:\windows\SWREG.exe
2009-05-04 14:06 98,816 a------- c:\windows\sed.exe
2009-05-03 00:09 <DIR> --d----- c:\program files\Trend Micro
2009-05-02 22:06 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-02 22:06 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-05-02 22:00 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-05-02 22:00 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-05-02 21:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-02 21:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 21:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-02 21:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-02 21:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-02 21:49 <DIR> --d----- c:\users\owner\appdata\roaming\QuickScan
2009-05-02 18:24 <DIR> a-d----- c:\programdata\TEMP
2009-05-01 20:24 <DIR> --d----- c:\program files\common files\Totem Shared
2009-04-24 00:13 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-04-24 00:13 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-04-24 00:13 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-04-24 00:13 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 00:13 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-24 00:13 <DIR> --d----- c:\program files\ffdshow
2009-04-24 00:13 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-04-24 00:12 <DIR> --d----- c:\program files\TVersity
2009-04-23 23:53 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-23 21:10 163,485,837 a------- c:\windows\MEMORY.DMP
2009-04-23 20:52 471,040 a------- c:\windows\system32\US122cp.cpl
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A24.dll
2009-04-23 20:52 172,032 a------- c:\windows\system32\U122_A16.dll
2009-04-23 20:52 131,968 a------- c:\windows\system32\drivers\US122.sys
2009-04-23 20:52 39,168 a------- c:\windows\system32\drivers\US122Wdm.sys
2009-04-23 20:52 18,304 a------- c:\windows\system32\drivers\US122DL.sys
2009-04-23 20:52 <DIR> --d----- c:\program files\US122
2009-04-23 13:14 <DIR> --d----- c:\programdata\FLEXnet
2009-04-23 13:08 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-04-23 11:56 763 a------- c:\windows\Setup_ver1.1497.0.exe
2009-04-23 11:48 <DIR> --d----- c:\programdata\Adobe
2009-04-23 11:11 <DIR> --d----- c:\users\owner\appdata\roaming\OpenOffice.org
2009-04-23 11:08 <DIR> --d----- c:\program files\JRE
2009-04-23 11:08 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-22 23:27 <DIR> --d----- c:\program files\VideoLAN
2009-04-22 19:39 <DIR> --d----- c:\program files\Belarc
2009-04-16 13:52 2,048 a------- c:\windows\system32\tzres.dll
2009-04-16 13:43 <DIR> --d----- c:\windows\Panther
2009-04-16 13:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-04-16 13:43 333,203 a--shr-- C:\bootmgr
2009-04-16 13:43 <DIR> --dsh--- C:\Boot
2009-04-16 13:42 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-04-16 13:42 <DIR> --d----- c:\windows\system32\OEM
2009-04-16 13:36 <DIR> --dsh--- c:\windows\Installer
2009-04-16 13:33 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-16 13:33 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-16 13:33 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-16 13:33 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-16 13:33 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-16 13:33 11,264 a------- c:\windows\system32\icardres.dll
2009-04-16 13:33 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-16 13:33 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-16 13:27 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-16 13:27 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-16 13:27 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-16 13:27 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-16 13:27 83,968 a------- c:\windows\system32\mscories.dll
2009-04-16 13:24 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-16 13:22 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-16 13:22 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-16 13:17 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-16 13:15 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-16 13:15 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-16 13:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-16 13:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-16 13:10 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-16 13:10 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-16 13:02 16,052 a------- c:\windows\system32\results.xml
2009-04-16 13:00 337,920 a------- c:\windows\system\rtl8187B.sys
2009-04-16 13:00 <DIR> --d----- c:\windows\OPTIONS
2009-04-16 13:00 <DIR> --d----- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-04-16 12:58 920,088 a------- c:\windows\system32\igxpun.exe
2009-04-16 12:58 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-04-16 12:58 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-04-16 12:58 <DIR> --d----- c:\windows\system32\Lang
2009-04-16 12:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-16 12:58 <DIR> --d----- c:\program files\Synaptics
2009-04-16 12:55 <DIR> --d----- C:\Intel
2009-04-16 12:53 <DIR> --d----- c:\users\Owner
2009-04-16 12:48 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
==================== Find3M ====================
2009-05-06 00:26 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-06 00:26 86,016 a------- c:\windows\inf\infstor.dat
2009-05-06 00:26 51,200 a------- c:\windows\inf\infpub.dat
2009-04-16 14:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-26 10:00 64,000 a------- c:\windows\system32\drivers\RTSTOR.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-05 08:54 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 21:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 2:58:39.83 ===============
And the Kaspersky report
Wednesday, May 6, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 06, 2009 07:55:29
Records in database: 2136826
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 75474
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 00:33:04
File name Threat name Threats count
C:\Qoobox\Quarantine\C\RECYCLER\S-6-2-60-100012815-100004722-100020005-9146.com.vir Infected: Worm.Win32.AutoRun.fsy 1
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_gxvxchcuxnxcmprxboppsyfbhixrwptpiimug_.sys.zip Infected: Trojan.Win32.Tdss.abxw 1
C:\Qoobox\Quarantine\C\Windows\System32\gxvxcavgxbkkbiwdtepjlmxylifwndqwemvrr.dll.vir Infected: Trojan-Clicker.Win32.Small.aea 1
The selected area was scanned.
Seems that Kaspersky found quarantined objects only. Good. How's the system running now?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.