View Full Version : computer running really slow
sbutnaru
2009-08-26, 01:56
Hi,
My computer is running really slow and both my antivirus and spybot found nothing.
My friend also said that hes been geting all sorts of ads from me over msn.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:36 PM, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-602609370-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Dbutnaru')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230803270651
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device (apple mobile device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service (bonjour service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7359 bytes
Hi sbutnaru,
My friend also said that hes been geting all sorts of ads from me over msn.
It's possible that your MSN account has been hacked. I recommend to change its password through some non-infected system.
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
sbutnaru
2009-08-28, 02:13
GMER 1.0.15.15077 [59gpoe0e.exe] - http://www.gmer.net
Rootkit scan 2009-08-27 19:10:23
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 8A912830 ZwAlertResumeThread
SSDT 8A914830 ZwAlertThread
SSDT 8AA24E98 ZwAllocateVirtualMemory
SSDT 8A888408 ZwConnectPort
SSDT spuq.sys ZwCreateKey [0xB9EA80E0]
SSDT 8A4D7830 ZwCreateMutant
SSDT 8A8EFC70 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5A84350]
SSDT spuq.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spuq.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT 8A6A1260 ZwFreeVirtualMemory
SSDT 8A8CC830 ZwImpersonateAnonymousToken
SSDT 8A8CD830 ZwImpersonateThread
SSDT 8AA2A5B8 ZwMapViewOfSection
SSDT 8A8AD830 ZwOpenEvent
SSDT spuq.sys ZwOpenKey [0xB9EA80C0]
SSDT 8A896620 ZwOpenProcessToken
SSDT 8A9561E8 ZwOpenThreadToken
SSDT spuq.sys ZwQueryKey [0xB9EC7108]
SSDT 8A8F8270 ZwQueryValueKey
SSDT 8A906688 ZwResumeThread
SSDT 8AA78368 ZwSetContextThread
SSDT 8AA41128 ZwSetInformationProcess
SSDT 8A91C318 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5A84580]
SSDT 8A99D830 ZwSuspendProcess
SSDT 8A8E5830 ZwSuspendThread
SSDT 8A86C2E0 ZwTerminateProcess
SSDT 8A8E6830 ZwTerminateThread
SSDT 8A4E5340 ZwUnmapViewOfSection
SSDT 8A666DB8 ZwWriteVirtualMemory
INT 0x63 ? 8AA0FBF8
INT 0x73 ? 8AC9BBF8
INT 0x73 ? 8AC9BBF8
INT 0x73 ? 8AA0FBF8
INT 0x73 ? 8AC9BBF8
INT 0x83 ? 8AC9BBF8
INT 0x83 ? 8AC9BBF8
INT 0x83 ? 8AA0FBF8
INT 0x83 ? 8AC9BBF8
INT 0x94 ? 8AA0FBF8
INT 0xB4 ? 8AA0FBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC8 80504664 4 Bytes CALL 82DADBCA
? spuq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B95E78AC 5 Bytes JMP 8AA0F1D8
.text a4l33ywk.SYS B94E5384 1 Byte [20]
.text a4l33ywk.SYS B94E5384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a4l33ywk.SYS B94E53AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a4l33ywk.SYS B94E53C4 3 Bytes [00, 00, 00]
.text a4l33ywk.SYS B94E53C9 1 Byte [00]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[700] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2556] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spuq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spuq.sys
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\a4l33ywk.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AC9A1F8
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device \FileSystem\Fastfat \FatCdrom 8A67B500
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 8AA701F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AC271F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AC271F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AC271F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AC271F8
Device \Driver\usbuhci \Device\USBPDO-1 8AA701F8
Device \Driver\usbehci \Device\USBPDO-2 8AA661F8
Device \Driver\usbuhci \Device\USBPDO-3 8AA701F8
Device \Driver\usbuhci \Device\USBPDO-4 8AA701F8
Device \Driver\sptd \Device\1164620576 spuq.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 8AA701F8
Device \Driver\usbehci \Device\USBPDO-6 8AA661F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC9C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC9C1F8
Device \Driver\Cdrom \Device\CdRom0 8A9E51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC9C1F8
Device \Driver\Cdrom \Device\CdRom1 8A9E51F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-24 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A9E51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A901410
Device \Driver\NetBT \Device\NetbiosSmb 8A901410
Device \Driver\usbstor \Device\00000085 8A4DA500
Device \Driver\usbstor \Device\00000085 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{11A9B682-FC84-479C-B083-7A3093F803E1} 8A901410
Device \Driver\usbstor \Device\00000086 8A4DA500
Device \Driver\usbstor \Device\00000086 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\PCI_PNP6826 \Device\0000004f spuq.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8AA701F8
Device \Driver\usbuhci \Device\USBFDO-1 8AA701F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A8C9500
Device \Driver\usbehci \Device\USBFDO-2 8AA661F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A8C9500
Device \Driver\usbuhci \Device\USBFDO-3 8AA701F8
Device \Driver\usbuhci \Device\USBFDO-4 8AA701F8
Device \Driver\Ftdisk \Device\FtControl 8AC9C1F8
Device \Driver\usbuhci \Device\USBFDO-5 8AA701F8
Device \Driver\usbehci \Device\USBFDO-6 8AA661F8
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1 8A98B1F8
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1Port4Path0Target0Lun0 8A98B1F8
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1Port4Path0Target1Lun0 8A98B1F8
Device \Driver\a4l33ywk \Device\Scsi\a4l33ywk1Port4Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 8A67B500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A8D4500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04@ujdew 0x6E 0xED 0x1E 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001@ujdew 0x4B 0x01 0xED 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg40@ujdew 0xD3 0x1B 0x51 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg41@ujdew 0x47 0xF3 0xF4 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0xBF 0xC3 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x73 0x3F 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x64 0xC6 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x99 0x0E 0xFD 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04@ujdew 0x6E 0xED 0x1E 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001@ujdew 0x4B 0x01 0xED 0x32 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg40@ujdew 0xD3 0x1B 0x51 0x2B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0d79c293c1ed61418462e24595c90d04\00000001\jdgg41@ujdew 0x47 0xF3 0xF4 0xC8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0xBF 0xC3 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0x73 0x3F 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x64 0xC6 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x99 0x0E 0xFD 0x1D ...
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/01/2009 4:20:07 AM
System Uptime: 27/08/2009 3:01:56 AM (13 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5B
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2401/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 89.749 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 183.644 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 57.55 GiB free.
F: is Removable
H: is CDROM (CDFS)
I: is CDROM ()
J: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: IDE Controller
Device ID: PCI\VEN_197B&DEV_2363&SUBSYS_81E41043&REV_02\4&18CD42CE&0&00E4
Manufacturer:
Name: IDE Controller
PNP Device ID: PCI\VEN_197B&DEV_2363&SUBSYS_81E41043&REV_02\4&18CD42CE&0&00E4
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_81EC1043&REV_02\3&11583659&0&FB
Service:
==== System Restore Points ===================
RP137: 16/08/2009 5:08:19 AM - System Checkpoint
RP138: 17/08/2009 5:08:35 AM - System Checkpoint
RP139: 18/08/2009 6:05:51 AM - System Checkpoint
RP140: 19/08/2009 6:22:34 AM - System Checkpoint
RP141: 20/08/2009 7:22:33 AM - System Checkpoint
RP142: 20/08/2009 8:05:01 PM - Unsigned driver install
RP143: 21/08/2009 8:56:17 PM - System Checkpoint
RP144: 22/08/2009 3:00:19 AM - Software Distribution Service 3.0
RP145: 22/08/2009 10:32:59 AM - Printer Driver Microsoft XPS Document Writer Installed
RP146: 23/08/2009 1:48:12 AM - Unsigned driver install
RP147: 23/08/2009 7:16:09 PM - Removed Age of Empires III - The WarChiefs
RP148: 23/08/2009 7:19:25 PM - Removed Age of Empires III
RP149: 23/08/2009 7:26:14 PM - Removed Age of Empires III - The Asian Dynasties
RP150: 23/08/2009 7:34:14 PM - Removed Star Wars(R) Knights of the Old Republic(R) II: The Sith
RP151: 23/08/2009 7:43:47 PM - Removed Microsoft Games for Windows - LIVE
RP152: 23/08/2009 7:44:04 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP153: 23/08/2009 7:46:13 PM - Removed Marvel(TM) - Ultimate Alliance
RP154: 24/08/2009 7:51:06 PM - Restore Operation
RP155: 25/08/2009 6:17:12 PM - Installed Java(TM) 6 Update 15
RP156: 25/08/2009 6:43:09 PM - Installed QuickTime
RP157: 25/08/2009 6:48:33 PM - Installed iTunes
RP158: 25/08/2009 7:05:24 PM - Software Distribution Service 3.0
RP159: 25/08/2009 7:24:42 PM - Installed Windows XP WgaNotify.
RP160: 25/08/2009 7:27:56 PM - Software Distribution Service 3.0
RP161: 26/08/2009 8:15:45 PM - System Checkpoint
==== Installed Programs ======================
"Nero SoundTrax Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advertising Center
Aion
AirPort
ANNO 1404
Anno 1404 Bonus
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blitzkrieg 2
Bonjour
Choice Guard
COWON Media Center - jetAudio Basic
CPUID CPU-Z 1.52.1
Diablo II
DolbyFiles
Europa Universalis III - Complete
Fallout 3
Hearts of Iron III
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ImagXpress
iTunes
Java(TM) 6 Update 15
LiveUpdate 3.2 (Symantec Corporation)
Locomotion
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Miracle C
Movie Templates - Starter Kit
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
NCsoft Launcher
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
PlayGATE Setup
QuickTime
RCT3 Soaked
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RollerCoaster TycoonŽ 3
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SoundMAX
SoundTrax
Spybot - Search & Destroy
SpywareBlaster 4.2
SSH Secure Shell
Steam
Symantec AntiVirus
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Ventrilo Client
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
27/08/2009 12:41:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/08/2009 2:43:26 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
26/08/2009 2:43:14 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
26/08/2009 2:42:58 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
25/08/2009 6:46:41 PM, error: Service Control Manager [7034] - The getPlus(R) Helper service terminated unexpectedly. It has done this 1 time(s).
25/08/2009 5:41:36 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23/08/2009 8:31:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
22/08/2009 3:12:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
22/08/2009 3:11:45 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
22/08/2009 3:07:29 AM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
22/08/2009 3:07:17 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
==== End Of File ===========================
DDS (Ver_09-07-30.01) - NTFSx86
Run by Stefan at 16:19:39.64 on 27/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2192 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230803270651
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-11-25 935208]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-21 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090825.004\naveng.sys [2009-8-25 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090825.004\navex15.sys [2009-8-25 1323568]
S0 ati8tlxx;ati8tlxx;c:\windows\system32\drivers\ati8tlxx.sys --> c:\windows\system32\drivers\ati8tlxx.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-24 12672]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2009-6-22 16952]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
=============== Created Last 30 ================
2009-08-27 02:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-25 19:23 <DIR> --dsh--- c:\documents and settings\stefan\PrivacIE
2009-08-25 19:20 <DIR> --dsh--- c:\documents and settings\stefan\IETldCache
2009-08-25 19:17 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-25 19:17 <DIR> --d----- c:\windows\ie8updates
2009-08-25 19:16 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-25 19:16 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-25 19:14 <DIR> -cd-h--- c:\windows\ie8
2009-08-25 19:10 215,465 a------- c:\windows\system32\nvapps.nvb
2009-08-25 19:09 <DIR> --d----- c:\docume~1\stefan\applic~1\Windows Search
2009-08-25 19:08 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-08-25 19:08 <DIR> --d----- c:\program files\Windows Desktop Search
2009-08-25 19:07 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-08-25 19:07 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-08-25 19:07 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-08-25 19:07 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-25 19:05 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-25 18:49 <DIR> --d----- c:\program files\iPod
2009-08-25 18:49 <DIR> --d----- c:\program files\iTunes
2009-08-25 18:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 18:46 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-08-25 17:59 <DIR> --d----- c:\windows\pss
2009-08-24 19:49 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-24 01:30 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-24 01:30 <DIR> --d----- c:\program files\CPUID
2009-08-23 20:26 229,376 a------- c:\windows\PEV.exe
2009-08-23 20:26 161,792 a------- c:\windows\SWREG.exe
2009-08-23 20:26 98,816 a------- c:\windows\sed.exe
2009-08-22 10:35 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-13 02:27 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 02:27 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 01:27 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-10 16:48 <DIR> --d----- c:\program files\Atari
2009-08-03 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3
2009-07-28 22:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-07-28 22:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-07-28 22:28 12,067 a------- c:\windows\system32\SIntf16.dll
2009-07-28 22:14 35,213 a------- c:\windows\DIIUnin.dat
2009-07-28 22:14 94,208 a------- c:\windows\DIIUnin.exe
2009-07-28 22:14 2,829 a------- c:\windows\DIIUnin.pif
==================== Find3M ====================
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 08:55 143,360 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-24 16:00 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-24 16:00 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-08 04:05 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-01 00:48 76,869 a------- c:\windows\War3Unin.dat
2009-07-01 00:45 139,264 a------- c:\windows\War3Unin.exe
2009-07-01 00:45 2,829 a------- c:\windows\War3Unin.pif
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2006-06-23 02:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
============= FINISH: 16:20:11.82 ===============
Do NOT run 'fixes' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806)
Hi,
There're signs of ComboFix run there. Do you have c:\ComboFix.txt log available there? Post it here, please.
sbutnaru
2009-08-28, 19:50
ya i ran it about 3 days ago before i posted here here was the log
ComboFix 09-08-25.01 - Stefan 25/08/2009 17:45.4.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2375 [GMT -4:00]
Running from: c:\documents and settings\Stefan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.
2009-08-24 23:48 . 2009-08-24 23:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-24 05:30 . 2009-08-24 05:30 -------- d-----w- c:\program files\CPUID
2009-08-24 05:30 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-23 23:34 . 2009-08-23 23:34 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-13 06:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 05:27 . 2009-08-11 05:27 -------- d-----w- c:\program files\Paradox Interactive
2009-08-10 20:48 . 2009-08-10 20:48 -------- d-----w- c:\program files\Atari
2009-08-09 05:34 . 2006-09-07 18:57 729088 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\SFETIUS.exe
2009-08-09 05:29 . 2009-04-30 09:16 185344 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\PCGW32.DLL
2009-08-09 05:29 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\Stefan\Application Data\CosFeti
2009-08-09 05:29 . 2009-08-09 05:30 695578 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\unins000.exe
2009-08-09 05:29 . 2009-05-18 23:35 1619515 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\CosFeti.exe
2009-08-04 03:24 . 2009-08-04 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-08-04 02:57 . 2009-08-04 02:57 -------- d-----w- c:\program files\Microsoft Games
2009-07-29 02:28 . 2009-07-29 02:28 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-29 02:28 . 2009-07-29 02:28 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-29 02:28 . 2009-07-29 02:28 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-29 02:14 . 2009-07-29 02:29 35213 ----a-w- c:\windows\DIIUnin.dat
2009-07-29 02:14 . 2009-07-29 02:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-29 02:14 . 2009-07-29 02:14 2829 ----a-w- c:\windows\DIIUnin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 21:38 . 2009-01-01 09:35 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-24 23:41 . 2009-04-03 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:25 . 2009-01-01 23:11 19672 ----a-w- c:\documents and settings\Stefan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 00:01 . 2009-01-01 09:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 04:44 . 2009-05-19 03:05 -------- d-----w- c:\documents and settings\Stefan\Application Data\BitTorrent
2009-08-16 22:14 . 2009-02-05 04:08 -------- d-----w- c:\program files\Steam
2009-08-08 16:35 . 2009-04-05 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-04-03 00:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-04-03 00:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 16:31 . 2009-07-17 04:47 -------- d-----w- c:\program files\Pando Networks
2009-07-24 20:03 . 2009-07-24 20:03 -------- d-----w- c:\documents and settings\Stefan\Application Data\Ubisoft
2009-07-24 20:01 . 2009-07-24 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-07-24 20:00 . 2009-07-24 20:00 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-24 20:00 . 2009-07-24 20:00 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-24 03:13 . 2009-07-24 03:13 -------- d-----w- c:\documents and settings\Stefan\Application Data\Atari
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Stefan\Application Data\Leadertech
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-07-20 21:21 . 2009-07-20 19:25 -------- d-----w- c:\program files\NCSoft
2009-07-20 21:07 . 2009-07-20 21:07 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-20 19:22 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Stefan\Application Data\GetRightToGo
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 06:45 . 2009-07-17 06:45 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 05:54 . 2009-07-06 05:54 -------- d-----w- c:\program files\Sony
2009-07-01 04:48 . 2009-07-01 04:37 76869 ----a-w- c:\windows\War3Unin.dat
2009-07-01 04:45 . 2009-07-01 04:37 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-01 04:45 . 2009-07-01 04:37 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 04:58 . 2009-06-13 04:58 10134 ----a-r- c:\documents and settings\Stefan\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-01-01 09:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-24_00.31.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-30 21:00 . 2009-08-24 23:49 9483960 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8tlxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\europa universalis iii - complete\\eu3game.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\ANNO 14041\\Anno4.exe"=
"e:\\ANNO 14041\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/08/2009 8:10 PM 101936]
S0 ati8tlxx;ati8tlxx;c:\windows\system32\Drivers\ati8tlxx.sys --> c:\windows\system32\Drivers\ati8tlxx.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [24/08/2009 1:30 AM 12672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [02/04/2009 8:40 PM 38160]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [22/06/2009 10:40 PM 16952]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [07/10/2007 9:48 PM 116664]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/01/2009 12:14 AM 33752]
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-08-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 17:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-602609370-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2009-08-25 17:52
ComboFix-quarantined-files.txt 2009-08-25 21:52
ComboFix2.txt 2009-08-24 00:33
ComboFix3.txt 2009-04-03 00:36
Pre-Run: 96,525,242,368 bytes free
Post-Run: 96,498,761,728 bytes free
182 --- E O F --- 2009-08-23 07:06
would you like me to run a new one?
Hi,
Actually it looks like you ran it once before this too.
Look for ComboFix2.txt file (probably in c:\ComboFix folder) and post back its contents.
sbutnaru
2009-08-28, 20:58
ComboFix 09-08-22.06 - Stefan 23/08/2009 20:27.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2257 [GMT -4:00]
Running from: c:\documents and settings\Stefan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}\chrome.manifest
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}\chrome\content\_cfg.js
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}\chrome\content\c.js
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}\chrome\content\overlay.xul
c:\documents and settings\Stefan\Local Settings\Application Data\{777CF7FD-D138-45EB-85CE-F67A15B11EEA}\install.rdf
c:\windows\Fonts\wodSymbol.ttf
c:\windows\Installer\28f81f8.msp
c:\windows\Installer\907f4bd3.msi
.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.
2009-08-23 23:34 . 2009-08-23 23:34 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-23 07:05 . 2009-08-23 07:05 -------- d-----w- c:\windows\LastGood
2009-08-22 14:35 . 2009-08-22 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-13 06:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 05:27 . 2009-08-11 05:27 -------- d-----w- c:\program files\Paradox Interactive
2009-08-10 20:48 . 2009-08-10 20:48 -------- d-----w- c:\program files\Atari
2009-08-09 05:34 . 2006-09-07 18:57 729088 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\SFETIUS.exe
2009-08-09 05:29 . 2009-04-30 09:16 185344 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\PCGW32.DLL
2009-08-09 05:29 . 2009-08-09 05:35 -------- d-----w- c:\documents and settings\Stefan\Application Data\CosFeti
2009-08-09 05:29 . 2009-08-09 05:30 695578 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\unins000.exe
2009-08-09 05:29 . 2009-05-18 23:35 1619515 ----a-w- c:\documents and settings\Stefan\Application Data\CosFeti\CosFeti.exe
2009-08-04 03:24 . 2009-08-04 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-08-04 02:57 . 2009-08-04 02:57 -------- d-----w- c:\program files\Microsoft Games
2009-07-29 02:28 . 2009-07-29 02:28 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-29 02:28 . 2009-07-29 02:28 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-29 02:28 . 2009-07-29 02:28 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-29 02:14 . 2009-07-29 02:29 35213 ----a-w- c:\windows\DIIUnin.dat
2009-07-29 02:14 . 2009-07-29 02:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-29 02:14 . 2009-07-29 02:14 2829 ----a-w- c:\windows\DIIUnin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 00:26 . 2009-01-01 09:35 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-24 00:01 . 2009-01-01 09:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 23:35 . 2009-08-23 23:35 687104 ----a-w- c:\windows\isRS-000.tmp
2009-08-23 23:35 . 2009-04-03 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 04:44 . 2009-05-19 03:05 -------- d-----w- c:\documents and settings\Stefan\Application Data\BitTorrent
2009-08-16 22:14 . 2009-02-05 04:08 -------- d-----w- c:\program files\Steam
2009-08-08 16:35 . 2009-04-05 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-04-03 00:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-04-03 00:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 16:31 . 2009-07-17 04:47 -------- d-----w- c:\program files\Pando Networks
2009-07-24 20:03 . 2009-07-24 20:03 -------- d-----w- c:\documents and settings\Stefan\Application Data\Ubisoft
2009-07-24 20:01 . 2009-07-24 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-07-24 20:00 . 2009-07-24 20:00 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-24 20:00 . 2009-07-24 20:00 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-24 03:13 . 2009-07-24 03:13 -------- d-----w- c:\documents and settings\Stefan\Application Data\Atari
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Stefan\Application Data\Leadertech
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-07-20 21:21 . 2009-07-20 19:25 -------- d-----w- c:\program files\NCSoft
2009-07-20 21:07 . 2009-07-20 21:07 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-20 19:22 . 2009-07-20 19:21 -------- d-----w- c:\documents and settings\Stefan\Application Data\GetRightToGo
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 06:45 . 2009-07-17 06:45 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 05:54 . 2009-07-06 05:54 -------- d-----w- c:\program files\Sony
2009-07-01 04:48 . 2009-07-01 04:37 76869 ----a-w- c:\windows\War3Unin.dat
2009-07-01 04:45 . 2009-07-01 04:37 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-01 04:45 . 2009-07-01 04:37 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 07:00 . 2009-06-26 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 04:58 . 2009-06-13 04:58 10134 ----a-r- c:\documents and settings\Stefan\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-01-01 09:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8tlxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\europa universalis iii - complete\\eu3game.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\ANNO 14041\\Anno4.exe"=
"e:\\ANNO 14041\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/08/2009 8:10 PM 101936]
S0 ati8tlxx;ati8tlxx;c:\windows\system32\Drivers\ati8tlxx.sys --> c:\windows\system32\Drivers\ati8tlxx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [22/06/2009 10:40 PM 16952]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [07/10/2007 9:48 PM 116664]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/01/2009 12:14 AM 33752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-08-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
HKCU-Run-PlayNC Launcher - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 20:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-602609370-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-08-24 20:33
ComboFix-quarantined-files.txt 2009-08-24 00:33
ComboFix2.txt 2009-04-03 00:36
Pre-Run: 97,175,027,712 bytes free
Post-Run: 97,150,156,800 bytes free
182 --- E O F --- 2009-08-23 07:06
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
Driver::
ati8tlxx
File::
c:\windows\system32\Drivers\ati8tlxx.sys
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Get Adobe Reader updates 9.1.2 & 9.1.3 here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) CleanerŠ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running?
sbutnaru
2009-08-29, 01:25
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 28, 2009 21:13:18
Records in database: 2699563
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
Scan statistics:
Objects scanned: 236573
Threats found: 27
Infected objects found: 91
Suspicious objects found: 0
Scan duration: 02:56:23
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040000\496F9034.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040001\496F903A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040002\496F903F.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040003\497469AA.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040004\497469AF.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040005\497528B0.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040006\497528B5.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600000\49670677.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600001\4967067B.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600002\4967067F.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600003\49670683.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600004\496706E9.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600005\496706ED.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600006\496708F1.VBN Infected: Trojan-Dropper.Win32.Agent.aeer 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600007\496708F6.VBN Infected: Trojan-Dropper.Win32.Agent.aeer 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600008\496708FB.VBN Infected: Trojan-Dropper.Win32.Agent.aeer 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600009\49670907.VBN Infected: Backdoor.Win32.TDSS.bkw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000A\4967090C.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000B\49670911.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000C\49670916.VBN Infected: Trojan-Downloader.Win32.Agent.aofm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000D\49670B1B.VBN Infected: Backdoor.Win32.Hijack.ai 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000E\49672E3B.VBN Infected: Backdoor.Win32.TDSS.bkw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000F\496731F6.VBN Infected: Backdoor.Win32.TDSS.atb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600010\49673EB8.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600011\49674CC8.VBN Infected: Backdoor.Win32.TDSS.asz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02500000\4AD10D83.VBN Infected: Trojan.Win32.Pakes.nnv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02640000\4A75FED5.VBN Infected: Trojan-Downloader.HTML.FraudLoad.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05080000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640001.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640002\4D7E908B.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640003\4D7E9091.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40000\4DFECDC1.VBN Infected: Rootkit.Win32.Agent.gcr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40001\4DC4A6CC.VBN Infected: Trojan-Downloader.Win32.BHO.fbi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06840002\4FEF53B6.VBN Infected: Exploit.JS.ADODB.Stream.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80000\4EFF9EF0.VBN Infected: Trojan.Win32.Pakes.nnv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000\496FB75E.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280001\4969D307.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280002\4969D30C.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280003\4969D311.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280004\4969E4DB.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280005\4969E4DF.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280006\496B236D.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280007\496B2372.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280008\496C7603.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280009\496C7608.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0928000A\496CDD23.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0928000B\496CDD28.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440000\49CD9121.VBN Infected: Packed.Win32.Tdss.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440001\49CDE5E1.VBN Infected: Packed.Win32.Krap.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440002\49CDF6B2.VBN Infected: Packed.Win32.Tdss.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440003\49CE01F2.VBN Infected: Trojan.Win32.Agent2.ibc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A480000\4B5D4168.VBN Infected: Exploit.Win32.Pidief.acq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00000\4BF85313.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00001\4BF85318.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00002\4BF85B0F.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00003\4BF85B14.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00000\4DF13634.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00001\4DF1363A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00002\4DF136B6.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00003\4DF13709.VBN Infected: Trojan-Dropper.Win32.Agent.acgu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00004\4DF1BDEC.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00005\4DF1BDF2.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00006\4DF1D314.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00007\4DF1D31A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00008\4DF1D470.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00009\4DF1E280.VBN Infected: Trojan-Dropper.Win32.Agent.acgu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000A\4DF1EE5B.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000B\4DF1EE61.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000C\4DF30CDE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000D\4DF30CE4.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000E\4DF3D046.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000F\4DF3D04C.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4D7BDEB5.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580001\4D7BDEBA.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580002\4D7C60A3.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580003\4D7C60A9.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580004\4D7DAFCB.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580005\4D7DAFD1.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580006\4D7F0F57.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580007\4D7F0F5D.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80000\4FFADD65.VBN Infected: Trojan-PSW.Win32.Agent.llw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80002\4FFD5DAB.VBN Infected: Trojan.Win32.Agent2.gxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80003\4FFD5FE4.VBN Infected: Trojan.Win32.Agent2.gxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80004\4FFD5FEB.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80005\4FFD5FF2.VBN Infected: Trojan-Downloader.Win32.Injecter.bcg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80006\4FFD5FF9.VBN Infected: Rootkit.Win32.TDSS.deu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80007\4FFD6000.VBN Infected: Trojan.Win32.Small.bsh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000\4FFA84F1.VBN Infected: Trojan-PSW.Win32.Agent.llw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280001\4F6A6B70.VBN Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280002\4F6A6C53.VBN Infected: Packed.Win32.Black.a 1
Selected area has been scanned.
ComboFix 09-08-27.A3 - Stefan 28/08/2009 14:57.6.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2431 [GMT -4:00]
Running from: c:\documents and settings\Stefan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stefan\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
"c:\windows\system32\Drivers\ati8tlxx.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ati8tlxx
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-27 06:38 . 2009-08-27 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-25 23:25 . 2009-08-25 23:25 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-25 23:24 . 2009-08-25 23:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-25 23:23 . 2009-08-25 23:23 -------- d-sh--w- c:\documents and settings\Stefan\PrivacIE
2009-08-25 23:22 . 2009-08-25 23:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-25 23:20 . 2009-08-25 23:20 -------- d-sh--w- c:\documents and settings\Stefan\IETldCache
2009-08-25 23:17 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-25 23:17 . 2009-08-25 23:17 -------- d-----w- c:\windows\ie8updates
2009-08-25 23:16 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-25 23:16 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-25 23:14 . 2009-08-25 23:16 -------- dc-h--w- c:\windows\ie8
2009-08-25 23:09 . 2009-08-25 23:09 -------- d-----w- c:\documents and settings\Stefan\Application Data\Windows Search
2009-08-25 23:09 . 2009-08-25 23:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-25 23:08 . 2009-08-27 07:02 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-25 23:08 . 2009-08-25 23:08 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-25 23:07 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-25 23:07 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-25 23:07 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-25 23:07 . 2009-08-27 05:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-25 23:05 . 2009-08-25 23:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-25 23:05 . 2009-08-25 23:05 -------- d-----w- c:\windows\system32\LogFiles
2009-08-25 22:49 . 2009-08-25 22:49 -------- d-----w- c:\program files\iPod
2009-08-25 22:49 . 2009-08-25 22:49 -------- d-----w- c:\program files\iTunes
2009-08-25 22:49 . 2009-08-25 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 22:46 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-25 22:43 . 2009-08-25 22:44 -------- d-----w- c:\program files\QuickTime
2009-08-25 22:16 . 2009-08-25 22:16 152576 ----a-w- c:\documents and settings\Stefan\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-24 23:48 . 2009-08-27 06:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-24 05:30 . 2009-08-24 05:30 -------- d-----w- c:\program files\CPUID
2009-08-24 05:30 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-23 23:34 . 2009-08-23 23:34 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-13 06:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 05:27 . 2009-08-11 05:27 -------- d-----w- c:\program files\Paradox Interactive
2009-08-10 20:48 . 2009-08-10 20:48 -------- d-----w- c:\program files\Atari
2009-08-04 03:24 . 2009-08-04 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 19:10 . 2009-01-01 09:35 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-27 06:13 . 2009-01-28 04:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 06:04 . 2009-04-01 18:21 -------- d-----w- c:\program files\SpywareBlaster
2009-08-26 01:30 . 2009-01-28 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-25 22:49 . 2009-01-17 22:16 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 22:17 . 2009-04-03 00:47 -------- d-----w- c:\program files\Java
2009-08-24 23:41 . 2009-04-03 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 20:25 . 2009-01-01 23:11 19672 ----a-w- c:\documents and settings\Stefan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 00:01 . 2009-01-01 09:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 22:14 . 2009-02-05 04:08 -------- d-----w- c:\program files\Steam
2009-08-08 16:35 . 2009-04-05 22:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-04-03 00:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-04-03 00:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 02:29 . 2009-07-29 02:14 35213 ----a-w- c:\windows\DIIUnin.dat
2009-07-29 02:28 . 2009-07-29 02:28 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-29 02:28 . 2009-07-29 02:28 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-29 02:28 . 2009-07-29 02:28 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-29 02:14 . 2009-07-29 02:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-29 02:14 . 2009-07-29 02:14 2829 ----a-w- c:\windows\DIIUnin.pif
2009-07-28 12:55 . 2009-01-01 09:25 143360 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-07-25 09:23 . 2009-01-28 18:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 20:03 . 2009-07-24 20:03 -------- d-----w- c:\documents and settings\Stefan\Application Data\Ubisoft
2009-07-24 20:01 . 2009-07-24 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-07-24 20:00 . 2009-07-24 20:00 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-24 20:00 . 2009-07-24 20:00 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-24 03:13 . 2009-07-24 03:13 -------- d-----w- c:\documents and settings\Stefan\Application Data\Atari
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Stefan\Application Data\Leadertech
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-07-20 21:21 . 2009-07-20 19:25 -------- d-----w- c:\program files\NCSoft
2009-07-20 21:07 . 2009-07-20 21:07 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 06:45 . 2009-07-17 06:45 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 08:05 . 2008-07-16 19:35 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-07-06 05:54 . 2009-07-06 05:54 -------- d-----w- c:\program files\Sony
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 04:48 . 2009-07-01 04:37 76869 ----a-w- c:\windows\War3Unin.dat
2009-07-01 04:45 . 2009-07-01 04:37 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-01 04:45 . 2009-07-01 04:37 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 04:58 . 2009-06-13 04:58 10134 ----a-r- c:\documents and settings\Stefan\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-01-01 09:13 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-08-27_05.28.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 19:08 . 2009-08-28 19:08 16384 c:\windows\temp\Perflib_Perfdata_20c.dat
+ 2009-08-27 06:14 . 2009-08-27 06:14 3938816 c:\windows\Installer\506b28e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\europa universalis iii - complete\\eu3game.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\ANNO 14041\\Anno4.exe"=
"e:\\ANNO 14041\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/08/2009 8:10 PM 101936]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [24/08/2009 1:30 AM 12672]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [22/06/2009 10:40 PM 16952]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [07/10/2007 9:48 PM 116664]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-ati8tlxx.sys
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 15:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-602609370-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-08-28 15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 19:15
ComboFix2.txt 2009-08-27 05:30
ComboFix3.txt 2009-08-25 21:52
ComboFix4.txt 2009-08-24 00:33
ComboFix5.txt 2009-08-28 18:56
Pre-Run: 96,341,422,080 bytes free
Post-Run: 96,172,015,616 bytes free
261 --- E O F --- 2009-08-23 07:06
DDS (Ver_09-07-30.01) - NTFSx86
Run by Stefan at 18:22:25.57 on 28/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.1958 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230803270651
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-11-25 935208]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-21 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090825.004\naveng.sys [2009-8-25 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090825.004\navex15.sys [2009-8-25 1323568]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-24 12672]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2009-6-22 16952]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
=============== Created Last 30 ================
2009-08-27 02:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-25 19:23 <DIR> --dsh--- c:\documents and settings\stefan\PrivacIE
2009-08-25 19:20 <DIR> --dsh--- c:\documents and settings\stefan\IETldCache
2009-08-25 19:17 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-25 19:17 <DIR> --d----- c:\windows\ie8updates
2009-08-25 19:16 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-25 19:16 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-25 19:14 <DIR> -cd-h--- c:\windows\ie8
2009-08-25 19:10 215,465 a------- c:\windows\system32\nvapps.nvb
2009-08-25 19:09 <DIR> --d----- c:\docume~1\stefan\applic~1\Windows Search
2009-08-25 19:08 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-08-25 19:08 <DIR> --d----- c:\program files\Windows Desktop Search
2009-08-25 19:07 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-08-25 19:07 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-08-25 19:07 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-08-25 19:07 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-25 19:05 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-25 18:49 <DIR> --d----- c:\program files\iPod
2009-08-25 18:49 <DIR> --d----- c:\program files\iTunes
2009-08-25 18:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 18:46 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-08-25 17:59 <DIR> --d----- c:\windows\pss
2009-08-24 19:49 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-24 01:30 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-24 01:30 <DIR> --d----- c:\program files\CPUID
2009-08-23 20:26 229,376 a------- c:\windows\PEV.exe
2009-08-23 20:26 161,792 a------- c:\windows\SWREG.exe
2009-08-23 20:26 98,816 a------- c:\windows\sed.exe
2009-08-22 10:35 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-13 02:27 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 02:27 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 01:27 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-10 16:48 <DIR> --d----- c:\program files\Atari
2009-08-03 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3
==================== Find3M ====================
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 22:29 35,213 a------- c:\windows\DIIUnin.dat
2009-07-28 22:28 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-07-28 22:28 17,212 a------- c:\windows\system32\SIntf32.dll
2009-07-28 22:28 12,067 a------- c:\windows\system32\SIntf16.dll
2009-07-28 22:14 94,208 a------- c:\windows\DIIUnin.exe
2009-07-28 22:14 2,829 a------- c:\windows\DIIUnin.pif
2009-07-28 08:55 143,360 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-24 16:00 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-24 16:00 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-08 04:05 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-01 00:48 76,869 a------- c:\windows\War3Unin.dat
2009-07-01 00:45 139,264 a------- c:\windows\War3Unin.exe
2009-07-01 00:45 2,829 a------- c:\windows\War3Unin.pif
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2006-06-23 02:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
============= FINISH: 18:23:02.43 ===============
Hi,
Looks like Kaspersky found already quarantined items only.
Either clear quarantines through Symantec Antivirus or delete items in C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine folder.
How's the system running now?
sbutnaru
2009-08-29, 01:50
Its still slower tha nthe machine should be, and whenever um copiing a file or installing anything my audio becomes very choppy.
im just gonna run the kasp scan again i may have had the antivirus on when it ran i just wanna make sure everythign is in order now that i removed the quarantined items.
Has the system hard drive(s) been defragged lately?
sbutnaru
2009-08-29, 09:30
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 29, 2009 00:09:23
Records in database: 2699964
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
Scan statistics:
Objects scanned: 234837
Threats found: 18
Infected objects found: 75
Suspicious objects found: 0
Scan duration: 02:41:49
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040000\496F9034.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040001\496F903A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040002\496F903F.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040003\497469AA.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040004\497469AF.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040005\497528B0.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01040006\497528B5.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600000\49670677.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600001\4967067B.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600002\4967067F.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600003\49670683.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600004\496706E9.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600005\496706ED.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000A\4967090C.VBN Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000B\49670911.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000C\49670916.VBN Infected: Trojan-Downloader.Win32.Agent.aofm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0160000F\496731F6.VBN Infected: Backdoor.Win32.TDSS.atb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600010\49673EB8.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01600011\49674CC8.VBN Infected: Backdoor.Win32.TDSS.asz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02640000\4A75FED5.VBN Infected: Trojan-Downloader.HTML.FraudLoad.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05080000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640001.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640002\4D7E908B.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640003\4D7E9091.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40000\4DFECDC1.VBN Infected: Rootkit.Win32.Agent.gcr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C40001\4DC4A6CC.VBN Infected: Trojan-Downloader.Win32.BHO.fbi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06840002\4FEF53B6.VBN Infected: Exploit.JS.ADODB.Stream.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000\496FB75E.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280001\4969D307.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280002\4969D30C.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280003\4969D311.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280004\4969E4DB.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280005\4969E4DF.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280006\496B236D.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280007\496B2372.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280008\496C7603.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280009\496C7608.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0928000A\496CDD23.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0928000B\496CDD28.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440000\49CD9121.VBN Infected: Packed.Win32.Tdss.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440001\49CDE5E1.VBN Infected: Packed.Win32.Krap.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440002\49CDF6B2.VBN Infected: Packed.Win32.Tdss.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09440003\49CE01F2.VBN Infected: Trojan.Win32.Agent2.ibc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00000\4BF85313.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00001\4BF85318.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00002\4BF85B0F.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC00003\4BF85B14.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00000\4DF13634.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00001\4DF1363A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00002\4DF136B6.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00004\4DF1BDEC.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00005\4DF1BDF2.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00006\4DF1D314.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00007\4DF1D31A.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00008\4DF1D470.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000A\4DF1EE5B.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000B\4DF1EE61.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000C\4DF30CDE.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000D\4DF30CE4.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000E\4DF3D046.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000F\4DF3D04C.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4D7BDEB5.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580001\4D7BDEBA.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580002\4D7C60A3.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580003\4D7C60A9.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580004\4D7DAFCB.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580005\4D7DAFD1.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580006\4D7F0F57.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580007\4D7F0F5D.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.fyb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80002\4FFD5DAB.VBN Infected: Trojan.Win32.Agent2.gxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80003\4FFD5FE4.VBN Infected: Trojan.Win32.Agent2.gxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80004\4FFD5FEB.VBN Infected: Trojan.Win32.Agent.bkxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80005\4FFD5FF2.VBN Infected: Trojan-Downloader.Win32.Injecter.bcg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80006\4FFD5FF9.VBN Infected: Rootkit.Win32.TDSS.deu 1
Selected area has been scanned.
this is the newer scan
as for defrags im trying to see if that helps my c and d drive were fine but my e drive seems to screw up sound when its defraging
Hi,
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Delete items in C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine folder.
Hi,
What's the status here?
sbutnaru
2009-09-06, 05:41
its working now i gave up on that hard drive and all seems to be going well now the harddrives sata conector was bustwed not the cable but the plugy thing on the harddrive
Ok. Guess we can archive the topic then? :)
sbutnaru
2009-09-07, 21:49
Thanks for all your help :D
You're welcome :)
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.