View Full Version : Spybot detected Win32.FraudLoad.edt
priced83
2009-12-10, 00:35
Spybot detected Win32.FraudLoad.edt on my computer but says that fixing can not be completed because I am not an administrator. I am currently logged in to the only user account on my computer and it is listed as the computer administrator account. Subfolder under Win32.FraudLoad.edt is (SBI$47454F1F) Executable C:\Windows\msa.exe. My user documents folder pops up continuously. What can I do to fix this problem??
priced83
2009-12-10, 01:05
DDS (Ver_09-12-01.01) - NTFSX64
Run by Dave at 18:53:07.55 on Wed 12/09/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3966.2020 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DAI6V9U\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\dave\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [vegas] rundll32.exe c:\windows\system32\sshnas.dll,DllWork
uRun: [NeoChronos] c:\users\dave\appdata\local\temp\c.exe
uRun: [Ppemaf] rundll32.exe "c:\users\dave\appdata\local\niblayp.dll",Startup
uRun: [Kjevanuz] rundll32.exe "c:\users\dave\appdata\local\ekaridas.dll",Startup
uRun: [Astrocom] c:\windows\msa.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Malware Scanner] c:\program files (x86)\malwareremover.com\malware scanner\MalScr.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Ppemaf] rundll32.exe "c:\users\dave\appdata\local\niblayp.dll",Startup
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [CanonSolutionMenu] "c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
============= SERVICES / DRIVERS ===============
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [2009-8-31 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys [2009-8-31 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090427.003\IDSviA64.sys [2009-4-29 396848]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 308296]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-8 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-8 49480]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-8 40904]
=============== Created Last 30 ================
2009-12-09 22:55:41 512688 ----a-w- c:\windows\syswow64\XceedCry.dll
2009-12-09 22:55:41 423784 ----a-w- c:\windows\syswow64\XceedBkp.dll
2009-12-09 22:55:41 131856 ----a-w- c:\windows\syswow64\MSADODC.ocx
2009-12-09 22:55:40 89088 ----a-w- c:\windows\syswow64\ProgressBar4.ocx
2009-12-09 22:55:40 389120 ----a-w- c:\windows\syswow64\ACTSKN43.OCX
2009-12-09 22:55:40 188416 ----a-w- c:\windows\syswow64\actsplash.ocx
2009-12-09 22:55:40 1435272 ----a-w- c:\windows\syswow64\Flash.ocx
2009-12-09 22:55:40 11012 ----a-w- c:\windows\syswow64\threadapi.tlb
2009-12-09 22:55:40 101888 ----a-w- c:\windows\syswow64\VB6STKIT.DLL
2009-12-09 22:45:27 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-09 22:45:27 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\vi-VN
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\eu-ES
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\ca-ES
2009-12-08 18:37:54 0 d-----w- c:\windows\system32\eu-ES
2009-12-08 18:37:54 0 d-----w- c:\windows\system32\ca-ES
2009-12-08 18:37:51 0 d-----w- c:\windows\system32\vi-VN
2009-12-08 18:12:56 0 d-----w- c:\windows\system32\EventProviders
2009-12-07 23:48:16 0 d-----w- C:\sysmon
2009-12-07 23:30:34 215040 ----a-w- c:\windows\msa.exe
2009-12-07 23:30:23 200192 ----a-w- c:\windows\nwoar08147.exe
2009-12-07 23:30:10 40960 ----a-w- c:\windows\pnvu6108.exe
2009-12-07 22:54:58 0 d-----w- c:\programdata\vsosdk
2009-12-07 21:47:19 99384 ----a-w- c:\users\dave\appdata\roaming\inst.exe
2009-12-07 21:47:19 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-07 21:47:19 82816 ----a-w- c:\users\dave\appdata\roaming\pcouffin.sys
2009-12-07 21:31:24 0 d-----w- c:\users\dave\appdata\roaming\Xilisoft Corporation
2009-12-04 20:12:05 0 d-----w- c:\program files (x86)\common files\DivX Shared
2009-12-04 20:12:04 0 d-----w- c:\program files (x86)\DivX
2009-11-27 07:09:58 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-27 07:09:58 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 17:00:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 17:00:46 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 17:00:46 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-25 17:00:46 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-25 17:00:32 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-25 17:00:32 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-15 17:12:06 65536 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TM.blf
2009-11-15 17:12:06 524288 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TMContainer00000000000000000002.regtrans-ms
2009-11-15 17:12:06 524288 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TMContainer00000000000000000001.regtrans-ms
2009-11-14 21:31:58 90112 ----a-w- c:\windows\syswow64\dpl100.dll
2009-11-14 21:31:54 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll
2009-11-14 21:31:54 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll
2009-11-14 21:31:54 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll
2009-11-14 21:31:54 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll
2009-11-14 21:31:54 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll
2009-11-14 21:31:54 696320 ----a-w- c:\windows\syswow64\DivX.dll
2009-11-12 15:53:12 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 15:53:12 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-12 15:53:09 2751488 ----a-w- c:\windows\system32\win32k.sys
==================== Find3M ====================
2009-12-08 18:47:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-08 18:47:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-08 18:47:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-08 18:37:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-08 18:29:34 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-19 13:36:07 3599872 ----a-w- c:\windows\syswow64\mshtml.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 18:54:53.15 ===============
priced83
2009-12-10, 01:46
DDS (Ver_09-12-01.01) - NTFSX64
Run by Dave at 18:53:07.55 on Wed 12/09/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3966.2020 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DAI6V9U\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\dave\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [vegas] rundll32.exe c:\windows\system32\sshnas.dll,DllWork
uRun: [NeoChronos] c:\users\dave\appdata\local\temp\c.exe
uRun: [Ppemaf] rundll32.exe "c:\users\dave\appdata\local\niblayp.dll",Startup
uRun: [Kjevanuz] rundll32.exe "c:\users\dave\appdata\local\ekaridas.dll",Startup
uRun: [Astrocom] c:\windows\msa.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Malware Scanner] c:\program files (x86)\malwareremover.com\malware scanner\MalScr.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Ppemaf] rundll32.exe "c:\users\dave\appdata\local\niblayp.dll",Startup
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [CanonSolutionMenu] "c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
============= SERVICES / DRIVERS ===============
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [2009-8-31 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys [2009-8-31 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090427.003\IDSviA64.sys [2009-4-29 396848]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 308296]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-8 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-8 49480]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-8 40904]
=============== Created Last 30 ================
2009-12-09 22:55:41 512688 ----a-w- c:\windows\syswow64\XceedCry.dll
2009-12-09 22:55:41 423784 ----a-w- c:\windows\syswow64\XceedBkp.dll
2009-12-09 22:55:41 131856 ----a-w- c:\windows\syswow64\MSADODC.ocx
2009-12-09 22:55:40 89088 ----a-w- c:\windows\syswow64\ProgressBar4.ocx
2009-12-09 22:55:40 389120 ----a-w- c:\windows\syswow64\ACTSKN43.OCX
2009-12-09 22:55:40 188416 ----a-w- c:\windows\syswow64\actsplash.ocx
2009-12-09 22:55:40 1435272 ----a-w- c:\windows\syswow64\Flash.ocx
2009-12-09 22:55:40 11012 ----a-w- c:\windows\syswow64\threadapi.tlb
2009-12-09 22:55:40 101888 ----a-w- c:\windows\syswow64\VB6STKIT.DLL
2009-12-09 22:45:27 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-09 22:45:27 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\vi-VN
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\eu-ES
2009-12-08 18:37:55 0 d-----w- c:\windows\syswow64\ca-ES
2009-12-08 18:37:54 0 d-----w- c:\windows\system32\eu-ES
2009-12-08 18:37:54 0 d-----w- c:\windows\system32\ca-ES
2009-12-08 18:37:51 0 d-----w- c:\windows\system32\vi-VN
2009-12-08 18:12:56 0 d-----w- c:\windows\system32\EventProviders
2009-12-07 23:48:16 0 d-----w- C:\sysmon
2009-12-07 23:30:34 215040 ----a-w- c:\windows\msa.exe
2009-12-07 23:30:23 200192 ----a-w- c:\windows\nwoar08147.exe
2009-12-07 23:30:10 40960 ----a-w- c:\windows\pnvu6108.exe
2009-12-07 22:54:58 0 d-----w- c:\programdata\vsosdk
2009-12-07 21:47:19 99384 ----a-w- c:\users\dave\appdata\roaming\inst.exe
2009-12-07 21:47:19 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-07 21:47:19 82816 ----a-w- c:\users\dave\appdata\roaming\pcouffin.sys
2009-12-07 21:31:24 0 d-----w- c:\users\dave\appdata\roaming\Xilisoft Corporation
2009-12-04 20:12:05 0 d-----w- c:\program files (x86)\common files\DivX Shared
2009-12-04 20:12:04 0 d-----w- c:\program files (x86)\DivX
2009-11-27 07:09:58 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-27 07:09:58 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 17:00:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 17:00:46 1797120 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 17:00:46 1401856 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-25 17:00:46 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-25 17:00:32 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-25 17:00:32 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-15 17:12:06 65536 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TM.blf
2009-11-15 17:12:06 524288 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TMContainer00000000000000000002.regtrans-ms
2009-11-15 17:12:06 524288 --sha-w- c:\users\dave\NTUSER.DAT{f6f71556-d209-11de-9777-002215d926d1}.TMContainer00000000000000000001.regtrans-ms
2009-11-14 21:31:58 90112 ----a-w- c:\windows\syswow64\dpl100.dll
2009-11-14 21:31:54 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll
2009-11-14 21:31:54 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll
2009-11-14 21:31:54 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll
2009-11-14 21:31:54 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll
2009-11-14 21:31:54 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll
2009-11-14 21:31:54 696320 ----a-w- c:\windows\syswow64\DivX.dll
2009-11-12 15:53:12 441856 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 15:53:12 355328 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-12 15:53:09 2751488 ----a-w- c:\windows\system32\win32k.sys
==================== Find3M ====================
2009-12-08 18:47:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-08 18:47:29 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-08 18:47:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-08 18:37:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-08 18:29:34 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-19 13:36:07 3599872 ----a-w- c:\windows\syswow64\mshtml.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 18:54:53.15 ===============
Hello priced83,
I merged three topics, one from the Spybot-S&D forum.
Please see this FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Then start a new thread and copy paste the HJT log into it.
If HJT won't run please start a new topic anyway, make note of the situation and a volunteer analyst will advise you when available.
Best regards.