View Full Version : win32.agent.ieu Cannot Remove.
XSweetFreedomX
2010-01-15, 03:08
Hello... I recently ran S&D, and it found win32.agent.ieu. Although I'm logged in as administrator, S&D won't let me remove it (It says I don't have the Administrator rights). I could use some help, I'm having problems with my system and need to get it fixed. I have included the Hijackthis log, thanks for your help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:42 PM, on 1/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 5734 bytes
I have also uninstalled the AskToolbar as well as Limewire as I'm pretty sure it goes against SaferNetworking's P2P Rules :)
Hi,
I recently ran S&D, and it found win32.agent.ieu
Do you recall what item was flagged as that?
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
XSweetFreedomX
2010-01-20, 01:28
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mason at 15:09:03.61 on Tue 01/19/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3545.2514 [GMT -8:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mason\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\mason\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\mason\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\mason\appdata\roaming\mozilla\firefox\profiles\sd87z4b3.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-2 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-2 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-2 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-2 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-2 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-13 1153368]
=============== Created Last 30 ================
2010-01-19 02:49:04 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-01-19 02:49:04 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-01-19 02:49:04 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-01-14 05:00:21 0 d-----w- c:\program files\Trend Micro
2010-01-14 03:19:26 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-14 03:19:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 03:13:57 0 d-----w- c:\program files\CCleaner
2010-01-14 03:02:08 0 d-----w- c:\program files\Guitar Pro 5
2010-01-14 02:46:34 0 d-----w- c:\users\mason\appdata\roaming\BitTorrent
2010-01-14 02:46:34 0 d-----w- c:\program files\Ask.com
2010-01-14 02:46:24 0 d-----w- c:\program files\BitTorrent
2010-01-14 01:31:07 0 d-----w- c:\windows\system32\x64
2010-01-13 23:48:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-12 23:11:43 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-12 23:11:40 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 23:11:40 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:11:30 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-12 23:11:29 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-12 23:11:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-12 01:28:24 880912 ----a-w- c:\windows\WM8EUTIL.exe
2010-01-12 01:28:23 0 d-----w- c:\program files\CD to MP3 Freeware
2010-01-12 01:12:52 0 d-----w- c:\programdata\NCH Swift Sound
2010-01-12 01:12:47 0 d-----w- c:\program files\NCH Swift Sound
2010-01-12 00:48:43 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-12 00:38:28 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-12 00:38:28 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-12 00:34:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-01-12 00:33:41 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-12 00:32:37 0 d--h--w- c:\windows\msdownld.tmp
2010-01-12 00:32:32 0 d-----w- c:\windows\system32\directx
2010-01-11 06:38:51 0 d-----w- c:\program files\Bethesda Softworks
2010-01-11 06:37:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 03:42:30 0 d-----w- c:\program files\common files\PX Storage Engine
2010-01-11 03:42:15 0 d-----w- c:\program files\DivX
2010-01-11 03:42:15 0 d-----w- c:\program files\common files\DivX Shared
2010-01-07 06:45:10 0 d-----w- c:\programdata\Adobe
2010-01-07 06:44:29 0 d-----w- c:\programdata\NOS
2010-01-07 00:19:19 534 ----a-w- c:\windows\eReg.dat
2010-01-05 00:42:13 0 d-----w- c:\program files\Kreatives.org
2010-01-04 11:32:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-04 11:09:34 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-01-04 11:09:33 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-01-04 11:09:33 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-01-04 11:09:33 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-01-04 11:09:33 11264 ----a-w- c:\windows\system32\icardres.dll
2010-01-04 11:09:33 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-01-04 11:09:32 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-01-04 11:09:31 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-04 11:03:20 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-01-04 11:03:19 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-01-04 11:03:18 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-04 11:03:13 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-01-04 11:03:10 83968 ----a-w- c:\windows\system32\mscories.dll
2010-01-03 19:05:36 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-01-03 19:05:30 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-01-03 19:05:23 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-01-03 19:04:54 0 d-----w- c:\users\mason\appdata\roaming\LimeWire
2010-01-03 19:04:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-03 19:04:08 0 d-----w- c:\program files\LimeWire
2010-01-03 19:01:12 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-01-03 18:59:35 0 d-----w- c:\users\mason\appdata\roaming\GetRightToGo
2010-01-03 18:57:58 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-03 18:56:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-01-03 18:56:47 636928 ----a-w- c:\windows\system32\localspl.dll
2010-01-03 18:54:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-03 18:52:04 2927104 ----a-w- c:\windows\explorer.exe
2010-01-03 18:51:59 0 d-----w- c:\users\mason\Tracing
2010-01-03 18:51:54 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-01-03 18:51:47 988216 ----a-w- c:\windows\system32\winload.exe
2010-01-03 18:51:47 615992 ----a-w- c:\windows\system32\ci.dll
2010-01-03 18:51:40 927288 ----a-w- c:\windows\system32\winresume.exe
2010-01-03 18:51:38 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-01-03 18:51:38 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-01-03 18:51:38 40960 ----a-w- c:\windows\system32\srclient.dll
2010-01-03 18:51:38 378368 ----a-w- c:\windows\system32\srcore.dll
2010-01-03 18:51:38 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-01-03 18:51:38 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-01-03 18:47:59 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-03 18:46:59 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-03 18:42:56 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-03 18:35:46 0 d-----w- c:\program files\Microsoft
2010-01-03 18:34:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 18:30:45 0 d-----w- c:\windows\PCHEALTH
2010-01-03 18:29:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 18:29:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 18:29:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 18:29:48 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-01-03 18:29:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 18:27:23 0 d-----w- c:\program files\common files\Windows Live
2010-01-03 05:27:06 0 d-----w- c:\program files\Ventrilo
2010-01-03 05:27:04 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-01-03 05:26:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-03 03:50:50 0 d-----w- c:\program files\EA GAMES
2010-01-03 03:08:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-03 03:08:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-03 03:08:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-03 03:08:23 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-03 03:08:17 0 d-----w- c:\program files\AVG
2010-01-03 03:08:15 0 d-----w- c:\programdata\avg9
2010-01-03 02:58:53 0 d-----w- c:\users\mason\appdata\roaming\Xfire
2010-01-03 02:58:52 0 d-----w- c:\programdata\Xfire
2010-01-03 02:58:51 0 d-----w- c:\program files\Xfire
2010-01-03 02:54:54 56680 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-03 02:54:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-03 02:49:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-03 02:49:07 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-03 02:49:02 0 d-----w- c:\program files\DellTPad
2010-01-03 02:48:55 192048 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-03 02:48:55 107622 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-03 02:48:54 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-01-03 02:48:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-03 02:48:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-03 02:48:39 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-03 02:46:57 0 d-----w- c:\program files\Cisco
2010-01-03 02:35:42 773890 ----a-w- c:\windows\system32\oem2.inf
2010-01-03 02:35:10 1044992 ----a-w- c:\windows\system32\BCMLogon.dll
2010-01-03 02:35:05 386288 ----a-w- c:\windows\bcmFADD.tmp
2010-01-03 02:35:04 0 d-----w- c:\windows\system32\no-NO
2010-01-03 02:35:00 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-01-03 02:23:18 0 d-----w- c:\programdata\Dell
2010-01-03 02:23:18 0 d-----w- c:\programdata\CyberLink
2010-01-03 02:22:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-03 02:22:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-03 02:22:56 89088 ----a-w- c:\windows\system32\atl71.dll
2010-01-03 02:22:56 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-03 02:22:56 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-01-03 02:15:45 0 d-----w- c:\windows\system32\vmm32
2010-01-03 02:15:45 0 d-----w- c:\program files\Dell
2010-01-03 02:15:23 0 d-sh--w- c:\windows\Installer
2010-01-03 01:53:05 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-03 01:47:34 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-01-03 01:47:03 0 d-----w- c:\windows\Panther
2010-01-03 01:46:29 22 ---ha-r- c:\windows\dell_version
2010-01-03 01:46:29 0 d-----w- c:\windows\system32\OEM
2010-01-03 01:37:36 0 d-----w- C:\Windows.old
2010-01-03 01:36:26 8192 --s-a-r- C:\BOOTSECT.BAK
2009-12-29 06:16:17 0 d-sh--w- C:\found.000
2009-12-29 06:05:55 0 d-----w- C:\e4e99a97a63a5d5373d175b294
2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
==================== Find3M ====================
2010-01-14 01:33:35 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-14 01:33:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-14 01:33:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-04 11:54:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-20 18:53:32 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-03 17:27:28 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 17:27:28 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 00:51:14 9728 ----a-w- c:\windows\system32\wceprv.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 15:10:00.08 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 1/2/2010 5:58:50 PM
System Uptime: 1/19/2010 12:06:46 PM (3 hours ago)
Motherboard: Dell Inc. | | 0K138P
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Microprocessor | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 451 GiB total, 307.654 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.537 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02CF1028&REV_03\3&2B8E0B4B&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02CF1028&REV_03\3&2B8E0B4B&0&FB
Service:
==== System Restore Points ===================
RP64: 1/18/2010 - Scheduled Checkpoint
RP66: 1/18/2010 8:32:30 AM - Avg8 Update
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Ask Toolbar
AutoUpdate
AVG Free 9.0
Battlefield 1942
Battlefield 2: Deluxe Edition
BitTorrent
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
ERUNT 1.1j
Free CD to MP3 Converter
Guitar Pro 5.2
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java(TM) 6 Update 17
Junk Mail filter update
KRISTAL Audio Engine
LimeWire 5.4.6
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.5.7)
MSVCRT
Oblivion
PowerDVD DX
Spybot - Search & Destroy
Switch Sound File Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Xfire (remove only)
==== Event Viewer Messages From Past Week ========
1/18/2010 6:46:48 PM, Error: EventLog [6008] - The previous system shutdown at 6:43:25 PM on 1/18/2010 was unexpected.
1/13/2010 8:59:15 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/13/2010 8:58:53 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/13/2010 3:45:53 PM, Error: EventLog [6008] - The previous system shutdown at 3:44:15 PM on 1/13/2010 was unexpected.
1/12/2010 3:05:32 PM, Error: EventLog [6008] - The previous system shutdown at 1:25:24 PM on 1/12/2010 was unexpected.
1/12/2010 12:36:59 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
There are those, also I thought all my P2P was uninstalled but I guess not of the uninstalls went through. I have officially removed BitTorrent and Limewire. I won't do anything else without instruction. Thanks!
Oh and no I don't remember what was flagged as that. I'll run S&D again and see if I can identify it.
XSweetFreedomX
2010-01-20, 04:00
I ran S&D again, all I could find in relation with the file was that it was in:
(SBI $81012CAF) Data
C:\\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84AOC}.job
Thanks for the logs :)
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
XSweetFreedomX
2010-01-21, 01:54
ComboFix 10-01-20.03 - Mason 01/20/2010 15:20:51.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3545.2030 [GMT -8:00]
Running from: c:\users\Mason\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\oem2.inf
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 23:25 . 2010-01-20 23:25 -------- d-----w- c:\users\Mason\AppData\Local\temp
2010-01-20 23:25 . 2010-01-20 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-14 04:57 . 2010-01-14 04:58 -------- d-----w- c:\program files\ERUNT
2010-01-14 03:19 . 2010-01-14 04:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-14 03:19 . 2010-01-14 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 03:13 . 2010-01-14 03:13 -------- d-----w- c:\program files\CCleaner
2010-01-14 03:02 . 2010-01-14 03:02 -------- d-----w- c:\program files\Guitar Pro 5
2010-01-14 02:46 . 2010-01-14 02:46 -------- d-----w- c:\program files\Ask.com
2010-01-14 01:31 . 2010-01-14 01:31 -------- d-----w- c:\windows\system32\x64
2010-01-14 01:18 . 2010-01-14 01:27 -------- d-----w- c:\users\Mason\AppData\Local\Deployment
2010-01-14 01:18 . 2010-01-14 01:18 -------- d-----w- c:\users\Mason\AppData\Local\Apps
2010-01-14 00:52 . 2010-01-14 00:52 -------- d-----w- c:\users\Mason\AppData\Roaming\DivX
2010-01-12 23:11 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-12 23:11 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:11 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 23:11 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-12 23:11 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-12 23:11 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-12 01:28 . 2001-03-24 00:29 880912 ----a-w- c:\windows\WM8EUTIL.exe
2010-01-12 01:28 . 2010-01-12 19:33 -------- d-----w- c:\program files\CD to MP3 Freeware
2010-01-12 01:12 . 2010-01-12 01:12 -------- d-----w- c:\programdata\NCH Swift Sound
2010-01-12 01:12 . 2010-01-12 01:12 -------- d-----w- c:\users\Mason\AppData\Roaming\NCH Swift Sound
2010-01-12 01:12 . 2010-01-12 01:12 -------- d-----w- c:\program files\NCH Swift Sound
2010-01-12 00:48 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-01-12 00:38 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-12 00:38 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-12 00:34 . 2007-05-17 00:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-01-12 00:33 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-12 00:32 . 2010-01-12 00:33 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-11 06:38 . 2010-01-11 06:38 -------- d-----w- c:\program files\Bethesda Softworks
2010-01-11 06:37 . 2010-01-11 06:37 -------- d--h--r- c:\users\Mason\AppData\Roaming\SecuROM
2010-01-11 06:37 . 2010-01-11 06:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 05:35 . 2010-01-11 05:35 -------- d-----w- c:\users\Mason\AppData\Local\Oblivion
2010-01-11 04:48 . 2010-01-11 04:48 -------- d-----w- c:\windows\Sun
2010-01-11 03:42 . 2010-01-11 03:42 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-11 03:42 . 2010-01-11 03:44 -------- d-----w- c:\program files\DivX
2010-01-11 03:42 . 2010-01-11 03:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-07 06:45 . 2010-01-07 06:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 06:45 . 2009-11-20 11:08 38784 ----a-w- c:\users\Mason\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 06:45 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 06:45 . 2010-01-07 06:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-07 06:44 . 2010-01-11 04:48 -------- d-----w- c:\users\Mason\AppData\Local\Adobe
2010-01-07 06:44 . 2010-01-07 06:44 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-01-07 06:44 . 2010-01-08 04:49 -------- d-----w- c:\programdata\NOS
2010-01-07 00:56 . 2010-01-07 00:59 -------- d-----w- c:\users\Mason\AppData\Roaming\Ventrilo
2010-01-07 00:19 . 2010-01-07 00:19 534 ----a-w- c:\windows\eReg.dat
2010-01-05 00:42 . 2010-01-05 00:42 -------- d-----w- c:\program files\Kreatives.org
2010-01-04 11:32 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-04 11:09 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-01-04 11:09 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-01-04 11:09 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-01-04 11:09 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-01-04 11:09 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-01-04 11:09 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-01-04 11:09 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-04 11:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-01-04 11:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-01-04 11:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-04 11:03 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-01-04 11:03 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-01-03 19:04 . 2009-10-11 12:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-03 19:04 . 2010-01-04 01:49 -------- d-----w- c:\program files\Java
2010-01-03 19:01 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-01-03 18:59 . 2010-01-05 00:42 -------- d-----w- c:\users\Mason\AppData\Roaming\GetRightToGo
2010-01-03 18:57 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-03 18:56 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2010-01-03 18:54 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-03 18:52 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2010-01-03 18:51 . 2010-01-19 02:49 -------- d-----w- c:\users\Mason\Tracing
2010-01-03 18:51 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-01-03 18:51 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2010-01-03 18:51 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2010-01-03 18:51 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2010-01-03 18:51 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2010-01-03 18:51 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2010-01-03 18:51 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-01-03 18:51 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-01-03 18:51 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-01-03 18:51 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-01-03 18:47 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-03 18:46 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-03 18:42 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-03 18:35 . 2010-01-03 18:35 -------- d-----w- c:\program files\Microsoft
2010-01-03 18:34 . 2010-01-03 18:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 18:31 . 2010-01-03 18:36 -------- d-----w- c:\program files\Windows Live
2010-01-03 18:30 . 2010-01-03 18:30 -------- d-----w- c:\windows\PCHEALTH
2010-01-03 18:29 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 18:29 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 18:29 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 18:29 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 18:27 . 2010-01-03 18:27 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-03 05:39 . 2010-01-03 05:39 -------- d-----w- c:\users\Mason\AppData\Local\PunkBuster
2010-01-03 05:27 . 2010-01-03 05:27 -------- d-----w- c:\program files\Ventrilo
2010-01-03 05:26 . 2010-01-03 05:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-03 05:12 . 2010-01-03 05:12 -------- d-----w- c:\users\Mason\AppData\Local\Mozilla
2010-01-03 03:50 . 2010-01-06 23:58 -------- d-----w- c:\program files\EA GAMES
2010-01-03 03:26 . 2010-01-03 03:26 -------- d-----w- c:\windows\system32\Macromed
2010-01-03 03:08 . 2010-01-03 03:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-03 03:08 . 2010-01-03 03:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-03 03:08 . 2010-01-03 03:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-03 03:08 . 2010-01-20 22:56 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-03 03:08 . 2010-01-03 03:08 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-03 03:08 . 2010-01-03 03:08 -------- d-----w- c:\program files\AVG
2010-01-03 03:08 . 2010-01-12 20:35 -------- d-----w- c:\programdata\avg9
2010-01-03 02:58 . 2010-01-03 02:58 552 ----a-w- c:\users\Mason\AppData\Local\d3d8caps.dat
2010-01-03 02:58 . 2010-01-08 00:30 -------- d-----w- c:\users\Mason\AppData\Roaming\Xfire
2010-01-03 02:58 . 2010-01-08 04:47 -------- d-----w- c:\programdata\Xfire
2010-01-03 02:58 . 2010-01-08 04:47 -------- d-----w- c:\program files\Xfire
2010-01-03 02:54 . 2010-01-19 02:47 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-03 02:54 . 2010-01-03 02:54 56680 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-03 02:49 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-03 02:49 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-03 02:49 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-03 02:49 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-03 02:49 . 2010-01-03 02:49 -------- d-----w- c:\program files\DellTPad
2010-01-03 02:48 . 2009-02-06 03:48 192048 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-03 02:48 . 2009-01-31 20:15 107622 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-03 02:48 . 2006-11-02 16:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-01-03 02:48 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-03 02:48 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-03 02:48 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-03 02:48 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-03 02:48 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 11:00 . 2010-01-12 00:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 02:49 . 2010-01-19 02:49 -------- d-----w- c:\program files\Intel
2010-01-19 01:33 . 2010-01-03 02:10 680 ----a-w- c:\users\Mason\AppData\Local\d3d9caps.dat
2010-01-14 05:00 . 2010-01-14 05:00 -------- d-----w- c:\program files\Trend Micro
2010-01-13 23:48 . 2010-01-13 23:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-13 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-04 11:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-03 18:26 . 2010-01-18 16:32 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-03 18:26 . 2010-01-18 16:32 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-01-03 03:08 . 2010-01-18 16:32 1260312 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-03 02:49 . 2010-01-03 02:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-03 02:34 . 2010-01-03 02:34 -------- d-----w- c:\users\Mason\AppData\Roaming\InstallShield
2009-12-20 18:53 . 2009-12-20 18:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-03 17:27 . 2009-12-03 17:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 17:27 . 2009-12-03 17:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-21 06:40 . 2010-01-12 00:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-12 00:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-12 00:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-12 00:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 00:51 . 2009-11-03 00:51 9728 ----a-w- c:\windows\system32\wceprv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-19 02:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-19 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-03 128232]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-03 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
c:\users\Mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/2/2010 7:08 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/2/2010 7:08 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/2/2010 7:08 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/2/2010 7:08 PM 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/13/2010 7:19 PM 1153368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\sd87z4b3.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 15:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-01-20 15:27:05
ComboFix-quarantined-files.txt 2010-01-20 23:27
Pre-Run: 333,091,643,392 bytes free
Post-Run: 333,377,945,600 bytes free
- - End Of File - - EF5C3E9A0A293E9CACC5144880A422F2
XSweetFreedomX
2010-01-21, 02:03
Here's the new DDS file as well...
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mason at 16:02:30.17 on Wed 01/20/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3545.2069 [GMT -8:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mason\Downloads\dds(3).scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\mason\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\mason\appdata\roaming\mozilla\firefox\profiles\sd87z4b3.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-2 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-2 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-2 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-2 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-2 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-13 1153368]
=============== Created Last 30 ================
2010-01-20 23:27:08 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-20 23:20:09 98816 ----a-w- c:\windows\sed.exe
2010-01-20 23:20:09 77312 ----a-w- c:\windows\MBR.exe
2010-01-20 23:20:09 261632 ----a-w- c:\windows\PEV.exe
2010-01-20 23:20:09 161792 ----a-w- c:\windows\SWREG.exe
2010-01-19 02:49:04 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-01-19 02:49:04 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-01-19 02:49:04 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-01-14 05:00:21 0 d-----w- c:\program files\Trend Micro
2010-01-14 03:19:26 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-14 03:19:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 03:13:57 0 d-----w- c:\program files\CCleaner
2010-01-14 03:02:08 0 d-----w- c:\program files\Guitar Pro 5
2010-01-14 01:31:07 0 d-----w- c:\windows\system32\x64
2010-01-13 23:48:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-01-12 23:11:43 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-12 23:11:40 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 23:11:40 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:11:30 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-12 23:11:29 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-12 23:11:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-12 01:28:24 880912 ----a-w- c:\windows\WM8EUTIL.exe
2010-01-12 01:28:23 0 d-----w- c:\program files\CD to MP3 Freeware
2010-01-12 01:12:52 0 d-----w- c:\programdata\NCH Swift Sound
2010-01-12 01:12:47 0 d-----w- c:\program files\NCH Swift Sound
2010-01-12 00:48:43 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-12 00:38:28 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-12 00:38:28 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-12 00:34:59 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-01-12 00:33:41 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-12 00:32:37 0 d--h--w- c:\windows\msdownld.tmp
2010-01-12 00:32:32 0 d-----w- c:\windows\system32\directx
2010-01-11 06:38:51 0 d-----w- c:\program files\Bethesda Softworks
2010-01-11 06:37:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-11 03:42:30 0 d-----w- c:\program files\common files\PX Storage Engine
2010-01-11 03:42:15 0 d-----w- c:\program files\DivX
2010-01-11 03:42:15 0 d-----w- c:\program files\common files\DivX Shared
2010-01-07 06:45:10 0 d-----w- c:\programdata\Adobe
2010-01-07 06:44:29 0 d-----w- c:\programdata\NOS
2010-01-07 00:19:19 534 ----a-w- c:\windows\eReg.dat
2010-01-05 00:42:13 0 d-----w- c:\program files\Kreatives.org
2010-01-04 11:32:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-04 11:09:34 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-01-04 11:09:33 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-01-04 11:09:33 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-01-04 11:09:33 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-01-04 11:09:33 11264 ----a-w- c:\windows\system32\icardres.dll
2010-01-04 11:09:33 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-01-04 11:09:32 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-01-04 11:09:31 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-04 11:03:20 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-01-04 11:03:19 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-01-04 11:03:18 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-04 11:03:13 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-01-04 11:03:10 83968 ----a-w- c:\windows\system32\mscories.dll
2010-01-03 19:05:36 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-01-03 19:05:30 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-01-03 19:05:23 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-01-03 19:04:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-03 19:01:12 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-01-03 18:59:35 0 d-----w- c:\users\mason\appdata\roaming\GetRightToGo
2010-01-03 18:57:58 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-03 18:56:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-01-03 18:56:47 636928 ----a-w- c:\windows\system32\localspl.dll
2010-01-03 18:54:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-01-03 18:52:04 2927104 ----a-w- c:\windows\explorer.exe
2010-01-03 18:51:59 0 d-----w- c:\users\mason\Tracing
2010-01-03 18:51:54 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-01-03 18:51:47 988216 ----a-w- c:\windows\system32\winload.exe
2010-01-03 18:51:47 615992 ----a-w- c:\windows\system32\ci.dll
2010-01-03 18:51:40 927288 ----a-w- c:\windows\system32\winresume.exe
2010-01-03 18:51:38 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-01-03 18:51:38 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-01-03 18:51:38 40960 ----a-w- c:\windows\system32\srclient.dll
2010-01-03 18:51:38 378368 ----a-w- c:\windows\system32\srcore.dll
2010-01-03 18:51:38 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-01-03 18:51:38 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-01-03 18:47:59 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-03 18:46:59 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-03 18:42:56 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-03 18:35:46 0 d-----w- c:\program files\Microsoft
2010-01-03 18:34:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 18:30:45 0 d-----w- c:\windows\PCHEALTH
2010-01-03 18:29:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 18:29:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 18:29:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 18:29:48 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-01-03 18:29:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 18:27:23 0 d-----w- c:\program files\common files\Windows Live
2010-01-03 05:27:06 0 d-----w- c:\program files\Ventrilo
2010-01-03 05:27:04 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-01-03 05:26:38 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-03 03:50:50 0 d-----w- c:\program files\EA GAMES
2010-01-03 03:08:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-03 03:08:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-03 03:08:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-03 03:08:23 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-03 03:08:17 0 d-----w- c:\program files\AVG
2010-01-03 03:08:15 0 d-----w- c:\programdata\avg9
2010-01-03 02:58:53 0 d-----w- c:\users\mason\appdata\roaming\Xfire
2010-01-03 02:58:52 0 d-----w- c:\programdata\Xfire
2010-01-03 02:58:51 0 d-----w- c:\program files\Xfire
2010-01-03 02:54:54 56680 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-03 02:54:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-03 02:49:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-03 02:49:07 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-03 02:49:02 0 d-----w- c:\program files\DellTPad
2010-01-03 02:48:55 192048 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-03 02:48:55 107622 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-03 02:48:54 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-01-03 02:48:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-03 02:48:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-03 02:48:39 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-03 02:46:57 0 d-----w- c:\program files\Cisco
2010-01-03 02:35:10 1044992 ----a-w- c:\windows\system32\BCMLogon.dll
2010-01-03 02:35:05 386288 ----a-w- c:\windows\bcmFADD.tmp
2010-01-03 02:35:04 0 d-----w- c:\windows\system32\no-NO
2010-01-03 02:35:00 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-01-03 02:23:18 0 d-----w- c:\programdata\Dell
2010-01-03 02:23:18 0 d-----w- c:\programdata\CyberLink
2010-01-03 02:22:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-03 02:22:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-03 02:22:56 89088 ----a-w- c:\windows\system32\atl71.dll
2010-01-03 02:22:56 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-03 02:22:56 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-01-03 02:15:45 0 d-----w- c:\windows\system32\vmm32
2010-01-03 02:15:45 0 d-----w- c:\program files\Dell
2010-01-03 02:15:23 0 d-sh--w- c:\windows\Installer
2010-01-03 01:53:05 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-03 01:47:34 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-01-03 01:47:03 0 d-----w- c:\windows\Panther
2010-01-03 01:46:29 22 ---ha-r- c:\windows\dell_version
2010-01-03 01:46:29 0 d-----w- c:\windows\system32\OEM
2010-01-03 01:37:36 0 d-----w- C:\Windows.old
2010-01-03 01:36:26 8192 --s-a-r- C:\BOOTSECT.BAK
2009-12-29 06:16:17 0 d-----w- C:\found.000
2009-12-29 06:05:55 0 d-----w- C:\e4e99a97a63a5d5373d175b294
2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
==================== Find3M ====================
2010-01-14 01:33:35 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-14 01:33:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-14 01:33:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-04 11:54:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-20 18:53:32 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-03 17:27:28 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 17:27:28 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 00:51:14 9728 ----a-w- c:\windows\system32\wceprv.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 16:02:39.90 ===============
Hi again,
Uninstall Ask Toolbar if not installed on purpose.
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\users\Mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
Folder::
c:\program files\LimeWire
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
XSweetFreedomX
2010-01-28, 03:05
Sorry for the long delay, finals week :0. I tried posting that in combofix and it ran as expected but whenever I try to open firefox or any other application after running combofix it says something about the application trying to access a registry key that has been marked for deletion. To regain control of most of my functions I have to restart. (upon start up a ton of error messages pop up). I have access to the log in a txt. document but can do nothing with it because I can't access anything to save it or post it here.
Please reboot and see if you're able to provide logs after that.
XSweetFreedomX
2010-02-01, 04:29
Nope, I'm unable to run anything after running that script with combofix, I can save the log to my desktop but as soon as I close it out I am unable to open it, and upon restart it is deleted to an empty txt file. Quite the predicament.
Hi,
Please download a fresh copy of ComboFix and try to run cfscript with it.
XSweetFreedomX
2010-02-03, 00:56
Still no luck...
Hi,
Let's replace ComboFix part there.
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
del /q c:\users\Mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
del /q /s c:\program files\LimeWire
DEL %0
Right-click on fixes.bat file and choose 'run as administrator' to execute it.
Then continue with the steps listed after ComboFix part in post #8.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.