Unknown Virus is blocking www.malwarebytes.org or any online virus scan websites

[Alexandergreat3]

Hi guys,

Just a few days ago, I noticed that my computer was running very slow, so I did a scan using Malwarebytes, and it detected a malware.

After the malware was deleted by Malwarebytes, I tried to download an update for the program, but I noticed that I could no longer access www.malwarebytes.org. (nor could I load any online virus scanner)

I tried using a different computer, and the page loaded just fine, so I'm very certain that a virus is doing this.

Please help, and thank you in advance!

-----------------
Malwarebytes' Anti-Malware 1.36
Database version: 2090
Windows 5.1.2600 Service Pack 2

5/10/2009 11:19:02 PM
mbam-log-2009-05-10 (23-19-02).txt

Scan type: Quick Scan
Objects scanned: 99263
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:41 PM, on 5/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\1\Desktop\ADWARE & SPYWARE REMOVER\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232067142265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232070372437
O17 - HKLM\System\CCS\Services\Tcpip\..\{931ECC4B-5F93-4997-89BA-4D55A76595F7}: NameServer = 69.19.190.116 69.19.190.120
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

--
End of file - 3815 bytes
----------------------

PS: I appologize for bumping the other topic. I didn't know about the "no bumping" policy.

 

[pskelley]

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Not seeing anything in the log that should be causing this? If you wish to take a look, we will start like this.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

 

[Alexandergreat3]

ComboFix 09-05-12.04 - 1 05/14/2009 22:47.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.644 [GMT -8:00]
Running from: c:\documents and settings\1\Desktop\ADWARE & SPYWARE REMOVER\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Security 2006 *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-14 08:48 . 2009-05-14 07:37 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-14 07:37 . 2009-05-14 07:29 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-14 06:22 . 2009-05-14 06:22 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-14 06:22 . 2009-05-14 06:22 -------- d-----w c:\program files\Lavasoft
2009-05-14 06:22 . 2009-05-14 07:37 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-24 03:08 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 02:20 . 2008-05-08 12:28 202752 ------w c:\windows\system32\dllcache\rmcast.sys
2009-04-24 01:38 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-16 06:17 . 2009-04-16 06:17 136 ----a-w C:\pch.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 17:37 . 2006-12-29 19:16 -------- d-----w c:\program files\Lx_cats
2009-05-11 07:01 . 2006-12-17 17:52 -------- d-----w c:\program files\PokerStars
2009-04-23 22:57 . 2008-11-18 17:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-17 03:59 . 2006-12-18 00:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 04:21 . 2008-06-04 05:11 2048 ----a-w c:\windows\vknt.tmp
2009-04-06 23:32 . 2008-11-18 17:30 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2008-11-18 17:30 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2006-12-14 01:48 . 2006-12-12 10:49 88 --sha-r c:\windows\system32\04202E8837.sys
2006-12-14 02:01 . 2006-12-12 10:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-04-16 15:52 . 2005-08-16 10:18 161768 --sha-r c:\windows\system32\sdckhc.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-13_04.21.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-05-15 05:27 . 2009-05-15 05:27 16384 c:\windows\temp\Perflib_Perfdata_720.dat
+ 2009-05-14 07:37 . 2009-05-14 07:29 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2008-07-29 16:05 . 2008-07-29 16:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-14 516440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-30 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"MDM"=2 (0x2)
"comHost"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\PokerStars\\PokerStars.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsCommunicate.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\PokerStars\\Tracer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccpswx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\IGZones\\IGZones.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\GamePark\\gameparkclient_en.exe"=
"c:\\Program Files\\GamePark\\gameparkloader_en.exe"=
"c:\\Program Files\\GamePark\\GameparkUpdate.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:*isabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*isabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*isabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*isabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*isabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*isabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*isabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*isabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*isabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*isabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*isabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*isabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*isabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*isabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*isabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*isabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*isabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*isabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*isabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*isabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*isabled:TCP Port 5020
"2713:TCP"= 2713:TCP:mlxuzhn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 11:37 PM 64160]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/13/2006 11:01 PM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/13/2006 11:02 PM 13696]
S0 qikio;qikio;c:\windows\system32\drivers\lxvye.sys --> c:\windows\system32\drivers\lxvye.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 1:34 PM 953168]
S2 zlyrk;Windows Image;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 2:18 AM 14336]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [3/13/2007 9:33 PM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [3/11/2007 10:00 PM 17149]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vemjuxce
zlyrk

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:16]

2009-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2009-05-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - 1.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 09:32]

2008-11-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-08 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.cms.csulb.edu/psp/pa88prd/EMPLOYEE/EMPL/h/?tab=PAPP_GUEST
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zlyrk]
"ServiceDll"="c:\windows\system32\sdckhc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3384)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-15 22:50
ComboFix-quarantined-files.txt 2009-05-15 06:50
ComboFix2.txt 2009-05-13 04:23
ComboFix3.txt 2009-04-16 23:03
ComboFix4.txt 2009-04-16 08:48
ComboFix5.txt 2009-05-15 06:46

Pre-Run: 87,624,568,832 bytes free
Post-Run: 87,806,578,688 bytes free

242 --- E O F --- 2009-04-26 10:40


---------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:40 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\1\Desktop\ADWARE & SPYWARE REMOVER\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1232067142265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232070372437
O17 - HKLM\System\CCS\Services\Tcpip\..\{931ECC4B-5F93-4997-89BA-4D55A76595F7}: NameServer = 69.19.190.116 69.19.190.120
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

--
End of file - 3978 bytes
----------------------


3) uninstall list
7-Zip 4.42
ABBYY FineReader 6.0 Sprint
Ad Muncher
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.0.8
Adobe SVG Viewer
AIM 6
AOLIcon
Applian FLV Player
CC_ccProxyExt
ccCommon
ccPxyCore
Conexant D850 56K V.9x DFVc Modem
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Network Assistant
Digital Content Portal
Digital Line Detect
DivX Codec
Documentation & Support Launcher
DVD Decrypter (Remove Only)
ESET Online Scanner
ffdshow [rev 610] [2006-12-01]
Games, Music, & Photos Launcher
Haali Media Splitter
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 10
Juno Internet
Learn2 Player (Uninstall Only)
Lexmark 3300 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
Mjuice Components
Modem Helper
MSRedist
MSXML4 Parser
NETGEAR WG111T Smart Wizard Wireless Utility
NetZero Internet
New AoE3 Editor 2
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
oggcodecs 0.71.0946
PCFriendly
PokerStars
Project64 1.6
QuickTime
RecordPad Sound Recorder
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Shareaza 2.3.1.0
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SPBBC
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SymNet
Ulead DVD PictureShow
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vob2audio 0.1.0
Winamp (Remove Only)
WinAVIVideoConverter
Windows Defender
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Xml Viewer
XNResourceEditor 3.0.0.1
Yahoo! Messenger

 

[pskelley]

You have run combofix many times and I have seen the results of only one of the runs:

ComboFix2.txt 2009-05-13 04:23
ComboFix3.txt 2009-04-16 23:03
ComboFix4.txt 2009-04-16 08:48
ComboFix5.txt 2009-05-15 06:46

ComboFix 09-05-12.04 - 1 05/14/2009 22:47.10 <<< log you posted, I have no idea what combofix may have removed and I am working blind when not provided with all information.

Make sure you can view all files and folders:
http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp
Use this scanner: http://virusscan.jotti.org/en
scan these files in red and post the results
c:\windows\system32\drivers\lxvye.sys
c:\windows\system32\sdckhc.dll


Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 7.0.8 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

Java(TM) 6 Update 10 <<< out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Shareaza 2.3.1.0 <<< uninstall all p2p programs, see this:
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Spybot - Search & Destroy 1.4 <<< uninstall this old program

Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html

When you get to this point, see if MBAM will update now. If not it is possible NIS blocked something in the download, disable NIS only for the time to get the download, then enable it again.

Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

http://www.besttechie.net/mbam/mbam-setup.exe <<< download

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

Let me know how things are going.

Thanks

 

[Alexandergreat3]

Hi pskelley,

First, thank you for taking the time to help me! :thanks:

About the combofix, yes, I have ran it a few times earlier this week in trying to remove possible malware. Here are the old logs:


ComboFix 08-11-17.06 - 1 2009-04-16 0:45:41.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.581 [GMT -8:00]
Running from: c:\documents and settings\1\Desktop\ADWARE & SPYWARE REMOVER\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-15 22:17 . 2009-04-15 22:17 136 --a------ C:\pch.bat
2009-04-15 22:17 . 2009-04-15 22:17 0 --a------ c:\windows\system32\nfr.gpref
2009-04-15 22:15 . 2009-04-15 23:33 <DIR> d--hs---- c:\windows\system32\lowsec
2009-04-15 22:15 . 2009-04-15 22:15 14,848 --a------ c:\windows\system32\dll32.exe
2009-04-15 22:15 . 2009-04-15 22:15 2 ---h----- c:\windows\t55ft2772f44.dat
2009-04-15 22:15 . 2009-04-15 22:15 0 --a------ c:\windows\system32\nfr.assembly
2009-04-15 22:13 . 2009-04-15 22:13 16,384 ---h----- c:\windows\ld08.exe
2009-04-05 10:43 . 2009-04-05 10:43 244 --ah----- C:\sqmnoopt08.sqm
2009-04-05 10:43 . 2009-04-05 10:43 232 --ah----- C:\sqmdata08.sqm
2009-04-05 10:33 . 2009-04-05 10:33 244 --ah----- C:\sqmnoopt07.sqm
2009-04-05 10:33 . 2009-04-05 10:33 232 --ah----- C:\sqmdata07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 03:43 --------- d-----w c:\program files\PokerStars
2009-04-16 03:12 --------- d-----w c:\program files\Lx_cats
2009-04-15 06:33 --------- d-----w c:\documents and settings\1\Application Data\LimeWire
2009-04-10 04:21 2,048 ----a-w c:\windows\vknt.tmp
2009-01-18 23:34 109,416 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 22:55 29,696 ----a-w c:\windows\mickey32.dll
2009-01-16 22:55 232,784 ----a-w c:\windows\Matrix Code.scr
2009-01-16 22:55 2,285,222 ----a-w c:\windows\Matrix Code.exe
2006-12-15 00:05 0 ------w c:\documents and settings\1\Application Data\wklnhst.dat
2003-06-20 11:05 49,776 ----a-w c:\windows\inf\usbhub20.sys
2003-06-20 11:05 24,752 ----a-w c:\windows\inf\hidclass.sys
2003-06-20 11:05 20,688 ----a-w c:\windows\inf\usbd.sys
2003-06-20 11:05 19,728 ----a-w c:\windows\inf\usbehci.sys
2003-06-20 11:05 138,288 ----a-w c:\windows\inf\usbport.sys
2006-12-14 01:48 88 --sha-r c:\windows\system32\04202E8837.sys
2006-12-14 02:01 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2009-04-15_23.35.01.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 11:00:00 417,792 ----a-r c:\windows\system32\sdra64.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-30 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\WINDOWS\\SYSTEM32\\Userinit.exe,c:\\WINDOWS\\system32\\sdra64.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--------- 2005-11-17 01:33 52848 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
--a------ 2004-04-01 06:51 1589248 c:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--------- 2005-10-05 01:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 12:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--------- 2005-07-12 01:36 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-06-27 07:11 163840 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--------- 2006-07-06 05:15 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--------- 2005-11-17 01:33 120464 c:\program files\Norton Internet Security\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--------- 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--------- 2004-07-27 14:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
--------- 2005-07-20 16:16 192512 c:\program files\Lexmark 3300 Series\LXCCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-06-27 07:10 135168 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--------- 2005-11-17 01:33 218240 c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-25 14:25 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
--------- 2005-11-17 01:33 23168 c:\program files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"MDM"=2 (0x2)
"comHost"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\PokerStars\\PokerStars.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsCommunicate.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\PokerStars\\Tracer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccpswx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\IGZones\\IGZones.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\GamePark\\gameparkclient_en.exe"=
"c:\\Program Files\\GamePark\\gameparkloader_en.exe"=
"c:\\Program Files\\GamePark\\GameparkUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:*isabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*isabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*isabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*isabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*isabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*isabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*isabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*isabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*isabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*isabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*isabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*isabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*isabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*isabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*isabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*isabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*isabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*isabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*isabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*isabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*isabled:TCP Port 5020
"80:TCP"= 80:TCP:dll32
"7171:TCP"= 7171:TCP:dll32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-13 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-07-13 13696]
S0 qikio;qikio;c:\windows\system32\drivers\lxvye.sys []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\wg11tnd5.sys [2007-03-13 285216]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2007-03-13 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-03-11 17149]
S3 NAL;Nal Service ;\??\c:\windows\system32\Drivers\iqvw32.sys [2006-06-05 24064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vemjuxce

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - VEMJUXCE
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\At1.job
- c:\windows\system32\rundll32.exe [2004-08-10 03:00]

2009-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-04-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - 1.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 01:32]

2008-11-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-07-30 14:45]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 00:46:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-16 0:48:55
ComboFix-quarantined-files.txt 2009-04-16 08:48:52
ComboFix2.txt 2009-04-16 07:36:13
ComboFix3.txt 2008-11-23 05:56:25
ComboFix4.txt 2008-11-23 05:28:48
ComboFix5.txt 2009-04-16 08:45:30

Pre-Run: 88,834,678,784 bytes free
Post-Run: 88,822,296,576 bytes free

240

 

[Alexandergreat3]

Log from last month:

ComboFix 09-04-17.01 - 1 04/16/2009 14:58.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.639 [GMT -8:00]
Running from: c:\documents and settings\1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\1\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Security 2006 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ld08.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 06:17 . 2009-04-16 06:17 136 ----a-w C:\pch.bat
2009-04-16 06:15 . 2009-04-16 06:15 14848 ----a-w c:\windows\system32\dll32.exe
2009-04-16 06:15 . 2009-04-16 06:15 2 ---h--w c:\windows\t55ft2772f44.dat
2009-04-05 18:43 . 2009-04-05 18:43 244 ---ha-w C:\sqmnoopt08.sqm
2009-04-05 18:43 . 2009-04-05 18:43 232 ---ha-w C:\sqmdata08.sqm
2009-04-05 18:33 . 2009-04-05 18:33 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-05 18:33 . 2009-04-05 18:33 232 ---ha-w C:\sqmdata07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 03:43 . 2006-12-17 17:52 -------- d-----w c:\program files\PokerStars
2009-04-16 03:12 . 2006-12-29 19:16 -------- d-----w c:\program files\Lx_cats
2009-04-15 06:33 . 2008-12-02 03:18 -------- d-----w c:\documents and settings\1\Application Data\LimeWire
2009-04-13 01:15 . 2006-12-29 19:35 79542 ----a-w C:\lxccscan.log
2009-04-10 04:21 . 2008-06-04 05:11 2048 ----a-w c:\windows\vknt.tmp
2009-03-22 06:35 . 2007-03-23 03:02 55016 ----a-w C:\winzip.log
2009-03-15 23:04 . 2009-03-15 23:04 0 ----a-w C:\AODBplck
2009-03-15 23:04 . 2009-03-15 23:04 0 ----a-w C:\AODBilck
2009-03-15 23:04 . 2009-03-15 23:04 0 ----a-w C:\AdobeOnline Inventory
2009-03-15 23:04 . 2009-03-15 23:04 0 ----a-w C:\Adobe Online Prefs
2009-02-03 06:11 . 2009-02-03 06:11 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-03 06:11 . 2009-02-03 06:11 232 ---ha-w C:\sqmdata06.sqm
2009-01-18 23:34 . 2006-12-18 01:26 109416 ----a-w c:\documents and settings\1\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 21:19 . 2006-12-07 12:46 109808 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-15 00:05 . 2006-12-15 00:05 0 ------w c:\documents and settings\1\Application Data\wklnhst.dat
2006-12-12 10:33 . 2006-12-12 10:23 124 ------w c:\documents and settings\1\Local Settings\Application Data\fusioncache.dat
2006-12-07 12:46 . 2006-12-12 10:23 66752 ------w c:\documents and settings\1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-17 02:52 . 2005-08-17 02:52 136 ------w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2006-12-14 01:48 . 2006-12-12 10:49 88 --sha-r c:\windows\system32\04202E8837.sys
2006-12-14 02:01 . 2006-12-12 10:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-11-25 22:25 34816 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-11-25 22:25 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C4069E3A-68F1-403E-B40E-20066696354B}"= "c:\program files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" [2005-11-17 140912]

[HKEY_CLASSES_ROOT\clsid\{c4069e3a-68f1-403e-b40e-20066696354b}]
[HKEY_CLASSES_ROOT\Symantec.Norton.AntiVirus.IEToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{DD5F89EE-9C85-4D42-B366-919387500641}]
[HKEY_CLASSES_ROOT\Symantec.Norton.AntiVirus.IEToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}"= "c:\program files\NetZero\Toolbar.dll" [2007-03-07 297456]

[HKEY_CLASSES_ROOT\clsid\{f0f8ecbe-d460-4b34-b007-56a92e8f84a7}]
[HKEY_CLASSES_ROOT\Toolbar.ZeroBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{FF87B0F2-CD75-4A29-B4FD-E55B7648FB4E}]
[HKEY_CLASSES_ROOT\Toolbar.ZeroBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-30 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-11-17 09:33 52848 ------w c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
2004-04-01 14:51 1589248 ----a-w c:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ------w c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2005-07-12 09:36 299008 ------w c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-27 15:11 163840 ----a-w c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 13:15 151552 ------w c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2005-11-17 09:33 120464 ------w c:\program files\Norton Internet Security\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ------w c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ------w c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-07-21 00:16 192512 ------w c:\program files\Lexmark 3300 Series\LXCCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-27 15:10 135168 ----a-w c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
2005-11-17 09:33 218240 ------w c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-25 22:25 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
2005-11-17 09:33 23168 ------w c:\program files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"MDM"=2 (0x2)
"comHost"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\PokerStars\\PokerStars.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsCommunicate.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\PokerStars\\Tracer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccpswx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\IGZones\\IGZones.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\GamePark\\gameparkclient_en.exe"=
"c:\\Program Files\\GamePark\\gameparkloader_en.exe"=
"c:\\Program Files\\GamePark\\GameparkUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:*isabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*isabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*isabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*isabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*isabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*isabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*isabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*isabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*isabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*isabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*isabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*isabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*isabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*isabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*isabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*isabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*isabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*isabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*isabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*isabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*isabled:TCP Port 5020

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)

R0 qikio;qikio; [x]
R3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-15 43392]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vemjuxce

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2009-04-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - 1.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 09:32]

2008-11-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-08 22:45]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll


.
------- Supplementary Scan -------
.
uStart Page = https://my.cms.csulb.edu/psp/pa88prd/EMPLOYEE/EMPL/h/?tab=PAPP_GUEST
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 15:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-16 15:03
ComboFix-quarantined-files.txt 2009-04-16 23:02
ComboFix2.txt 2009-04-16 08:48
ComboFix3.txt 2009-04-16 07:36
ComboFix4.txt 2008-11-23 05:56
ComboFix5.txt 2009-04-16 22:55

Pre-Run: 88,832,643,072 bytes free
Post-Run: 88,838,430,720 bytes free

278

 

[Alexandergreat3]

ComboFix 09-05-12.04 - 1 05/12/2009 20:19.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.593 [GMT -8:00]
Running from: c:\documents and settings\1\Desktop\ADWARE & SPYWARE REMOVER\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Security 2006 *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-04-24 03:08 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 02:20 . 2008-05-08 12:28 202752 ------w c:\windows\system32\dllcache\rmcast.sys
2009-04-24 01:38 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-16 06:17 . 2009-04-16 06:17 136 ----a-w C:\pch.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 07:01 . 2006-12-17 17:52 -------- d-----w c:\program files\PokerStars
2009-05-11 05:46 . 2006-12-29 19:16 -------- d-----w c:\program files\Lx_cats
2009-04-23 22:57 . 2008-11-18 17:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-17 03:59 . 2006-12-18 00:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 04:21 . 2008-06-04 05:11 2048 ----a-w c:\windows\vknt.tmp
2009-04-06 23:32 . 2008-11-18 17:30 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2008-11-18 17:30 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2006-12-14 01:48 . 2006-12-12 10:49 88 --sha-r c:\windows\system32\04202E8837.sys
2006-12-14 02:01 . 2006-12-12 10:49 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-04-16 15:52 . 2005-08-16 10:18 161768 --sha-r c:\windows\system32\sdckhc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-16_23.01.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 03:59 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2009-05-12 19:05 . 2009-05-12 19:05 16384 c:\windows\temp\Perflib_Perfdata_6f4.dat
+ 2005-08-16 10:37 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
- 2005-08-16 10:37 . 2004-08-10 11:00 11776 c:\windows\system32\xolehlp.dll
+ 2005-08-16 10:18 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2008-07-14 11:09 . 2008-07-14 11:09 62976 c:\windows\system32\tzchange.exe
+ 2005-08-16 10:18 . 2005-05-10 23:45 75776 c:\windows\system32\telnet.exe
- 2005-08-16 10:18 . 2004-08-10 11:00 96768 c:\windows\system32\srvsvc.dll
+ 2005-08-16 10:18 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2007-10-22 02:04 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 39424 c:\windows\system32\pngfilt.dll
+ 2005-08-16 10:18 . 2009-04-25 20:24 63016 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-04-06 11:12 63016 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2005-07-26 04:39 37888 c:\windows\system32\olecnv32.dll
+ 2005-08-16 10:18 . 2005-07-26 04:39 74752 c:\windows\system32\olecli32.dll
+ 2005-08-16 10:18 . 2006-10-13 12:35 65536 c:\windows\system32\nwwks.dll
+ 2005-08-16 10:18 . 2006-10-13 12:35 64000 c:\windows\system32\nwapi32.dll
+ 2005-08-16 10:37 . 2006-03-01 19:42 91136 c:\windows\system32\mtxoci.dll
+ 2005-08-16 10:18 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 66560 c:\windows\system32\mtxclu.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 60192 c:\windows\system32\msjter40.dll
+ 2005-08-16 10:37 . 2004-08-10 11:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2005-08-16 10:18 . 2007-07-06 12:46 48640 c:\windows\system32\mqupgrd.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 48640 c:\windows\system32\mqupgrd.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 95744 c:\windows\system32\mqsec.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 95744 c:\windows\system32\mqsec.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 16896 c:\windows\system32\mqise.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 16896 c:\windows\system32\mqise.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 47104 c:\windows\system32\mqdscli.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 47104 c:\windows\system32\mqdscli.dll
+ 2005-08-16 10:18 . 2007-03-08 15:36 40960 c:\windows\system32\mf3216.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 96256 c:\windows\system32\inseng.dll
+ 2005-08-16 10:18 . 2006-07-21 08:24 72704 c:\windows\system32\hlink.dll
+ 2005-08-16 10:40 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
- 2005-08-16 10:40 . 2004-08-10 11:00 16896 c:\windows\system32\fltlib.dll
+ 2005-08-16 10:40 . 2006-08-21 12:21 16896 c:\windows\system32\fltlib.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 55808 c:\windows\system32\extmgr.dll
+ 2006-12-07 12:26 . 2006-06-14 09:00 82944 c:\windows\system32\drivers\wdmaud.sys
- 2006-12-07 12:26 . 2004-08-04 05:15 82944 c:\windows\system32\drivers\wdmaud.sys
+ 2005-08-16 10:18 . 2007-11-13 10:25 20480 c:\windows\system32\drivers\secdrv.sys
- 2005-08-16 10:18 . 2004-08-10 11:00 72960 c:\windows\system32\drivers\mqac.sys
+ 2005-08-16 10:18 . 2007-07-06 10:05 72960 c:\windows\system32\drivers\mqac.sys
+ 2005-08-16 10:18 . 2008-02-20 05:32 45568 c:\windows\system32\dnsrslvr.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 45568 c:\windows\system32\dnsrslvr.dll
- 2006-12-07 12:26 . 2004-08-04 05:15 82944 c:\windows\system32\dllcache\wdmaud.sys
+ 2006-12-07 12:26 . 2006-06-14 09:00 82944 c:\windows\system32\dllcache\wdmaud.sys
+ 2007-05-16 15:12 . 2007-05-16 15:12 85504 c:\windows\system32\dllcache\wabimp.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-13 12:35 . 2006-10-13 12:35 65536 c:\windows\system32\dllcache\nwwks.dll
+ 2006-10-13 12:35 . 2006-10-13 12:35 64000 c:\windows\system32\dllcache\nwapi32.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 60192 c:\windows\system32\dllcache\msjter40.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2007-07-06 10:05 . 2007-07-06 10:05 72960 c:\windows\system32\dllcache\mqac.sys
+ 2007-03-08 15:36 . 2007-03-08 15:36 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-12-07 12:23 . 2008-10-15 14:18 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-12-07 12:23 . 2006-05-09 11:41 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-07-21 08:24 . 2006-07-21 08:24 72704 c:\windows\system32\dllcache\hlink.dll
+ 2009-04-25 11:10 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-04-25 11:10 . 2006-08-21 12:21 16896 c:\windows\system32\dllcache\fltlib.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-02-20 05:32 . 2008-02-20 05:32 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2007-05-16 15:12 . 2007-05-16 15:12 86528 c:\windows\system32\dllcache\directdb.dll
+ 2006-06-22 05:06 . 2006-06-22 05:06 69120 c:\windows\system32\dllcache\ciodm.dll
+ 2006-10-12 14:02 . 2007-03-09 13:46 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2006-10-12 14:02 . 2006-10-12 14:02 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 97792 c:\windows\system32\comrepl.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 69120 c:\windows\system32\ciodm.dll
+ 2005-08-16 10:18 . 2006-06-22 05:06 69120 c:\windows\system32\ciodm.dll
+ 2005-08-16 10:18 . 2007-03-09 13:46 57344 c:\windows\msagent\agentdpv.dll
+ 2005-08-16 10:18 . 2006-10-12 14:02 42496 c:\windows\msagent\agentdp2.dll
+ 2004-09-30 02:04 . 2004-09-30 02:04 61440 c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2006-06-14 09:00 . 2006-06-14 09:00 82944 c:\windows\Driver Cache\i386\wdmaud.sys
+ 2005-08-16 10:18 . 2006-06-26 17:37 8192 c:\windows\system32\rasadhlp.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 8192 c:\windows\system32\rasadhlp.dll
- 2006-12-07 12:26 . 2004-08-04 05:07 6400 c:\windows\system32\drivers\splitter.sys
+ 2006-12-07 12:26 . 2006-06-14 08:47 6400 c:\windows\system32\drivers\splitter.sys
- 2006-12-07 12:26 . 2004-08-04 05:07 6400 c:\windows\system32\dllcache\splitter.sys
+ 2006-12-07 12:26 . 2006-06-14 08:47 6400 c:\windows\system32\dllcache\splitter.sys
+ 2006-06-26 17:37 . 2006-06-26 17:37 8192 c:\windows\system32\dllcache\rasadhlp.dll
+ 2006-06-14 08:47 . 2006-06-14 08:47 6400 c:\windows\Driver Cache\i386\splitter.sys
+ 2009-04-25 03:59 . 2007-01-19 20:15 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2009-04-25 03:59 . 2007-01-19 20:15 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2005-08-17 03:06 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 132096 c:\windows\system32\wkssvc.dll
+ 2005-08-16 10:18 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2005-08-16 10:18 . 2007-03-17 13:43 292864 c:\windows\system32\winsrv.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 667648 c:\windows\system32\wininet.dll
+ 2005-08-16 10:18 . 2006-12-19 18:16 333824 c:\windows\system32\wiaservc.dll
+ 2005-08-16 10:18 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 417792 c:\windows\system32\vbscript.dll
+ 2005-08-16 10:18 . 2007-03-08 15:36 577536 c:\windows\system32\user32.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 619008 c:\windows\system32\urlmon.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 185344 c:\windows\system32\upnphost.dll
+ 2005-08-16 10:18 . 2007-02-05 20:17 185344 c:\windows\system32\upnphost.dll
+ 2005-08-16 10:18 . 2005-08-23 03:35 123392 c:\windows\system32\umpnpmgr.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 101376 c:\windows\system32\txflog.dll
+ 2005-08-16 10:18 . 2005-07-26 04:39 101376 c:\windows\system32\txflog.dll
+ 2005-08-16 10:18 . 2005-07-08 16:27 249344 c:\windows\system32\tapisrv.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 713216 c:\windows\system32\sxs.dll
+ 2005-08-16 10:18 . 2006-10-19 13:56 713216 c:\windows\system32\sxs.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 134656 c:\windows\system32\shsvcs.dll
+ 2005-08-16 10:18 . 2006-12-19 21:52 134656 c:\windows\system32\shsvcs.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 474112 c:\windows\system32\shlwapi.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2005-08-16 10:18 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 144896 c:\windows\system32\schannel.dll
+ 2005-08-16 10:18 . 2005-07-26 04:39 397824 c:\windows\system32\rpcss.dll
+ 2005-08-16 10:18 . 2006-11-27 14:54 433152 c:\windows\system32\riched20.dll
+ 2005-08-16 10:18 . 2006-06-22 10:47 181248 c:\windows\system32\rasmans.dll
+ 2005-08-16 10:18 . 2009-04-25 20:24 402406 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2009-04-06 11:12 402406 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2006-10-16 16:15 122880 c:\windows\system32\oledlg.dll
+ 2005-08-16 10:18 . 2007-12-04 18:38 550912 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2006-10-13 12:35 142336 c:\windows\system32\nwprovau.dll
+ 2005-08-16 10:18 . 2005-08-22 18:29 197632 c:\windows\system32\netman.dll
- 2005-08-16 10:18 . 2006-07-14 15:31 332288 c:\windows\system32\netapi32.dll
+ 2005-08-16 10:18 . 2006-08-17 12:28 332288 c:\windows\system32\netapi32.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 355104 c:\windows\system32\msxbde40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 621344 c:\windows\system32\mswstr10.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 838432 c:\windows\system32\mswdat10.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 532480 c:\windows\system32\mstime.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 264992 c:\windows\system32\mstext40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 559904 c:\windows\system32\msrepl40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 322336 c:\windows\system32\msrd3x40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 432928 c:\windows\system32\msrd2x40.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 146432 c:\windows\system32\msrating.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 355104 c:\windows\system32\mspbde40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 219936 c:\windows\system32\msltus40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 248608 c:\windows\system32\msjtes40.dll
+ 2005-08-16 10:18 . 2008-03-27 08:12 151583 c:\windows\system32\msjint40.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 151583 c:\windows\system32\msjint40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 355112 c:\windows\system32\msjetoledb40.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2005-08-16 10:18 . 2006-11-27 14:54 539136 c:\windows\system32\msftedit.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 326432 c:\windows\system32\msexcl40.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 518944 c:\windows\system32\msexch40.dll
+ 2005-08-16 10:37 . 2006-03-01 19:42 161280 c:\windows\system32\msdtcuiu.dll
- 2005-08-16 10:37 . 2004-08-10 11:00 161280 c:\windows\system32\msdtcuiu.dll
+ 2005-08-16 10:37 . 2006-03-01 19:42 956416 c:\windows\system32\msdtctm.dll
+ 2005-08-16 10:37 . 2006-03-01 19:42 426496 c:\windows\system32\msdtcprx.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 471552 c:\windows\system32\mqutil.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 471552 c:\windows\system32\mqutil.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 177152 c:\windows\system32\mqrt.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 177152 c:\windows\system32\mqrt.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 660992 c:\windows\system32\mqqm.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 660992 c:\windows\system32\mqqm.dll
+ 2005-08-16 10:18 . 2007-07-06 12:46 138240 c:\windows\system32\mqad.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 138240 c:\windows\system32\mqad.dll
+ 2005-08-16 10:18 . 2006-10-14 08:13 981760 c:\windows\system32\mfc42u.dll
+ 2005-08-16 10:18 . 2006-11-01 19:17 927504 c:\windows\system32\mfc40u.dll
- 2005-08-16 10:18 . 2004-10-28 01:21 721920 c:\windows\system32\lsasrv.dll
+ 2005-08-16 10:18 . 2007-11-07 09:26 721920 c:\windows\system32\lsasrv.dll
+ 2005-08-16 10:18 . 2007-04-16 15:52 984576 c:\windows\system32\kernel32.dll
+ 2005-08-16 10:18 . 2005-06-15 17:49 295936 c:\windows\system32\kerberos.dll
- 2005-08-16 10:18 . 2006-05-18 05:24 450560 c:\windows\system32\jscript.dll
+ 2005-08-16 10:18 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2005-08-16 10:40 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 251904 c:\windows\system32\iepeers.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
+ 2005-08-16 10:18 . 2008-02-20 06:51 282624 c:\windows\system32\gdi32.dll
- 2005-08-16 10:27 . 2009-01-16 19:48 348992 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 10:27 . 2009-04-25 20:20 348992 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 10:18 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 205312 c:\windows\system32\dxtrans.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 357888 c:\windows\system32\dxtmsft.dll
+ 2005-08-16 10:18 . 2007-04-23 10:32 364160 c:\windows\system32\drivers\update.sys
+ 2005-08-16 10:18 . 2006-08-16 09:37 225664 c:\windows\system32\drivers\tcpip6.sys
+ 2005-08-16 10:18 . 2007-10-30 17:20 360064 c:\windows\system32\drivers\tcpip.sys
+ 2005-08-16 10:18 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
- 2005-08-16 10:18 . 2004-10-28 01:13 174592 c:\windows\system32\drivers\rdbss.sys
+ 2005-08-16 10:18 . 2006-05-05 09:47 174592 c:\windows\system32\drivers\rdbss.sys
- 2005-08-16 10:18 . 2004-08-10 11:00 163584 c:\windows\system32\drivers\nwrdr.sys
+ 2005-08-16 10:18 . 2006-10-13 10:23 163584 c:\windows\system32\drivers\nwrdr.sys
+ 2005-08-16 10:18 . 2007-02-09 11:10 574464 c:\windows\system32\drivers\ntfs.sys
+ 2005-08-16 10:18 . 2006-05-05 09:41 453120 c:\windows\system32\drivers\mrxsmb.sys
+ 2005-08-16 10:18 . 2007-12-18 09:51 179584 c:\windows\system32\drivers\mrxdav.sys
+ 2006-12-07 12:26 . 2006-06-14 08:47 172416 c:\windows\system32\drivers\kmixer.sys
+ 2005-08-16 10:18 . 2004-09-29 22:28 134912 c:\windows\system32\drivers\ipnat.sys
- 2005-08-16 10:18 . 2004-08-10 11:00 134912 c:\windows\system32\drivers\ipnat.sys
+ 2004-08-04 05:00 . 2006-03-17 00:33 262784 c:\windows\system32\drivers\http.sys
+ 2005-08-16 10:40 . 2006-08-21 09:14 128896 c:\windows\system32\drivers\fltmgr.sys
- 2006-12-07 12:26 . 2004-08-04 04:39 142464 c:\windows\system32\drivers\aec.sys
+ 2006-12-07 12:26 . 2006-02-15 00:22 142464 c:\windows\system32\drivers\aec.sys
+ 2005-08-16 10:18 . 2008-02-20 05:32 148992 c:\windows\system32\dnsapi.dll
+ 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2007-03-17 13:43 . 2007-03-17 13:43 292864 c:\windows\system32\dllcache\winsrv.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 667648 c:\windows\system32\dllcache\wininet.dll
+ 2006-12-19 18:16 . 2006-12-19 18:16 333824 c:\windows\system32\dllcache\wiaservc.dll
+ 2007-05-16 15:12 . 2007-05-16 15:12 510976 c:\windows\system32\dllcache\wab32.dll
+ 2007-06-26 15:13 . 2007-06-26 15:13 851968 c:\windows\system32\dllcache\vgx.dll
+ 2007-12-18 14:40 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2007-03-08 15:36 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\user32.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 619008 c:\windows\system32\dllcache\urlmon.dll
+ 2007-02-05 20:17 . 2007-02-05 20:17 185344 c:\windows\system32\dllcache\upnphost.dll
+ 2007-04-23 10:32 . 2007-04-23 10:32 364160 c:\windows\system32\dllcache\update.sys
+ 2006-08-16 09:37 . 2006-08-16 09:37 225664 c:\windows\system32\dllcache\tcpip6.sys
+ 2007-10-30 17:20 . 2007-10-30 17:20 360064 c:\windows\system32\dllcache\tcpip.sys
+ 2006-10-19 13:56 . 2006-10-19 13:56 713216 c:\windows\system32\dllcache\sxs.dll
+ 2006-12-19 21:52 . 2006-12-19 21:52 134656 c:\windows\system32\dllcache\shsvcs.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2006-11-27 14:54 . 2006-11-27 14:54 433152 c:\windows\system32\dllcache\riched20.dll
+ 2006-05-05 09:47 . 2006-05-05 09:47 174592 c:\windows\system32\dllcache\rdbss.sys
+ 2006-06-22 10:47 . 2006-06-22 10:47 181248 c:\windows\system32\dllcache\rasmans.dll
+ 2006-10-16 16:15 . 2006-10-16 16:15 122880 c:\windows\system32\dllcache\oledlg.dll
+ 2007-12-04 18:38 . 2007-12-04 18:38 550912 c:\windows\system32\dllcache\oleaut32.dll
+ 2006-10-13 10:23 . 2006-10-13 10:23 163584 c:\windows\system32\dllcache\nwrdr.sys
+ 2006-10-13 12:35 . 2006-10-13 12:35 142336 c:\windows\system32\dllcache\nwprovau.dll
+ 2007-02-09 11:10 . 2007-02-09 11:10 574464 c:\windows\system32\dllcache\ntfs.sys
+ 2006-12-07 12:04 . 2006-08-17 12:28 332288 c:\windows\system32\dllcache\netapi32.dll
- 2006-12-07 12:04 . 2006-07-14 15:31 332288 c:\windows\system32\dllcache\netapi32.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 355104 c:\windows\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 621344 c:\windows\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 838432 c:\windows\system32\dllcache\mswdat10.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 264992 c:\windows\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 559904 c:\windows\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 322336 c:\windows\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 432928 c:\windows\system32\dllcache\msrd2x40.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 355104 c:\windows\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 219936 c:\windows\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 248608 c:\windows\system32\dllcache\msjtes40.dll
+ 2006-12-26 13:07 . 2006-12-26 13:07 102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-03-27 08:12 . 2008-03-27 08:12 151583 c:\windows\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 355112 c:\windows\system32\dllcache\msjetol1.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-11-27 14:54 . 2006-11-27 14:54 539136 c:\windows\system32\dllcache\msftedit.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 326432 c:\windows\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 518944 c:\windows\system32\dllcache\msexch40.dll
+ 2006-12-26 13:07 . 2006-12-26 13:07 200704 c:\windows\system32\dllcache\msadox.dll
+ 2006-12-26 13:07 . 2006-12-26 13:07 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07 . 2006-12-26 13:07 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-05-05 09:41 . 2006-05-05 09:41 453120 c:\windows\system32\dllcache\mrxsmb.sys
+ 2007-12-18 09:51 . 2007-12-18 09:51 179584 c:\windows\system32\dllcache\mrxdav.sys
+ 2007-07-06 12:46 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 660992 c:\windows\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-10-14 08:13 . 2006-10-14 08:13 981760 c:\windows\system32\dllcache\mfc42u.dll
+ 2006-11-01 19:17 . 2006-11-01 19:17 927504 c:\windows\system32\dllcache\mfc40u.dll
+ 2007-11-07 09:26 . 2007-11-07 09:26 721920 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-12-07 12:26 . 2006-06-14 08:47 172416 c:\windows\system32\dllcache\kmixer.sys
+ 2007-04-16 15:52 . 2007-04-16 15:52 984576 c:\windows\system32\dllcache\kernel32.dll
- 2006-12-07 12:23 . 2006-05-18 05:24 450560 c:\windows\system32\dllcache\jscript.dll
+ 2006-12-07 12:23 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-21 06:15 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2008-02-20 06:51 . 2008-02-20 06:51 282624 c:\windows\system32\dllcache\gdi32.dll
+ 2009-04-25 11:10 . 2006-08-21 09:14 128896 c:\windows\system32\dllcache\fltmgr.sys
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-12-07 12:21 . 2008-02-20 05:32 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 554008 c:\windows\system32\dllcache\dao360.dll
+ 2006-08-25 15:45 . 2006-08-25 15:45 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-12-07 12:23 . 2006-05-10 05:25 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-10-12 11:09 . 2006-10-12 11:09 256512 c:\windows\system32\dllcache\agentsvr.exe
- 2006-12-07 12:26 . 2004-08-04 04:39 142464 c:\windows\system32\dllcache\aec.sys
+ 2006-12-07 12:26 . 2006-02-15 00:22 142464 c:\windows\system32\dllcache\aec.sys
+ 2006-08-16 11:58 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 540160 c:\windows\system32\comuid.dll
- 2005-08-16 10:37 . 2004-08-10 11:00 540160 c:\windows\system32\comuid.dll
+ 2005-08-16 10:18 . 2006-08-25 15:45 617472 c:\windows\system32\comctl32.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 195072 c:\windows\system32\Com\comadmin.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 498688 c:\windows\system32\clbcatq.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 110080 c:\windows\system32\clbcatex.dll
- 2005-08-16 10:37 . 2004-08-10 11:00 110080 c:\windows\system32\clbcatex.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 151040 c:\windows\system32\cdfview.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 625152 c:\windows\system32\catsrvut.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 225792 c:\windows\system32\catsrv.dll
+ 2005-08-16 10:18 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 100352 c:\windows\system32\6to4svc.dll
+ 2005-08-16 10:18 . 2006-10-12 11:09 256512 c:\windows\msagent\agentsvr.exe
- 2005-08-16 10:18 . 2004-08-10 11:00 256512 c:\windows\msagent\agentsvr.exe
+ 2004-09-30 02:11 . 2004-09-30 02:11 118784 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-08 01:36 . 2004-10-08 01:36 102400 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-09-30 02:11 . 2004-09-30 02:11 106496 c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2006-12-07 12:21 . 2006-05-05 09:41 453120 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2006-06-14 08:47 . 2006-06-14 08:47 172416 c:\windows\Driver Cache\i386\kmixer.sys
+ 2006-03-17 00:33 . 2006-03-17 00:33 262784 c:\windows\Driver Cache\i386\http.sys
+ 2006-02-15 00:22 . 2006-02-15 00:22 142464 c:\windows\Driver Cache\i386\aec.sys
+ 2009-04-25 01:39 . 2006-08-25 15:45 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
+ 2009-04-25 03:59 . 2007-01-19 20:15 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2005-08-16 10:18 . 2007-03-08 13:47 1843584 c:\windows\system32\win32k.sys
+ 2005-08-16 10:18 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 1499136 c:\windows\system32\shdocvw.dll
+ 2005-08-16 10:18 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 1435648 c:\windows\system32\query.dll
+ 2005-08-16 10:18 . 2008-05-07 04:55 1288192 c:\windows\system32\quartz.dll
+ 2005-08-16 10:18 . 2005-07-26 04:39 1285120 c:\windows\system32\ole32.dll
+ 2005-08-16 10:18 . 2007-06-26 06:08 1104896 c:\windows\system32\msxml3.dll
+ 2005-08-16 10:18 . 2008-03-25 04:50 1516568 c:\windows\system32\msjet40.dll
+ 2005-08-16 10:18 . 2008-12-12 17:27 3067392 c:\windows\system32\mshtml.dll
- 2005-08-16 10:18 . 2004-08-10 11:00 1082368 c:\windows\system32\esent.dll
+ 2005-08-16 10:18 . 2005-10-20 22:20 1082368 c:\windows\system32\esent.dll
+ 2007-03-08 13:47 . 2007-03-08 13:47 1843584 c:\windows\system32\dllcache\win32k.sys
+ 2006-12-19 21:52 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 1499136 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-06-22 05:06 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 04:55 . 2008-05-07 04:55 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2007-06-26 06:08 . 2007-06-26 06:08 1104896 c:\windows\system32\dllcache\msxml3.dll
+ 2007-05-16 15:12 . 2007-05-16 15:12 1314816 c:\windows\system32\dllcache\msoe.dll
+ 2008-03-25 04:50 . 2008-03-25 04:50 1516568 c:\windows\system32\dllcache\msjet40.dll
+ 2006-12-07 12:23 . 2008-12-12 17:27 3067392 c:\windows\system32\dllcache\mshtml.dll
+ 2007-06-13 10:23 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\explorer.exe
- 2006-12-07 12:23 . 2006-05-10 05:25 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-12-07 12:23 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
- 2005-08-16 10:18 . 2006-05-10 05:25 1054208 c:\windows\system32\danim.dll
+ 2005-08-16 10:37 . 2005-07-26 04:39 1267200 c:\windows\system32\comsvcs.dll
+ 2005-08-16 10:18 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2005-08-16 10:38 . 2004-10-07 21:28 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2005-08-16 10:38 . 2004-07-20 00:54 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 10:18 . 2007-06-13 10:23 1033216 c:\windows\explorer.exe
+ 2009-04-25 11:11 . 2009-04-25 11:11 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_c68c6f62\System.Design.dll
- 2005-08-16 10:39 . 2005-08-16 10:39 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-04-25 11:11 . 2009-04-25 11:11 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 135168]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-30 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"MDM"=2 (0x2)
"comHost"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\PokerStars\\PokerStars.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsCommunicate.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\PokerStars\\Tracer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccpswx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\IGZones\\IGZones.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\GamePark\\gameparkclient_en.exe"=
"c:\\Program Files\\GamePark\\gameparkloader_en.exe"=
"c:\\Program Files\\GamePark\\GameparkUpdate.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:*isabled:TCP Port 5000
"5001:TCP"= 5001:TCP:*isabled:TCP Port 5001
"5002:TCP"= 5002:TCP:*isabled:TCP Port 5002
"5003:TCP"= 5003:TCP:*isabled:TCP Port 5003
"5004:TCP"= 5004:TCP:*isabled:TCP Port 5004
"5005:TCP"= 5005:TCP:*isabled:TCP Port 5005
"5006:TCP"= 5006:TCP:*isabled:TCP Port 5006
"5007:TCP"= 5007:TCP:*isabled:TCP Port 5007
"5008:TCP"= 5008:TCP:*isabled:TCP Port 5008
"5009:TCP"= 5009:TCP:*isabled:TCP Port 5009
"5010:TCP"= 5010:TCP:*isabled:TCP Port 5010
"5011:TCP"= 5011:TCP:*isabled:TCP Port 5011
"5012:TCP"= 5012:TCP:*isabled:TCP Port 5012
"5013:TCP"= 5013:TCP:*isabled:TCP Port 5013
"5014:TCP"= 5014:TCP:*isabled:TCP Port 5014
"5015:TCP"= 5015:TCP:*isabled:TCP Port 5015
"5016:TCP"= 5016:TCP:*isabled:TCP Port 5016
"5017:TCP"= 5017:TCP:*isabled:TCP Port 5017
"5018:TCP"= 5018:TCP:*isabled:TCP Port 5018
"5019:TCP"= 5019:TCP:*isabled:TCP Port 5019
"5020:TCP"= 5020:TCP:*isabled:TCP Port 5020
"2713:TCP"= 2713:TCP:mlxuzhn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/13/2006 11:01 PM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/13/2006 11:02 PM 13696]
S0 qikio;qikio;c:\windows\system32\drivers\lxvye.sys --> c:\windows\system32\drivers\lxvye.sys [?]
S2 zlyrk;Windows Image;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 2:18 AM 14336]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [3/13/2007 9:33 PM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [3/11/2007 10:00 PM 17149]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vemjuxce
zlyrk

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2009-05-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - 1.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 09:32]

2008-11-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-08 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.cms.csulb.edu/psp/pa88prd/EMPLOYEE/EMPL/h/?tab=PAPP_GUEST
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 20:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zlyrk]
"ServiceDll"="c:\windows\system32\sdckhc.dll"
.
Completion time: 2009-05-13 20:23
ComboFix-quarantined-files.txt 2009-05-13 04:23
ComboFix2.txt 2009-04-16 23:03
ComboFix3.txt 2009-04-16 08:48
ComboFix4.txt 2009-04-16 07:36
ComboFix5.txt 2009-05-13 04:19

Pre-Run: 87,770,820,608 bytes free
Post-Run: 88,037,609,472 bytes free

543 --- E O F --- 2009-04-26 10:40

 

[Alexandergreat3]

ComboFix5.txt 2009-05-15 06:46

I don't have the 2009-05-15 06:46 log, because 05/14/2009 22:47.10 was the last one.

Thank you for your help!

 

[Alexandergreat3]

http://virusscan.jotti.org/en

Make sure you can view all files and folders:
http://www.bleepingcomputer.com/tuto...l62.html#winxp
Use this scanner: http://virusscan.jotti.org/en
scan these files in red and post the results
c:\windows\system32\drivers\lxvye.sys
c:\windows\system32\sdckhc.dll

When I clicked on http://virusscan.jotti.org/en, it says "page cannot be displayed".

I can connect to other websites just fine.

 

[pskelley]

Please continue with the instructions in my post #4.

 

[Alexandergreat3]

Thank you for the reply. I have uninstalled the programs you listed in post #4. I have updated all of the programs, except Java. Once I have it updated later tonight, I will post a reply.

Thank you again!

 

[Alexandergreat3]

Please excuse me for the late reply. I'm having final exams this week, and I'm busy all day until my last exam on Friday. I will post an update.

Thank you for your help and patience :.

 

[Alexandergreat3]

Adobe Flash Player 10 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 7.0.8 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

Java(TM) 6 Update 10 <<< out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Shareaza 2.3.1.0 <<< uninstall all p2p programs, see this:
http://forums.spybot.info/showthread.php?t=282


Spybot - Search & Destroy 1.4 <<< uninstall this old program

Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html

Let me know how things are going.

Thanks

Thank you for your patience.

I have updated all the programs you have asked me to, but I still could not connect to MBAM official website.

When you get to this point, see if MBAM will update now. If not it is possible NIS blocked something in the download, disable NIS only for the time to get the download, then enable it again.

When I got to this point, MBAM's website couldn't be accessed for the updated, so I tried disabling NIS to get the download. However, when I launch NIS icon, it froze, and afterwards, I was not able to access any websites now. (I'm currently on another computer)

What should I do at this point?

Thank you for your help.

 

[pskelley]

What should I do at this point?

I am not sure, not even sure we are dealing with malware? I need more information.

I was not able to access any websites now.

What message are you receiving when you try to access websites? Post any error messages you receive "word for word."

Any particular reason why you are still running Internet Explorer 6 when IE7 has been out a long time and IE8 is now released?

Do you have another browser onboard you can try?

Please post a new HJT log, the information I requested and any comments you think will help.

Thanks

 

[Alexandergreat3]

I am not sure, not even sure we are dealing with malware? I need more information.

What message are you receiving when you try to access websites? Post any error messages you receive "word for word."

Hi, thank you for your reply.

When I tried opening any webpages, I got the message "The page cannot be displayed".

When I tried logging onto MSN messenger, I got an error message about "Default Gateway":

Any particular reason why you are still running Internet Explorer 6 when IE7 has been out a long time and IE8 is now released?

The only reason I can think of is me being stuck under a rock and that I need to be up to date :laugh:.

Do you have another browser onboard you can try?

I don't have FireFox, but I could download it and transfer it over.

Please post a new HJT log, the information I requested and any comments you think will help.

Thanks

My new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:32 AM, on 5/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\1\Desktop\ADWARE & SPYWARE REMOVER\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1232067142265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232070372437
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 4078 bytes

 

[pskelley]

This sounds like a connection issue to me. I suggest you contact your internet service provider and give them this same information. They are the experts at their own software and I am not.
Here is additional infomation but I strongly suggest you have the provider's technicians look at the problem first.

See how many possibilities there are for this error: "The page cannot be displayed".
http://www.google.com/search?hl=en&...+displayed".&btnG=Google+Search&aq=f&oq=&aqi=

Possible the problem is with the browser, especially since the browser is so old, see this information:
http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx

Issues viewing Web pages
"Page cannot be displayed" errors

error message about "Default Gateway":
http://www.google.com/search?hl=en&...+"Default+Gateway":&btnG=Search&aq=f&oq=&aqi=
Stay away from "Sponsored Links" they are about $$$

 

[Alexandergreat3]

This is a strange problem that I have never encountered before. Ok, thank you once again.