-
Yes, used my thumb drive but I scanned it first and nothing came up, I take it I got it from that again... can I clean the thumb drive or just bin it?
DDS (Ver_09-03-16.01) - NTFSx86
Run by CTD at 0:46:02.96 on Fri 03/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.285 [GMT -12:00]
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\CTD\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221087931671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237106076968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ctd\applic~1\mozilla\firefox\profiles\6vzp189g.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-10 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-10 138680]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\ctd\locals~1\temp\aswarkrn.sys --> c:\docume~1\ctd\locals~1\temp\aswArKrn.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-10 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-10 352920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-14 38496]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
=============== Created Last 30 ================
2009-03-26 10:06 <DIR> --d----- c:\documents and settings\ctd\Tracing
2009-03-26 10:02 <DIR> --d----- c:\program files\Microsoft
2009-03-26 10:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-26 09:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-24 10:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-24 10:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-24 09:50 <DIR> --d----- c:\documents and settings\ctd\.SunDownloadManager
2009-03-23 08:36 <DIR> a-dshr-- C:\cmdcons
2009-03-23 08:31 161,792 a------- c:\windows\SWREG.exe
2009-03-23 08:31 98,816 a------- c:\windows\sed.exe
2009-03-20 07:41 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-19 16:29 <DIR> --d----- c:\documents and settings\ctd\.housecall6.6
2009-03-19 09:41 <DIR> --d----- c:\windows\SHELLNEW
2009-03-19 07:44 <DIR> --d----- c:\docume~1\ctd\applic~1\PCToolsFirewallPlus
2009-03-19 07:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-18 19:35 <DIR> --d----- c:\program files\Trend Micro
2009-03-14 21:05 <DIR> --d----- c:\docume~1\ctd\applic~1\Malwarebytes
2009-03-14 21:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-14 21:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 20:54 <DIR> --d----- c:\program files\Secunia
2009-03-14 20:29 <DIR> --ds---- c:\documents and settings\ctd\UserData
2009-03-08 07:55 <DIR> --d----- C:\lj1015
2009-03-06 12:38 <DIR> --d----- c:\program files\Cool PDF Reader
2009-03-06 12:28 <DIR> --d----- c:\docume~1\ctd\applic~1\PDF reDirect
==================== Find3M ====================
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-29 11:47 20,632 a------- c:\windows\system32\dopdfmn6.dll
2009-01-29 11:47 18,072 a------- c:\windows\system32\dopdfmi6.dll
============= FINISH: 0:46:33.67 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 10:16:33 AM
System Uptime: 3/26/2009 8:25:33 PM (4 hours ago)
Motherboard: Quanta | | 308F
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 23 GiB total, 14.371 GiB free.
D: is FIXED (NTFS) - 33 GiB total, 23.591 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
Service:
==== System Restore Points ===================
RP1: 3/23/2009 8:31:44 AM - System Checkpoint
RP2: 3/23/2009 8:32:35 AM - ComboFix created restore point
RP3: 3/24/2009 9:19:46 AM - ComboFix created restore point
RP4: 3/24/2009 9:52:00 AM - Removed Java(TM) 6 Update 7
RP5: 3/24/2009 10:10:28 AM - Installed Java(TM) 6 Update 12
RP6: 3/26/2009 10:02:38 AM - Removed Windows Live installer
==== Installed Programs ======================
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player 11
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AlphaCam
AlphaCam Viewer
Any Video Converter 2.6.2
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audacity 1.2.6
avast! Antivirus
Belarc Advisor 7.2
Bonjour
BS.Player FREE
Canon iP3300
CCleaner (remove only)
Choice Guard
Conexant AC-Link Audio
Cool PDF Reader 2.0
CyberLink PowerDVD 8
Desktop Calendar 0.42b
Dev-C++ 5 beta 9 release (4.9.9.2)
doPDF 6.2 printer
EfreeBuy Folder Icon Version 3.00
EVEREST Home Edition v2.20
Flash Decompiler Gold 2.0.4.1204
Free Video to JPG Converter version 1.4
Free Video to Mp3 Converter version 3.1
FreeRIP v3.091
Gadwin PrintScreen
Google Earth
GSpot Codec Information Appliance
GTK+ Runtime 2.12.8 rev a (remove only)
HijackThis 2.0.2
honestech Video Editor
HP Integrated Module with Bluetooth wireless technology
Icons from File 3.32
Intel(R) Graphics Media Accelerator Driver
iTunes
iTunes Sync
Java(TM) 6 Update 12
K-Lite Codec Pack 4.2.5 (Basic)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MJ 1.09
Mozilla Firefox (3.0.7)
MSN Messenger 7.5
MSVCRT
PDF Settings
Pidgin
PowerDVD
QuickTime
Realtek AC'97 Audio
ScreenPrint32 v3.5
Secunia PSI
Segoe UI
Software Update for Web Folders
Spybot - Search & Destroy
SpywareBlaster 4.1
TagScanner 5.0 build 525
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Uninstall 1.0.0.1
Update for Windows XP (KB894391)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPatrol 2008
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
3/23/2009 8:28:54 AM, error: Service Control Manager [7023] - The Support Network service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
3/23/2009 8:21:53 AM, error: Tcpip [4198] - The system detected an address conflict for IP address 172.16.0.200 with the system having network hardware address 00:11:95:BB:4F:5E. The local interface has been disabled.
3/23/2009 8:18:16 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0015004CD44F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/20/2009 2:58:09 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/20/2009 2:00:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Firewall Plus service to connect.
3/20/2009 12:44:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68511 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
3/20/2009 10:43:28 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68557 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
3/20/2009 7:10:23 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
3/20/2009 7:10:23 AM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: Cannot create a file when that file already exists.
3/20/2009 7:10:23 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2009 7:10:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
3/20/2009 7:07:49 AM, error: Dhcp [1002] - The IP address lease 172.16.0.172 for the Network Card with network address 00C09FD96934 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/23/2009 8:47:00 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
3/25/2009 9:58:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
==== End Of File ===========================
-
Hi
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
- Run Spybot-S&D in Advanced Mode
- If it is not already set to do this, go to the Mode menu
select
Advanced Mode
- On the left hand side, click on Tools
- Then click on the Resident icon in the list
- Uncheck
Resident TeaTimer
and OK any prompts. - Restart your computer
Disable WinPatrol's realtime protection. - Right-click the running icon of Winpatrol in the system tray
- Choose exit. It will automatically restart at next boot.
Please have the thumbdrive plugged in during the fixing operation.
Then download & run ComboFix like you did before. Post back its report & a fresh dds log.
-
Hi, I can't boot the computer up now - I am getting:
NTLDR is missing
-
OK I fixed the boot up problem - here are the logs. Thanks
ComboFix 09-03-22.01 - CTD 2009-03-27 12:33:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.491 [GMT -12:00]
Running from: c:\documents and settings\CTD\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
g:\recycler\desktop.ini
g:\recycler\FINDER.DAT
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-27 12:31 . 2009-03-27 12:32 <DIR> d-------- C:\32788R22FWJFW
2009-03-26 10:06 . 2009-03-26 20:35 <DIR> d-------- c:\documents and settings\CTD\Tracing
2009-03-26 10:02 . 2009-03-26 10:02 <DIR> d-------- c:\program files\Microsoft
2009-03-26 10:01 . 2009-03-26 10:01 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-26 09:56 . 2009-03-26 09:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-24 10:12 . 2009-03-24 10:11 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-24 10:12 . 2009-03-24 10:11 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 09:50 . 2009-03-24 10:00 <DIR> d-------- c:\documents and settings\CTD\.SunDownloadManager
2009-03-20 07:41 . 2009-03-20 07:41 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-19 16:29 . 2009-03-20 11:46 <DIR> d-------- c:\documents and settings\CTD\.housecall6.6
2009-03-19 09:41 . 2009-03-19 09:42 <DIR> d-------- c:\windows\SHELLNEW
2009-03-19 07:44 . 2009-03-19 07:44 <DIR> d-------- c:\documents and settings\CTD\Application Data\PCToolsFirewallPlus
2009-03-19 07:40 . 2009-03-20 14:03 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-18 19:35 . 2009-03-18 19:35 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\documents and settings\CTD\Application Data\Malwarebytes
2009-03-14 21:05 . 2009-03-14 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 21:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-14 20:54 . 2009-03-14 20:54 <DIR> d-------- c:\program files\Secunia
2009-03-14 20:29 . 2009-03-14 20:29 <DIR> d---s---- c:\documents and settings\CTD\UserData
2009-03-08 07:55 . 2009-03-08 07:55 <DIR> d-------- C:\lj1015
2009-03-06 12:38 . 2009-03-06 12:38 <DIR> d-------- c:\program files\Cool PDF Reader
2009-03-06 12:28 . 2009-03-06 12:30 <DIR> d-------- c:\documents and settings\CTD\Application Data\PDF reDirect
2009-03-01 21:12 . 2009-03-01 21:12 <DIR> d-------- c:\documents and settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 05:29 --------- d-----w c:\documents and settings\CTD\Application Data\.purple
2009-03-27 00:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 22:00 --------- d-----w c:\program files\Windows Live
2009-03-24 22:10 --------- d-----w c:\program files\Java
2009-03-21 02:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 04:46 --------- d-----w c:\documents and settings\CTD\Application Data\gtk-2.0
2009-03-19 07:27 --------- d-----w c:\program files\Mozilla Sunbird
2009-03-15 08:47 --------- d-----w c:\program files\SpywareBlaster
2009-03-13 22:54 --------- d-----w c:\documents and settings\CTD\Application Data\Any Video Converter
2009-02-17 08:54 --------- d-----w c:\program files\FreeRIP3
2009-02-17 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP
2009-02-17 02:37 --------- d-----w c:\documents and settings\CTD\Application Data\McGraw-HillLicensing
2009-02-17 01:31 --------- d-----w c:\program files\Gadwin Systems
2009-02-07 06:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 04:09 --------- d-----w c:\program files\Flash Decompiler Gold
2009-02-05 21:27 --------- d-----w c:\documents and settings\LocalService\Application Data\Softland
2009-02-05 21:25 --------- d-----w c:\program files\Softland
2009-01-31 03:43 --------- d-----w c:\program files\Desktop Calendar
2009-01-29 23:47 20,632 ----a-w c:\windows\system32\dopdfmn6.dll
2009-01-29 23:47 18,072 ----a-w c:\windows\system32\dopdfmi6.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 8.44.16.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 08:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-26 22:06:47 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-03-26 22:01:17 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2008-06-10 13:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-03-24 22:11:12 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 13:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-24 22:11:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 14:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-24 22:11:13 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-28 00:30:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_154.dat
+ 2009-03-28 00:29:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b4.dat
+ 2007-11-07 08:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 13:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 13:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-10 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-10 20560]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\CTD\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\CTD\LOCALS~1\Temp\aswArKrn.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-14 38496]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc93676-8c11-11dd-83e2-00c09fd96934}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\CTD\Application Data\Mozilla\Firefox\Profiles\6vzp189g.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 12:40:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2009-03-27 12:45:30
ComboFix-quarantined-files.txt 2009-03-28 00:45:19
ComboFix2.txt 2009-03-24 21:42:04
ComboFix3.txt 2009-03-23 20:46:56
Pre-Run: 15,480,037,376 bytes free
Post-Run: 15,474,876,416 bytes free
162
DDS (Ver_09-03-16.01) - NTFSx86
Run by CTD at 12:48:46.57 on Fri 03/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.474 [GMT -12:00]
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\CTD\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221087931671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237106076968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ctd\applic~1\mozilla\firefox\profiles\6vzp189g.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-10 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-10 138680]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\ctd\locals~1\temp\aswarkrn.sys --> c:\docume~1\ctd\locals~1\temp\aswArKrn.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-10 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-10 352920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-14 38496]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
=============== Created Last 30 ================
2009-03-26 10:06 <DIR> --d----- c:\documents and settings\ctd\Tracing
2009-03-26 10:02 <DIR> --d----- c:\program files\Microsoft
2009-03-26 10:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-26 09:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-24 10:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-24 10:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-24 09:50 <DIR> --d----- c:\documents and settings\ctd\.SunDownloadManager
2009-03-23 08:36 <DIR> a-dshr-- C:\cmdcons
2009-03-23 08:31 161,792 a------- c:\windows\SWREG.exe
2009-03-23 08:31 98,816 a------- c:\windows\sed.exe
2009-03-20 07:41 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-19 16:29 <DIR> --d----- c:\documents and settings\ctd\.housecall6.6
2009-03-19 09:41 <DIR> --d----- c:\windows\SHELLNEW
2009-03-19 07:44 <DIR> --d----- c:\docume~1\ctd\applic~1\PCToolsFirewallPlus
2009-03-19 07:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-18 19:35 <DIR> --d----- c:\program files\Trend Micro
2009-03-14 21:05 <DIR> --d----- c:\docume~1\ctd\applic~1\Malwarebytes
2009-03-14 21:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-14 21:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 21:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 21:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 20:54 <DIR> --d----- c:\program files\Secunia
2009-03-14 20:29 <DIR> --ds---- c:\documents and settings\ctd\UserData
2009-03-08 07:55 <DIR> --d----- C:\lj1015
2009-03-06 12:38 <DIR> --d----- c:\program files\Cool PDF Reader
2009-03-06 12:28 <DIR> --d----- c:\docume~1\ctd\applic~1\PDF reDirect
==================== Find3M ====================
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-29 11:47 20,632 a------- c:\windows\system32\dopdfmn6.dll
2009-01-29 11:47 18,072 a------- c:\windows\system32\dopdfmi6.dll
============= FINISH: 12:49:11.45 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2008 10:16:33 AM
System Uptime: 3/27/2009 12:27:53 PM (0 hours ago)
Motherboard: Quanta | | 308F
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1729/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 23 GiB total, 14.428 GiB free.
D: is FIXED (NTFS) - 33 GiB total, 23.591 GiB free.
E: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_3080103C&REV_03\3&B1BFB68&0&F3
Service:
==== System Restore Points ===================
RP1: 3/23/2009 8:31:44 AM - System Checkpoint
RP2: 3/23/2009 8:32:35 AM - ComboFix created restore point
RP3: 3/24/2009 9:19:46 AM - ComboFix created restore point
RP4: 3/24/2009 9:52:00 AM - Removed Java(TM) 6 Update 7
RP5: 3/24/2009 10:10:28 AM - Installed Java(TM) 6 Update 12
RP6: 3/26/2009 10:02:38 AM - Removed Windows Live installer
==== Installed Programs ======================
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player 11
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AlphaCam
AlphaCam Viewer
Any Video Converter 2.6.2
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audacity 1.2.6
avast! Antivirus
Belarc Advisor 7.2
Bonjour
BS.Player FREE
Canon iP3300
CCleaner (remove only)
Choice Guard
Conexant AC-Link Audio
Cool PDF Reader 2.0
CyberLink PowerDVD 8
Desktop Calendar 0.42b
Dev-C++ 5 beta 9 release (4.9.9.2)
doPDF 6.2 printer
EfreeBuy Folder Icon Version 3.00
EVEREST Home Edition v2.20
Flash Decompiler Gold 2.0.4.1204
Free Video to JPG Converter version 1.4
Free Video to Mp3 Converter version 3.1
FreeRIP v3.091
Gadwin PrintScreen
Google Earth
GSpot Codec Information Appliance
GTK+ Runtime 2.12.8 rev a (remove only)
HijackThis 2.0.2
honestech Video Editor
HP Integrated Module with Bluetooth wireless technology
Icons from File 3.32
Intel(R) Graphics Media Accelerator Driver
iTunes
iTunes Sync
Java(TM) 6 Update 12
K-Lite Codec Pack 4.2.5 (Basic)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MJ 1.09
Mozilla Firefox (3.0.7)
MSN Messenger 7.5
MSVCRT
PDF Settings
Pidgin
PowerDVD
QuickTime
Realtek AC'97 Audio
ScreenPrint32 v3.5
Secunia PSI
Segoe UI
Software Update for Web Folders
Spybot - Search & Destroy
SpywareBlaster 4.1
TagScanner 5.0 build 525
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Uninstall 1.0.0.1
Update for Windows XP (KB894391)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPatrol 2008
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
3/20/2009 7:10:23 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2009 7:10:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
3/20/2009 7:07:49 AM, error: Dhcp [1002] - The IP address lease 172.16.0.172 for the Network Card with network address 00C09FD96934 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/20/2009 7:10:23 AM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: Cannot create a file when that file already exists.
3/20/2009 7:10:23 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
3/20/2009 9:26:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Firewall Plus service to connect.
3/20/2009 9:42:12 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/20/2009 10:43:28 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68557 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
3/20/2009 12:44:55 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -68511 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|172.16.0.172:123->207.46.232.182:123) is working properly.
3/20/2009 2:00:50 PM, error: Service Control Manager [7023] - The Support Network service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
3/20/2009 2:01:58 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0015004CD44F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/23/2009 8:21:53 AM, error: Tcpip [4198] - The system detected an address conflict for IP address 172.16.0.200 with the system having network hardware address 00:11:95:BB:4F:5E. The local interface has been disabled.
3/23/2009 8:47:00 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
3/25/2009 9:58:29 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
==== End Of File ===========================
-
Hi
Ok. Now please run Kaspersky online scanner again and post back its report.
Disable WinPatrol's realtime protection. - Right-click the running icon of Winpatrol in the system tray
- Choose exit. It will automatically restart at next boot.
Start hjt, do a system scan, check (if found):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
Close browsers and fix checked.
Post a fresh hjt log.
-
Hi, thanks and again, and logs as asked for:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 05:37:39
Records in database: 1985943
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 91232
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:33:13
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\_wynfgczs_.dll.zip Infected: Net-Worm.Win32.Kido.ih 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:45 PM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1221087931671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237106076968
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 6555 bytes
-
That looks pretty good now. How's the system running?
-
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.