-
Gen.TDSS.Patched.1
BitDefender has found a virus Gen.TDSS.Patched.1
Ad-Aware has found Win32TrojanTDss.
SpybotS&D won't even run.
Nothing removes this from my computer. Various programs won't open.
When I google sites I am redirected to different sites.
Ran HijackThis log. see below.
Please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:09 AM, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Laurie\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] "RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VBTUCopy] "C:\Program Files\VBTUCopy\VBTUCopy.exe" /a /f
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202843531562
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 13120 bytes
-
STEP 1
Download DDS
Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop from:
Link 1
Link 2
Please disable any anti-malware program that will block scripts from running before running DDS.
- Double-Click on dds.scr and a command window will appear. This is normal.
- Shortly after two logs will appear:
- A window will open instructing you save & post the logs
- Save the logs to a convenient place such as your desktop
- Copy the contents of both logs & post in your next reply
STEP 2
RootRepeal - Rootkit Detector
Download RootRepeal.zip and unzip it to your Desktop.
- Double click RootRepeal.exe to start the program
- Click on the Report tab at the bottom of the program window
- Clickthe Scan button
- In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Click the OK button
- In the next dialog, select all drives showing
- Click OK to start the scan
The scan can take some time. DO NOT run any other programs while the scan is running - When the scan is complete, the Save Report button will become available
- Click this and save the report to your Desktop as RootRepeal.txt
- Go to File, then Exit to close the program
Next Reply
Please reply with:
- DDS.txt
- Attach.txt
- RootRepeal.txt
-
DDS (Ver_09-07-30.01) - NTFSx86
Run by Laurie at 16:09:04.85 on 07/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2820 [GMT -4:00]
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe -kbdx
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurie\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.ca/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2008\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [PhotoshopElementsSyncAgent] c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsSyncAgent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [USB2Check] "RUNDLL32.EXE" "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTCheck] "c:\program files\creative\creative zen\zen media explorer\CTCheck.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2008\bdagent.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VBTUCopy] "c:\program files\vbtucopy\VBTUCopy.exe" /a /f
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [PCLEPCI] c:\progra~1\pinnacle\ppe\PPE.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\laurie\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: musicmatch.com\online
DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202843531562
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5222/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
==================== Find3M ====================
2006-09-12 14:38 88 -c-shr-- c:\windows\system32\07BE1FC234.sys
2006-09-12 14:38 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 16:10:43.87 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 29/08/2006 7:39:58 PM
System Uptime: 08/07/2009 3:58:45 PM (721 hours ago)
Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 295 GiB total, 6.436 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP619: 01/08/2009 6:49:40 PM - Software Distribution Service 3.0
RP620: 01/08/2009 6:49:40 PM - Software Distribution Service 3.0
RP621: 01/08/2009 6:49:40 PM - System Checkpoint
RP622: 01/08/2009 6:49:40 PM - Software Distribution Service 3.0
RP623: 01/08/2009 6:49:40 PM - Software Distribution Service 3.0
RP624: 01/08/2009 6:49:40 PM - System Checkpoint
RP625: 01/08/2009 6:49:41 PM - System Checkpoint
RP626: 01/08/2009 6:49:41 PM - Software Distribution Service 3.0
RP627: 01/08/2009 6:49:41 PM - Software Distribution Service 3.0
RP628: 01/08/2009 6:49:41 PM - Software Distribution Service 3.0
RP629: 01/08/2009 6:49:41 PM - Software Distribution Service 3.0
RP630: 01/08/2009 6:49:41 PM - Software Distribution Service 3.0
RP631: 01/08/2009 6:49:42 PM - Software Distribution Service 3.0
RP632: 01/08/2009 6:49:42 PM - System Checkpoint
RP633: 01/08/2009 6:49:42 PM - Software Distribution Service 3.0
RP634: 01/08/2009 6:49:42 PM - Software Distribution Service 3.0
RP635: 01/08/2009 6:49:42 PM - Software Distribution Service 3.0
RP636: 01/08/2009 6:49:43 PM - Software Distribution Service 3.0
RP637: 01/08/2009 6:49:43 PM - Software Distribution Service 3.0
RP638: 01/08/2009 6:49:43 PM - System Checkpoint
RP639: 01/08/2009 6:49:43 PM - System Checkpoint
RP640: 01/08/2009 6:49:44 PM - Software Distribution Service 3.0
RP641: 01/08/2009 6:49:44 PM - System Checkpoint
RP642: 01/08/2009 6:49:44 PM - Software Distribution Service 3.0
RP643: 01/08/2009 6:49:44 PM - System Checkpoint
RP644: 01/08/2009 6:49:44 PM - Software Distribution Service 3.0
RP645: 01/08/2009 6:49:45 PM - Software Distribution Service 3.0
RP646: 01/08/2009 6:49:45 PM - Software Distribution Service 3.0
RP647: 01/08/2009 6:49:45 PM - Software Distribution Service 3.0
RP648: 01/08/2009 6:49:45 PM - Software Distribution Service 3.0
RP649: 01/08/2009 6:49:45 PM - Software Distribution Service 3.0
==== Installed Programs ======================
==== Event Viewer Messages From Past Week ========
==== End Of File ===========================
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/07 16:15
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA89B3000 Size: 872448 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAD38C000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\UACbrsngngxid.db
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACfaswwylmkr.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UAColaqpxmlib.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACthwmivkvcv.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACvjbnmttpqq.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACvnklqtmxai.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACxbiulyqaql.dat
Status: Invisible to the Windows API!
Path: c:\windows\temp\perflib_perfdata_694.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: C:\WINDOWS\Temp\UACe629.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\UACcrvmnukvjq.sys
Status: Invisible to the Windows API!
Path: c:\documents and settings\laurie\local settings\temp\~df7aac.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\laurie\local settings\temp\~df909b.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)
Path: c:\documents and settings\laurie\local settings\temp\~df9d6a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\laurie\local settings\temp\~df1d2a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\laurie\local settings\temp\~dfd92b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\laurie\local settings\temp\~dfec60.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\laurie\local settings\temp\~df46f3.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: C:\Documents and Settings\Laurie\Local Settings\Temp\UACb817.tmp
Status: Invisible to the Windows API!
Path: c:\program files\logitech\desktop messenger\8876480\users\laurie\data\inuse.txt
Status: Allocation size mismatch (API: 40, Raw: 0)
Path: Volume K:\
Status: MBR Rootkit Detected!
Path: Volume K:\, Sector 1
Status: Sector mismatch
Path: Volume K:\, Sector 2
Status: Sector mismatch
Path: Volume K:\, Sector 3
Status: Sector mismatch
Path: Volume K:\, Sector 4
Status: Sector mismatch
Path: Volume K:\, Sector 5
Status: Sector mismatch
Path: Volume K:\, Sector 6
Status: Sector mismatch
Path: Volume K:\, Sector 7
Status: Sector mismatch
Path: Volume K:\, Sector 8
Status: Sector mismatch
Path: Volume K:\, Sector 9
Status: Sector mismatch
Path: Volume K:\, Sector 10
Status: Sector mismatch
Path: Volume K:\, Sector 11
Status: Sector mismatch
Path: Volume K:\, Sector 12
Status: Sector mismatch
Path: Volume K:\, Sector 13
Status: Sector mismatch
Path: Volume K:\, Sector 14
Status: Sector mismatch
Path: Volume K:\, Sector 15
Status: Sector mismatch
Path: Volume K:\, Sector 16
Status: Sector mismatch
Path: Volume K:\, Sector 17
Status: Sector mismatch
Path: Volume K:\, Sector 18
Status: Sector mismatch
Path: Volume K:\, Sector 19
Status: Sector mismatch
Path: Volume K:\, Sector 20
Status: Sector mismatch
Path: Volume K:\, Sector 21
Status: Sector mismatch
Path: Volume K:\, Sector 22
Status: Sector mismatch
Path: Volume K:\, Sector 23
Status: Sector mismatch
Path: Volume K:\, Sector 24
Status: Sector mismatch
Path: Volume K:\, Sector 25
Status: Sector mismatch
Path: Volume K:\, Sector 26
Status: Sector mismatch
Path: Volume K:\, Sector 27
Status: Sector mismatch
Path: Volume K:\, Sector 28
Status: Sector mismatch
Path: Volume K:\, Sector 29
Status: Sector mismatch
Path: Volume K:\, Sector 30
Status: Sector mismatch
Path: Volume K:\, Sector 31
Status: Sector mismatch
Path: Volume K:\, Sector 32
Status: Sector mismatch
Path: Volume K:\, Sector 33
Status: Sector mismatch
Path: Volume K:\, Sector 34
Status: Sector mismatch
Path: Volume K:\, Sector 35
Status: Sector mismatch
Path: Volume K:\, Sector 36
Status: Sector mismatch
Path: Volume K:\, Sector 37
Status: Sector mismatch
Path: Volume K:\, Sector 38
Status: Sector mismatch
Path: Volume K:\, Sector 39
Status: Sector mismatch
Path: Volume K:\, Sector 40
Status: Sector mismatch
Path: Volume K:\, Sector 41
Status: Sector mismatch
Path: Volume K:\, Sector 42
Status: Sector mismatch
Path: Volume K:\, Sector 43
Status: Sector mismatch
Path: Volume K:\, Sector 44
Status: Sector mismatch
Path: Volume K:\, Sector 45
Status: Sector mismatch
Path: Volume K:\, Sector 46
Status: Sector mismatch
Path: Volume K:\, Sector 47
Status: Sector mismatch
Path: Volume K:\, Sector 48
Status: Sector mismatch
Path: Volume K:\, Sector 49
Status: Sector mismatch
Path: Volume K:\, Sector 50
Status: Sector mismatch
Path: Volume K:\, Sector 51
Status: Sector mismatch
Path: Volume K:\, Sector 52
Status: Sector mismatch
Path: Volume K:\, Sector 53
Status: Sector mismatch
Path: Volume K:\, Sector 54
Status: Sector mismatch
Path: Volume K:\, Sector 55
Status: Sector mismatch
Path: Volume K:\, Sector 56
Status: Sector mismatch
Path: Volume K:\, Sector 57
Status: Sector mismatch
Path: Volume K:\, Sector 58
Status: Sector mismatch
Path: Volume K:\, Sector 59
Status: Sector mismatch
Path: Volume K:\, Sector 60
Status: Sector mismatch
Path: Volume K:\, Sector 61
Status: Sector mismatch
Path: Volume K:\, Sector 62
Status: Sector mismatch
Path: K:\catalog.buc
Status: Visible to the Windows API, but not on disk.
Path: K:\Revised yB
Status: Visible to the Windows API, but not on disk.
Path: K:\save2pc
Status: Visible to the Windows API, but not on disk.
Path: K:\Scrapbooking
Status: Visible to the Windows API, but not on disk.
Path: K:\System Volume Information
Status: Visible to the Windows API, but not on disk.
Path: K:\Clients
Status: Visible to the Windows API, but not on disk.
Path: K:\My Videos
Status: Visible to the Windows API, but not on disk.
Path: K:\Catalog 2000 to present
Status: Visible to the Windows API, but not on disk.
Path: K:\Yearbook 2
Status: Visible to the Windows API, but not on disk.
Path: K:\Catalog pre 2000
Status: Visible to the Windows API, but not on disk.
Path: K:\Sears Family
Status: Visible to the Windows API, but not on disk.
Path: K:\Ms.Daniel
Status: Visible to the Windows API, but not on disk.
Path: K:\JessicaSpragueScapbooking
Status: Visible to the Windows API, but not on disk.
Path: K:\Cathy's Negs
Status: Visible to the Windows API, but not on disk.
Path: K:\sdsetup.exe
Status: Visible to the Windows API, but not on disk.
Path: K:\ZbThumbnail.info
Status: Visible to the Windows API, but not on disk.
Path: K:\Pinnacle Studio
Status: Visible to the Windows API, but not on disk.
Path: K:\Shutterfly
Status: Visible to the Windows API, but not on disk.
Path: K:\Grad pages Finished
Status: Visible to the Windows API, but not on disk.
Path: K:\Recycled
Status: Visible to the Windows API, but not on disk.
Path: K:\Shutterfly Flordia Holiday
Status: Visible to the Windows API, but not on disk.
Path: K:\Ben & Jack
Status: Visible to the Windows API, but not on disk.
Path: K:\shutterflyAnnXmas
Status: Visible to the Windows API, but not on disk.
Path: K:\ShutterflyMomXmas
Status: Visible to the Windows API, but not on disk.
Path: K:\64cKimInBathrobe.jpg
Status: Visible to the Windows API, but not on disk.
Path: K:\64cKim& LaurieOutside.jpg
Status: Visible to the Windows API, but not on disk.
Path: K:\64cKimHalloween.jpg
Status: Visible to the Windows API, but not on disk.
Path: K:\64cLaurieInCar.jpg
Status: Visible to the Windows API, but not on disk.
Path: K:\itunes
Status: Visible to the Windows API, but not on disk.
Path: K:\Kitchen Computer 2009-01-19
Status: Visible to the Windows API, but not on disk.
Path: K:\Yearbook
Status: Visible to the Windows API, but not on disk.
Stealth Objects
-------------------
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: winlogon.exe (PID: 1068) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: winlogon.exe (PID: 1068) Address: 0x00980000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: services.exe (PID: 1116) Address: 0x00aa0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: services.exe (PID: 1116) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: lsass.exe (PID: 1128) Address: 0x00b10000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: lsass.exe (PID: 1128) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1328) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1328) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1328) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACvnklqtmxai.dll]
Process: svchost.exe (PID: 1328) Address: 0x00bc0000 Size: 73728
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1328) Address: 0x00e60000 Size: 45056
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: svchost.exe (PID: 1328) Address: 0x02bc0000 Size: 217088
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1328) Address: 0x03250000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1328) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1420) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1420) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1420) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1420) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1544) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1544) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1544) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1544) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1616) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1616) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1616) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1616) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1800) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1800) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1800) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1800) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 1872) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 1872) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 1872) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 1872) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: spoolsv.exe (PID: 300) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: spoolsv.exe (PID: 300) Address: 0x00d80000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: Explorer.EXE (PID: 440) Address: 0x00d50000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: Explorer.EXE (PID: 440) Address: 0x00e00000 Size: 49152
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: Explorer.EXE (PID: 440) Address: 0x10000000 Size: 77824
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 904) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 904) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 904) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 904) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: PhotoshopElementsFileAgent.exe (PID: 940) Address: 0x00700000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: PhotoshopElementsFileAgent.exe (PID: 940) Address: 0x00d70000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: PhotoshopElementsFileAgent.exe (PID: 984) Address: 0x00710000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: PhotoshopElementsFileAgent.exe (PID: 984) Address: 0x00d80000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: CTsvcCDA.exe (PID: 1024) Address: 0x00ba0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: CTsvcCDA.exe (PID: 1024) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iaantmon.exe (PID: 1536) Address: 0x00bb0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iaantmon.exe (PID: 1536) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: MDM.EXE (PID: 1576) Address: 0x00e70000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: MDM.EXE (PID: 1576) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: sqlservr.exe (PID: 1824) Address: 0x011f0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: sqlservr.exe (PID: 1824) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: nvsvc32.exe (PID: 2008) Address: 0x00bc0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: nvsvc32.exe (PID: 2008) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: sprtsvc.exe (PID: 536) Address: 0x00e60000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: sprtsvc.exe (PID: 536) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 680) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 680) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 680) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 680) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: UAService7.exe (PID: 716) Address: 0x00bb0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: UAService7.exe (PID: 716) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: xcommsvr.exe (PID: 844) Address: 0x00bc0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: xcommsvr.exe (PID: 844) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: livesrv.exe (PID: 1044) Address: 0x00830000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: livesrv.exe (PID: 1044) Address: 0x00ea0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: vsserv.exe (PID: 1496) Address: 0x00f20000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: vsserv.exe (PID: 1496) Address: 0x01220000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: CALMAIN.exe (PID: 2124) Address: 0x00bb0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: CALMAIN.exe (PID: 2124) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: pmshost.exe (PID: 2288) Address: 0x00c00000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: pmshost.exe (PID: 2288) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACvjbnmttpqq.dll]
Process: svchost.exe (PID: 2860) Address: 0x00770000 Size: 77824
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: svchost.exe (PID: 2860) Address: 0x00a90000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: svchost.exe (PID: 2860) Address: 0x00b20000 Size: 49152
Object: Hidden Module [Name: UACe629.tmpivkvcv.dll]
Process: svchost.exe (PID: 2860) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: alg.exe (PID: 3128) Address: 0x00b30000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: alg.exe (PID: 3128) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: jusched.exe (PID: 3872) Address: 0x00e50000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: jusched.exe (PID: 3872) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: stsystra.exe (PID: 3928) Address: 0x009b0000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: stsystra.exe (PID: 3928) Address: 0x010f0000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: DMXLauncher.exe (PID: 3980) Address: 0x00e40000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: DMXLauncher.exe (PID: 3980) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: DLACTRLW.EXE (PID: 4056) Address: 0x00940000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: DLACTRLW.EXE (PID: 4056) Address: 0x00eb0000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: CTCheck.exe (PID: 4088) Address: 0x00e90000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: CTCheck.exe (PID: 4088) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: bdagent.exe (PID: 572) Address: 0x00c20000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: bdagent.exe (PID: 572) Address: 0x01290000 Size: 49152
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: USBTip.exe (PID: 2220) Address: 0x00ec0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: USBTip.exe (PID: 2220) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iTunesHelper.exe (PID: 2396) Address: 0x00e70000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iTunesHelper.exe (PID: 2396) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: issch.exe (PID: 2408) Address: 0x00e30000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: issch.exe (PID: 2408) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: sprtcmd.exe (PID: 2468) Address: 0x00e70000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: sprtcmd.exe (PID: 2468) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iPodService.exe (PID: 2488) Address: 0x00c20000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iPodService.exe (PID: 2488) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: LogitechDesktopMessenger.exe (PID: 3192) Address: 0x00e30000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: LogitechDesktopMessenger.exe (PID: 3192) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: NkvMon.exe (PID: 3204) Address: 0x00f00000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: NkvMon.exe (PID: 3204) Address: 0x10000000 Size: 45056
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iexplore.exe (PID: 4428) Address: 0x00b70000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iexplore.exe (PID: 4428) Address: 0x00fd0000 Size: 49152
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: iexplore.exe (PID: 4428) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iexplore.exe (PID: 4472) Address: 0x00b70000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iexplore.exe (PID: 4472) Address: 0x01580000 Size: 49152
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: iexplore.exe (PID: 4472) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: iexplore.exe (PID: 912) Address: 0x00b70000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: iexplore.exe (PID: 912) Address: 0x00fd0000 Size: 49152
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: iexplore.exe (PID: 912) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: Iexplore.exe (PID: 3972) Address: 0x00b70000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: Iexplore.exe (PID: 3972) Address: 0x00ff0000 Size: 49152
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: Iexplore.exe (PID: 3972) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: Iexplore.exe (PID: 2244) Address: 0x00b70000 Size: 45056
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: Iexplore.exe (PID: 2244) Address: 0x00fd0000 Size: 49152
Object: Hidden Module [Name: UACthwmivkvcv.dll]
Process: Iexplore.exe (PID: 2244) Address: 0x10000000 Size: 217088
Object: Hidden Module [Name: UACfaswwylmkr.dll]
Process: RootRepeal.exe (PID: 5536) Address: 0x00fc0000 Size: 49152
Object: Hidden Module [Name: UAColaqpxmlib.dll]
Process: RootRepeal.exe (PID: 5536) Address: 0x10000000 Size: 45056
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACcrvmnukvjq.sys
==EOF==
Attachment 3531
Attachment 3532
Attachment 3533
As per your request
Last edited by Bio-Hazard; 2009-08-07 at 23:26.
-
-
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 6 Stepping 4, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:294 Go - Free:6 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
K:\ [Fixed-FAT32] .. ( Total:465 Go - Free:254 Go )
.
Scan : 22:33.27
Path : C:\Documents and Settings\Laurie\Desktop\Rooter.exe
User : Laurie ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (984)
______ \??\C:\WINDOWS\system32\csrss.exe (1044)
______ \??\C:\WINDOWS\system32\winlogon.exe (1068)
______ C:\WINDOWS\system32\services.exe (1112)
______ C:\WINDOWS\system32\lsass.exe (1124)
______ C:\WINDOWS\system32\svchost.exe (1328)
______ C:\WINDOWS\system32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1568)
______ C:\WINDOWS\system32\svchost.exe (1604)
______ C:\WINDOWS\system32\svchost.exe (1692)
______ C:\WINDOWS\system32\svchost.exe (1844)
______ C:\WINDOWS\system32\spoolsv.exe (2008)
______ C:\WINDOWS\system32\svchost.exe (1128)
______ C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (1496)
______ C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (1532)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1632)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (1756)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1776)
______ C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (232)
______ C:\WINDOWS\system32\nvsvc32.exe (308)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (656)
______ C:\WINDOWS\system32\svchost.exe (708)
______ C:\WINDOWS\system32\UAService7.exe (744)
Locked xcommsvr.exe (840)
Locked livesrv.exe (928)
______ c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe (2140)
Locked vsserv.exe (2240)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (2524)
Locked svchost.exe (3352)
______ C:\WINDOWS\System32\alg.exe (3388)
______ C:\WINDOWS\system32\wscntfy.exe (3492)
______ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (520)
______ C:\WINDOWS\stsystra.exe (624)
______ C:\Program Files\Dell\Media Experience\DMXLauncher.exe (1028)
______ C:\WINDOWS\System32\DLA\DLACTRLW.EXE (952)
______ C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (2060)
______ C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (2408)
______ C:\Program Files\VBTUCopy\VBTUCopy.exe (2692)
______ C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (2680)
______ C:\Program Files\iTunes\iTunesHelper.exe (2828)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2848)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2888)
______ C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe (1412)
______ C:\Program Files\iPod\bin\iPodService.exe (3444)
______ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (3576)
______ C:\Program Files\Nikon\NkView6\NkvMon.exe (3636)
______ C:\WINDOWS\explorer.exe (2396)
______ C:\WINDOWS\system32\notepad.exe (1956)
______ C:\Program Files\Internet Explorer\iexplore.exe (484)
______ C:\Program Files\Internet Explorer\iexplore.exe (3240)
______ C:\Program Files\Internet Explorer\iexplore.exe (796)
______ C:\Documents and Settings\Laurie\Desktop\Rooter.exe (660)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:316681505280)
\Device\Harddisk0\Partition3 (Start_Offset:316730856960 | Length:3339463680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Disk Cleanup.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{E809416D-E002-49E5-93A4-43FF301DF5F5}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:35.32
.
C:\Rooter$\Rooter_1.txt - (07/08/2009 | 22:35.32)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
ComboFix 09-08-07.07 - Laurie 07/08/2009 22:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3083 [GMT -4:00]
Running from: c:\documents and settings\Laurie\Desktop\Combo-Fix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\HCWemMON.exe
c:\windows\Installer\132e1e3.msp
c:\windows\Installer\132e1f9.msp
c:\windows\Installer\138b9b76.msp
c:\windows\Installer\138b9b7b.msp
c:\windows\Installer\14099ca.msp
c:\windows\Installer\15469f92.msp
c:\windows\Installer\15469f97.msp
c:\windows\Installer\1a54a38.msp
c:\windows\Installer\1a54a3d.msp
c:\windows\Installer\1c58d21.msp
c:\windows\Installer\1c58d26.msp
c:\windows\Installer\1d47ad8.msp
c:\windows\Installer\1d47add.msp
c:\windows\Installer\1f623.msp
c:\windows\Installer\1f628.msp
c:\windows\Installer\2178533.msp
c:\windows\Installer\2178538.msp
c:\windows\Installer\2289250.msp
c:\windows\Installer\2289254.msp
c:\windows\Installer\23b62d7.msp
c:\windows\Installer\23b62dc.msp
c:\windows\Installer\2454f2f.msp
c:\windows\Installer\2454f34.msp
c:\windows\Installer\24658cf.msp
c:\windows\Installer\24658d4.msp
c:\windows\Installer\2502fab.msp
c:\windows\Installer\2502fb0.msp
c:\windows\Installer\26743f0.msp
c:\windows\Installer\26743f5.msp
c:\windows\Installer\267d7e2.msp
c:\windows\Installer\267d7e7.msp
c:\windows\Installer\28d0900.msp
c:\windows\Installer\28d0905.msp
c:\windows\Installer\2a7019f.msp
c:\windows\Installer\2a701a4.msp
c:\windows\Installer\2d346b1.msp
c:\windows\Installer\2d346b6.msp
c:\windows\Installer\2ed8b3d.msp
c:\windows\Installer\2ed8b43.msp
c:\windows\Installer\2f41734.msp
c:\windows\Installer\2f41739.msp
c:\windows\Installer\2fde2e5.msp
c:\windows\Installer\3269a1c.msp
c:\windows\Installer\3269a21.msp
c:\windows\Installer\33dae70.msp
c:\windows\Installer\33dae75.msp
c:\windows\Installer\34157a1.msp
c:\windows\Installer\34157a7.msp
c:\windows\Installer\349ca79.msp
c:\windows\Installer\349ca7e.msp
c:\windows\Installer\34d5d35.msp
c:\windows\Installer\34d5d3a.msp
c:\windows\Installer\356a7bf.msp
c:\windows\Installer\356a7c4.msp
c:\windows\Installer\3660a58.msp
c:\windows\Installer\3660a5d.msp
c:\windows\Installer\36d31f3.msp
c:\windows\Installer\372c10b.msp
c:\windows\Installer\372c110.msp
c:\windows\Installer\3742658.msp
c:\windows\Installer\374265d.msp
c:\windows\Installer\3759e33.msp
c:\windows\Installer\3759e38.msp
c:\windows\Installer\382fc.msp
c:\windows\Installer\38300.msp
c:\windows\Installer\38ba27e.msp
c:\windows\Installer\39123cb.msp
c:\windows\Installer\39123d0.msp
c:\windows\Installer\3aafab9.msp
c:\windows\Installer\3e059bf.msp
c:\windows\Installer\3e059c4.msp
c:\windows\Installer\3f02f56.msp
c:\windows\Installer\3f02f5b.msp
c:\windows\Installer\400940d.msp
c:\windows\Installer\4009412.msp
c:\windows\Installer\40ceaed.msp
c:\windows\Installer\40ceaf2.msp
c:\windows\Installer\4100da9.msp
c:\windows\Installer\4100dae.msp
c:\windows\Installer\418ae28.msp
c:\windows\Installer\418ae2d.msp
c:\windows\Installer\4a81910.msp
c:\windows\Installer\4a81915.msp
c:\windows\Installer\5410c0.msp
c:\windows\Installer\5410c5.msp
c:\windows\Installer\63d1361.msp
c:\windows\Installer\63d1366.msp
c:\windows\Installer\7588ed.msp
c:\windows\Installer\7588f2.msp
c:\windows\Installer\7a7c04a.msp
c:\windows\Installer\7a7c04f.msp
c:\windows\Installer\7e54cc2.msp
c:\windows\Installer\7e54cc7.msp
c:\windows\Installer\82539ee.msp
c:\windows\Installer\82539f3.msp
c:\windows\Installer\8507475.msp
c:\windows\Installer\850747a.msp
c:\windows\Installer\8b7850b.msp
c:\windows\Installer\8b78510.msp
c:\windows\Installer\93ec0cb.msp
c:\windows\Installer\93ec0d0.msp
c:\windows\Installer\cebf008.msp
c:\windows\Installer\cebf00d.msp
c:\windows\Installer\cf9480.msp
c:\windows\Installer\cf9485.msp
c:\windows\Installer\d05000.msp
c:\windows\Installer\d05005.msp
c:\windows\Installer\e65112f.msp
c:\windows\Installer\e65114d.msp
c:\windows\run.log
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004666_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004677_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\drivers\UACcrvmnukvjq.sys
c:\windows\system32\mdm.exe
c:\windows\system32\net.net
c:\windows\system32\UACbrsngngxid.db
c:\windows\system32\UACfaswwylmkr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAColaqpxmlib.dll
c:\windows\system32\UACthwmivkvcv.dll
c:\windows\system32\UACvjbnmttpqq.dll
c:\windows\system32\UACvnklqtmxai.dll
c:\windows\system32\UACxbiulyqaql.dat
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.
2009-08-07 20:15 . 2009-08-07 20:15 0 ----a-w- c:\documents and settings\Laurie\settings.dat
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\ERUNT
2009-08-07 02:40 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 21:44 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 18:37 . 2009-08-06 18:37 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\program files\Lavasoft
2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-05 01:42 . 2009-08-05 01:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-01 22:49 . 2009-08-01 22:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\IKEA HomePlanner
2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 02:01 . 2008-04-11 13:28 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-07 20:00 . 2009-03-30 23:49 -------- d-----w- c:\documents and settings\Laurie\Application Data\Dropbox
2009-08-04 01:40 . 2008-06-17 11:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-04 01:38 . 2008-06-17 11:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 01:31 . 2009-03-30 23:49 -------- d-----w- c:\program files\Dropbox
2009-07-09 01:43 . 2009-07-09 01:43 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-09 01:28 . 2009-07-08 23:51 -------- d-----w- c:\documents and settings\Laurie\Application Data\Any Video Converter
2009-07-08 23:52 . 2009-07-08 23:51 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 23:51 . 2007-12-27 03:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-08 23:51 . 2009-07-08 23:43 -------- d-----w- c:\program files\AVS4YOU
2009-07-08 23:44 . 2009-07-08 23:44 -------- d-----w- c:\documents and settings\Laurie\Application Data\AVS4YOU
2009-07-08 22:34 . 2007-10-24 17:00 -------- d-----w- c:\documents and settings\Laurie\Application Data\U3
2009-07-03 17:09 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 15:22 . 2006-09-14 18:05 -------- d-----w- c:\documents and settings\Laurie\Application Data\Canon
2009-06-10 17:56 . 2007-11-14 17:41 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 22:36 . 2009-05-28 22:35 34 ----a-w- c:\documents and settings\Laurie\jagex_runescape_preferences.dat
2009-05-21 02:37 . 2006-08-30 00:19 54632 ----a-w- c:\documents and settings\Laurie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-09-12 18:38 . 2006-08-30 03:36 88 -csh--r- c:\windows\system32\07BE1FC234.sys
2006-09-12 18:38 . 2006-08-30 03:36 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"PhotoshopElementsSyncAgent"="c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe" [2009-04-07 1742176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2004-09-22 126976]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Laurie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-24 113664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-6 67128]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-8-29 241664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/08/2009 5:44 PM 64160]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 1:45 AM 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 1:03 PM 169312]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [30/07/2007 6:47 PM 86792]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [25/03/2008 6:25 PM 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 22:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Laurie\LOCALS~1\Temp\_tf31.tmp
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2084488568-3039290927-1473572071-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7f,72,18,73,b7,
8e,1c,94,e2,63,26,f1,3f,c8,ff,68,d1,35,66,53,3b,da,a6,14,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,32,6c,b3,e2,b2,
67,64,13,6a,9c,d6,61,af,45,84,18,aa,32,02,85,bc,c8,3d,65,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,30,30,c2,c9,13,
fd,85,64,ff,7c,85,e0,43,d4,0e,fe,c1,10,2b,dd,f8,7f,ab,2c,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,56,ec,32,f7,f7,
f1,80,06,86,8c,21,01,be,91,eb,e7,d6,60,bb,c7,a1,69,55,65,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,98,6c,be,9f,7f,
43,d6,1a,f5,1d,4d,73,a8,13,5c,05,91,ae,ac,4d,04,6e,d0,04,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,27,c5,58,1f,83,
99,d8,31,df,20,58,62,78,6b,cf,c8,85,ec,49,f2,2b,77,3e,1b,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,df,ae,e5,80,79,
b1,26,19,fb,a7,78,e6,12,2f,9a,ea,c7,91,21,83,a9,38,8d,9b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,04,bc,3d,df,64,
cc,c0,64,01,3a,48,fc,e8,04,4a,f1,2e,7c,c1,27,c4,cb,2c,d7,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,9c,61,7c,d7,37,
e8,29,3f,f6,0f,4e,58,98,5b,89,c9,b1,72,3c,84,2f,01,a0,23,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,68,59,55,5d,
c4,3e,b1,3d,ce,ea,26,2d,45,aa,78,25,6d,4b,8e,4f,86,19,37,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,58,49,c1,64,32,
96,0a,09,2a,b7,cc,b5,b9,7f,41,e7,51,ee,e9,e4,23,5a,64,a3,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,db,2d,2c,ec,bf,
1c,76,71,6c,43,2d,1e,aa,22,2f,9c,93,f3,e5,ff,00,f9,de,33,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\WININET.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-08 22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-08 02:27
Pre-Run: 6,827,745,280 bytes free
Post-Run: 6,896,029,696 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,5
420 --- E O F --- 2009-08-07 22:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:58 PM, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurie\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] "RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VBTUCopy] "C:\Program Files\VBTUCopy\VBTUCopy.exe" /a /f
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202843531562
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12414 bytes
My computer seems to be working a bit better, no redirects when I google a website. I will test it a bit more to make sure everythings okay.
Thanks
-
-
ComboFix 09-08-07.09 - Laurie 08/08/2009 6:39.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3042 [GMT -4:00]
Running from: c:\documents and settings\Laurie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Laurie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.
2009-08-08 02:35 . 2009-08-08 02:35 -------- d-----w- C:\Rooter$
2009-08-07 20:15 . 2009-08-07 20:15 0 ----a-w- c:\documents and settings\Laurie\settings.dat
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\ERUNT
2009-08-07 02:40 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-06 21:44 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-06 18:37 . 2009-08-06 18:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-06 18:37 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\program files\Lavasoft
2009-08-06 18:37 . 2009-08-06 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 01:42 . 2009-08-05 01:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-01 22:49 . 2009-08-01 22:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\IKEA HomePlanner
2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 10:46 . 2008-04-11 13:28 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-08 10:20 . 2009-03-30 23:49 -------- d-----w- c:\documents and settings\Laurie\Application Data\Dropbox
2009-08-08 10:12 . 2008-06-17 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-04 01:38 . 2008-06-17 11:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 01:31 . 2009-03-30 23:49 -------- d-----w- c:\program files\Dropbox
2009-07-09 01:43 . 2009-07-09 01:43 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-09 01:28 . 2009-07-08 23:51 -------- d-----w- c:\documents and settings\Laurie\Application Data\Any Video Converter
2009-07-08 23:52 . 2009-07-08 23:51 -------- d-----w- c:\program files\Any Video Converter
2009-07-08 23:51 . 2007-12-27 03:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-08 23:51 . 2009-07-08 23:43 -------- d-----w- c:\program files\AVS4YOU
2009-07-08 23:44 . 2009-07-08 23:44 -------- d-----w- c:\documents and settings\Laurie\Application Data\AVS4YOU
2009-07-08 22:34 . 2007-10-24 17:00 -------- d-----w- c:\documents and settings\Laurie\Application Data\U3
2009-07-03 17:09 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 15:22 . 2006-09-14 18:05 -------- d-----w- c:\documents and settings\Laurie\Application Data\Canon
2009-06-10 17:56 . 2007-11-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 22:36 . 2009-05-28 22:35 34 ----a-w- c:\documents and settings\Laurie\jagex_runescape_preferences.dat
2009-05-21 02:37 . 2006-08-30 00:19 54632 ----a-w- c:\documents and settings\Laurie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 20:08 . 2008-12-11 18:26 38208 ----a-w- c:\documents and settings\Laurie\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2006-09-12 18:38 . 2006-08-30 03:36 88 -csh--r- c:\windows\system32\07BE1FC234.sys
2006-09-12 18:38 . 2006-08-30 03:36 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-08_02.17.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-08 10:19 . 2009-08-08 10:19 16384 c:\windows\Temp\Perflib_Perfdata_414.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"PhotoshopElementsSyncAgent"="c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe" [2009-04-07 1742176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2004-09-22 126976]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Laurie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-24 113664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-6 67128]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-8-29 241664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/08/2009 5:44 PM 64160]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 1:45 AM 124832]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 1:03 PM 169312]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [30/07/2007 6:47 PM 86792]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 10:49 AM 1029456]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\drivers\MarvinAVS.sys [25/03/2008 6:25 PM 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-08-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]
2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{E809416D-E002-49E5-93A4-43FF301DF5F5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 06:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2084488568-3039290927-1473572071-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7f,72,18,73,b7,
8e,1c,94,e2,63,26,f1,3f,c8,ff,68,d1,35,66,53,3b,da,a6,14,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,32,6c,b3,e2,b2,
67,64,13,6a,9c,d6,61,af,45,84,18,aa,32,02,85,bc,c8,3d,65,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,30,30,c2,c9,13,
fd,85,64,ff,7c,85,e0,43,d4,0e,fe,c1,10,2b,dd,f8,7f,ab,2c,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,56,ec,32,f7,f7,
f1,80,06,86,8c,21,01,be,91,eb,e7,d6,60,bb,c7,a1,69,55,65,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,98,6c,be,9f,7f,
43,d6,1a,f5,1d,4d,73,a8,13,5c,05,91,ae,ac,4d,04,6e,d0,04,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,27,c5,58,1f,83,
99,d8,31,df,20,58,62,78,6b,cf,c8,85,ec,49,f2,2b,77,3e,1b,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,df,ae,e5,80,79,
b1,26,19,fb,a7,78,e6,12,2f,9a,ea,c7,91,21,83,a9,38,8d,9b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,04,bc,3d,df,64,
cc,c0,64,01,3a,48,fc,e8,04,4a,f1,2e,7c,c1,27,c4,cb,2c,d7,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,9c,61,7c,d7,37,
e8,29,3f,f6,0f,4e,58,98,5b,89,c9,b1,72,3c,84,2f,01,a0,23,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,68,59,55,5d,
c4,3e,b1,3d,ce,ea,26,2d,45,aa,78,25,6d,4b,8e,4f,86,19,37,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,58,49,c1,64,32,
96,0a,09,2a,b7,cc,b5,b9,7f,41,e7,51,ee,e9,e4,23,5a,64,a3,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,db,2d,2c,ec,bf,
1c,76,71,6c,43,2d,1e,aa,22,2f,9c,93,f3,e5,ff,00,f9,de,33,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1388)
c:\windows\system32\WININET.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2009-08-08 6:50
ComboFix-quarantined-files.txt 2009-08-08 10:50
ComboFix2.txt 2009-08-08 02:27
Pre-Run: 6,808,313,856 bytes free
Post-Run: 6,762,479,616 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"
256 --- E O F --- 2009-08-08 03:12
Logfile of Trend Micro HijackThis v2.0.2[/COLOR]Scan saved at 6:53:11 AM, on 08/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurie\Desktop\Virus Aug2009\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] "RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [VBTUCopy] "C:\Program Files\VBTUCopy\VBTUCopy.exe" /a /f
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202843531562
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12112 bytes
2 reports as per your request....
-
Remove HijackThis entries
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - - Close all open windows and browsers/email etc...
- Click on the Fix Checked button
- When completed close the application.
Uninstall list
Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:
- Start HijackThis
- Click on the Config button
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
- Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
ATF-Cleaner
Please download ATF Cleaner by Atribune.
- Save it to your desktop
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser - Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords please click No at the prompt. - Click Exit on the Main menu to close the program.
Kaspersky Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply along with a fresh HijackThis log.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
- HijackThis Uninstall list
- Kaspersky Log
- A fresh HijackThis Log ( after all the above has been done)
- A description of how your computer is behaving
-
HijackThis Uninstall List
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 5.0.2 Patcher
Adobe Photoshop Elements 6.0
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Uploader
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer
AnswerWorks 5.0 English Runtime
Any Video Converter 2.7.5
Apple Software Update
AudibleManager
Beyond TV DVD Burning Foundation
BitDefender Internet Security 2008
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
Canon MOV Decoder
Canon MP Navigator 2.2
Canon MP530
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities EOS Utility
Canon Utilities FileViewerUtility 1.0
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture 2.6
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Creative Software AutoUpdate
Creative System Information
Creative ZEN
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Resource CD
Dell Support Center
DellSupport
Dropbox
Easy-WebPrint
Elements+ for Photoshop Elements 7.0
ERUNT 1.1j
Flash Video MX version 3.5.1.21
getPlus(R)_ocx
Hauppauge English Help Files and Resources
Hauppauge WinTV
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IBM USB-to-Serial
IKEA Home Planner
ImageStream
ImageStream_2008-09
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
iSofter DVD Ripper Platinum 1.0.2006.912
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
JpegSizer 6.0.5
Learn2 Player (Uninstall Only)
LimeWire 5.0.11
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Math Resource Studio
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Script Debugger
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MP3 Player Utilities 4.18
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nikon Scan
Nikon View 6
NVIDIA Drivers
PhotoInPress BookDesigner
PhotoshopdotcomInspirationBrowser
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pinnacle PCI Performance Enhancer
Pinnacle Systems USB-2 Device Drivers
Pinnacle USB device drivers 2
Pivot Stickfigure Animator
Presto! PageManager 7.15.11
Quicken 2009
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
RealPlayer
Remote Control USB Driver
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
save2pc Light 3.37
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SilverFast NikonM TWAIN 6.6.0r2
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Uniblue ProcessScanner
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue System Tweaker
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Redist Package
WebCyberCoach 3.2 Dell
WinAVI Video Converter 5.8
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
YouSendIt Express
YouSendIt Plug-in for Outlook
ZEN Media Explorer
ZENcast Organizer
KASPERSKY LOG FAILED THIS IS THE MESSAGE I RECEIVED:
Program is starting. Please wait...
Update source selected: http://www.kaspersky.com
Downloading file: packages/kos-extras.jar
Program has started.
Program database is being updated. Please wait...
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]
I TRIED CLOSING THE PROGRAM AND RESTARTING IT BUT KEPT GETTING THE SAME MESSAGE. ALL MY ANTI VIRUS STUFF IS OFF. ANY SUGGESTIONS?
-
Forgot to included the HijackThis log after I ran Kaspersky. I also forgot to mention Kaspersky scan ran to 57% before it gave me the error message.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:14 PM, on 08/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\VBTUCopy\VBTUCopy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurie\Desktop\Virus Aug2009\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [USB2Check] "RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [VBTUCopy] "C:\Program Files\VBTUCopy\VBTUCopy.exe" /a /f
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...01/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1202843531562
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...22/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5106/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12289 bytes
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules