Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

'Rundll 32.exe - bad image' [Solved]

Started by RomanticChrissy , Feb 18 2010 09:25 AM

  • This topic is locked This topic is locked

#1
RomanticChrissy
Posted 18 February 2010 - 09:25 AM

RomanticChrissy

    Member

  • Member
  • PipPip
  • 14 posts
From yesterday, I started receiving two boxes which pop up every time I turn on the computer.

First box says:

'rundll32.exe - Bad image - The application or DLL C:\Documents and Settings\Admin\Application Data\Adobe\Update\dlgcom.dat is not a valid Windows image. Please check this against your installation diskette.'

I click 'ok' and then second box says:

'RUNDLL - Error loading C:\Documents and Settings\Admin\Application Data\Adobe\Update\dlgcom.dat %1 is not a valid Win32 application.'

Not sure what this is?

I can't seem to be able to get the GMER log. It keeps freezing and crashing but I've got the DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Admin at 8:53:10.28 on Thu 02/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.100 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Wbr.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wanadoo.co.uk
uWindow Title = Microsoft Internet Explorer provided by Wanadoo
uSearch Bar = hxxp://www.wanadoo.co.uk/iesearch/default.htm
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: IMM Toolbar: {65dcb62d-0c89-467b-bcc3-b04fb0773d1e} - c:\program files\gfk nop\imm toolbar\MarktMonitorShell.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
uRun: [Pardo] rundll32.exe "c:\documents and settings\admin\application data\adobe\update\dlgcom.dat""
uRun: [TOY5KNQ8OC] c:\docume~1\admin\locals~1\temp\Wbr.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [Rzemajomowap] rundll32.exe "c:\windows\izebiweyifeg.dll",Startup
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {D478507A-E238-4B93-8ACA-28D00F5EC1FE} = 193.36.79.100 80.10.246.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\ykrc7j93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\ykrc7j93.default\extensions\[email protected]\components\MarktMonitorPlugin.dll
FF - component: c:\program files\mozilla firefox\components\nsgkff31_meter1.dll
FF - HiddenExtension: XULRunner: {44A32479-1D82-45B0-82A8-A3D9DC9EF6F7} - c:\documents and settings\admin\local settings\application data\{44A32479-1D82-45B0-82A8-A3D9DC9EF6F7}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2010-2-5 15360]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-2-5 9088]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100212.003\NAVENG.sys [2010-2-12 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100212.003\NAVEX15.sys [2010-2-12 1324720]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

=============== Created Last 30 ================

2010-02-14 12:13:51 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-14 12:13:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-14 12:13:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 12:13:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-14 09:09:01 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-02-14 09:08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 09:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-14 09:08:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 09:08:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 01:53:53 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 01:53:53 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-12 23:25:48 0 d-----w- c:\program files\Loaris
2010-02-12 22:50:41 0 d-----w- c:\program files\common files\PC Tools
2010-02-12 22:11:23 0 d-----w- c:\docume~1\admin\applic~1\AVG8
2010-02-12 21:45:57 0 ----a-w- c:\windows\Dnarutafuzacanuv.bin
2010-02-12 21:45:54 120 ----a-w- c:\windows\Azepuxuzedesuvar.dat
2010-02-06 19:17:43 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caa7610e6ca3d6.mof
2010-02-06 14:07:41 57344 ----a-w- C:\clipstreamsa.dll
2010-02-05 19:22:16 15360 ----a-w- c:\windows\system32\drivers\nnrnstdi.sys
2010-02-05 19:22:15 9088 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-02-05 19:21:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-02-05 19:21:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-05 19:21:10 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-05 19:20:18 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-02-05 19:16:33 0 d-----w- c:\program files\NetRatingsNetSight
2010-01-31 13:39:08 0 d-----w- c:\program files\LG Electronics
2010-01-31 13:38:40 81920 ----a-r- c:\windows\system32\srctrl.dll
2010-01-31 13:38:18 0 d-----w- c:\program files\LGGSM
2010-01-30 16:23:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-30 16:23:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 16:51:01 0 d-sh--w- c:\documents and settings\admin\PrivacIE

==================== Find3M ====================

2010-01-18 11:34:24 96152 ----a-w- c:\windows\fonts\INFECTED.ttf
2010-01-09 23:01:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 8:54:59.03 ===============


And also the attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2007 5:57:01 PM
System Uptime: 2/18/2010 8:30:50 AM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7095
Processor: Intel® Celeron® CPU 2.40GHz | Socket 478 | 2400/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 20.999 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 33 GiB total, 31.761 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP5: 1/9/2010 2:18:43 PM - Software Distribution Service 3.0
RP6: 1/9/2010 4:12:33 PM - Installed Microsoft Office Professional Plus 2007
RP7: 1/9/2010 4:20:18 PM - Installed Windows XP Service Pack 3.
RP8: 1/9/2010 5:36:32 PM - Software Distribution Service 3.0
RP9: 1/9/2010 8:58:07 PM - Installed iTunes
RP10: 1/9/2010 10:07:01 PM - Installed Adobe Photoshop CS2
RP11: 1/9/2010 10:20:09 PM - Removed Adobe Photoshop CS2
RP12: 1/9/2010 10:43:42 PM - Installed Adobe Photoshop CS2
RP13: 1/12/2010 7:39:58 PM - Software Distribution Service 3.0
RP14: 1/14/2010 7:27:14 PM - Software Distribution Service 3.0
RP15: 1/15/2010 5:52:53 PM - Software Distribution Service 3.0
RP16: 1/15/2010 10:47:14 PM - Software Distribution Service 3.0
RP17: 1/16/2010 9:31:29 AM - Software Distribution Service 3.0
RP18: 1/16/2010 6:09:37 PM - Software Distribution Service 3.0
RP19: 1/21/2010 7:40:13 PM - Software Distribution Service 3.0
RP20: 1/30/2010 4:22:13 PM - Installed Java™ 6 Update 18
RP21: 1/31/2010 1:38:16 PM - Installed LG GSM PC Components
RP22: 1/31/2010 1:39:07 PM - Installed LG USB Modem Driver
RP23: 2/5/2010 7:21:09 PM - Installed Windows XP Wdf01007.
RP24: 2/10/2010 5:13:12 PM - Software Distribution Service 3.0
RP25: 2/13/2010 1:55:28 AM - Installed AVG 9.0

==== Installed Programs ======================

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASTRA32 - Advanced System Information Tool 1.54
Bonjour
CueClub
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IMM toolbar 2.0.0 Build 878
iTunes
Java Auto Updater
Java™ 6 Update 18
LG GSM PC Components
LG USB Modem Driver
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.7)
MSVCRT
Nero 7 Ultra Edition
Nielsen
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SpeedTouch USB Software
Symantec AntiVirus Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/14/2010 9:37:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/14/2010 8:55:34 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/13/2010 7:30:35 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/13/2010 7:30:35 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/13/2010 7:30:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/13/2010 7:14:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
2/13/2010 7:14:37 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/13/2010 1:55:11 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
2/12/2010 9:43:47 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file cdaudio.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.0.
2/12/2010 10:03:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\cdaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
2/12/2010 10:03:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.

==== End Of File ===========================



Thanks in advance for the help :)
  • 0

Advertisements

#2
Rorschach112
Posted 18 February 2010 - 11:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do you still need help ?
  • 0

#3
RomanticChrissy
Posted 18 February 2010 - 12:37 PM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yeah, this hasn't been resolved?
  • 0

#4
Rorschach112
Posted 18 February 2010 - 04:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
where else have you posted for help ?

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services
nnrnstdi
nielprt
NielGfx

:Reg

:Files
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\drivers\nielprt.sys 
c:\windows\system32\drivers\nielgfx.sys 
c:\windows\Dnarutafuzacanuv.bin
c:\windows\Azepuxuzedesuvar.dat
c:\windows\fonts\INFECTED.ttf

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#5
RomanticChrissy
Posted 18 February 2010 - 06:05 PM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I've not posted for help anywhere else?

And just tried running OTM twice and first time it just crashed, 2nd time it said something like 'all processes killed' in the green box, and then it crashed again.

Should I just go straight onto GooredFix?

Btw, after running OTM the file extensions are appearing at the end of each of the file names - how do I get rid of this? I know it's not a big deal but I'd rather it wasn't there

Edited by RomanticChrissy, 19 February 2010 - 02:07 AM.

  • 0

#6
Rorschach112
Posted 19 February 2010 - 04:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yeah go onto gooredfix and do this

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix\ComboFix.txt log in your next reply.




we will fix the extension thing later
  • 0

#7
RomanticChrissy
Posted 20 February 2010 - 02:29 PM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay, just did it:

GooredFix log:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:42 on 20/02/2010 (Admin)
Firefox version 3.5.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{44A32479-1D82-45B0-82A8-A3D9DC9EF6F7} -> Success!
Deleting C:\Documents and Settings\Admin\Local Settings\Application Data\{44A32479-1D82-45B0-82A8-A3D9DC9EF6F7} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:10 09/01/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [16:23 30/01/2010]

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ykrc7j93.default\extensions\
[email protected] [21:37 09/01/2010]
[email protected] [20:36 09/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:22 30/01/2010]

-=E.O.F=-

ComboFix log:

ComboFix 10-02-20.01 - Admin 02/20/2010 19:55:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.136 [GMT 0:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\Microsoft\Windows\import.ocx
c:\documents and settings\Admin\Application Data\Microsoft\Windows\jsdb.dll
c:\windows\izebiweyifeg.dll
c:\windows\system32\4DW4R3c.dll
c:\windows\system32\4DW4R3oFVPJvxwvX.dll
c:\windows\system32\4DW4R3sv.dat
c:\windows\system32\adcc.puo
c:\windows\system32\config\47373134.Evt
c:\windows\system32\drivers\4DW4R3.sys
c:\windows\system32\drivers\4DW4R3HvPRkAUtBi.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4DW4R3
-------\Legacy_4DW4R3
-------\Service_asc3550p


((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-18 23:54 . 2010-02-18 23:54 -------- d-----w- C:\_OTM
2010-02-14 12:13 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-14 12:13 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-14 12:13 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 12:13 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-14 09:09 . 2010-02-14 09:09 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-02-14 09:08 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 09:08 . 2010-02-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-14 09:08 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 09:08 . 2010-02-14 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 05:01 . 2010-02-13 05:01 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Threat Expert
2010-02-13 01:53 . 2010-02-13 01:53 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 01:53 . 2010-02-13 01:53 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-12 23:25 . 2010-02-12 23:25 -------- d-----w- c:\program files\Loaris
2010-02-12 22:50 . 2010-02-14 12:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-12 22:50 . 2010-02-14 12:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-12 22:11 . 2010-02-12 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG8
2010-02-12 21:45 . 2010-02-20 19:11 0 ----a-w- c:\windows\Dnarutafuzacanuv.bin
2010-02-12 21:45 . 2010-02-19 18:14 120 ----a-w- c:\windows\Azepuxuzedesuvar.dat
2010-02-11 19:19 . 2010-02-11 19:19 -------- d-----w- c:\documents and settings\Admin\Application Data\AdobeUM
2010-02-06 14:07 . 2010-02-06 14:12 57344 ----a-w- C:\clipstreamsa.dll
2010-02-05 19:22 . 2009-08-21 12:50 15360 ----a-w- c:\windows\system32\drivers\nnrnstdi.sys
2010-02-05 19:22 . 2009-08-21 12:44 9088 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-02-05 19:21 . 2008-03-21 13:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-05 19:20 . 2008-12-16 13:44 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-02-05 19:16 . 2010-02-05 19:16 -------- d-----w- c:\program files\NetRatingsNetSight
2010-01-31 13:39 . 2010-01-31 13:39 -------- d-----w- c:\program files\LG Electronics
2010-01-31 13:38 . 2005-09-05 11:33 81920 ----a-r- c:\windows\system32\srctrl.dll
2010-01-31 13:38 . 2010-01-31 13:38 -------- d-----w- c:\program files\LGGSM
2010-01-30 16:27 . 2010-01-30 16:27 -------- d-----w- c:\windows\Sun
2010-01-30 16:24 . 2010-01-30 16:24 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\msvcp71.dll
2010-01-30 16:24 . 2010-01-30 16:24 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\msvcr71.dll
2010-01-30 16:24 . 2010-01-30 16:24 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\jmc.dll
2010-01-30 16:23 . 2010-01-30 16:23 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b9bd0c9-n\decora-sse.dll
2010-01-30 16:23 . 2010-01-30 16:23 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b9bd0c9-n\decora-d3d.dll
2010-01-30 16:23 . 2010-01-30 16:23 -------- d-----w- c:\program files\Common Files\Java
2010-01-30 16:23 . 2010-01-30 16:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-30 16:22 . 2010-01-30 16:22 -------- d-----w- c:\program files\Java
2010-01-26 16:51 . 2010-01-26 16:51 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-01-24 18:59 . 2010-01-24 18:59 1956072 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 15:33 . 2010-01-09 16:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-16 21:49 . 2007-10-21 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 17:15 . 2010-01-09 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-05 19:22 . 2010-01-09 20:58 -------- d-----w- c:\program files\iTunes
2010-02-05 19:21 . 2010-02-05 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-02-05 19:21 . 2010-02-05 19:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-31 13:38 . 2007-10-21 18:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-26 16:35 . 2007-10-21 17:00 74808 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 09:53 . 2007-10-21 16:53 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-15 23:14 . 2010-01-09 16:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 08:43 . 2010-01-09 19:52 -------- d-----w- c:\program files\Common Files\Real
2010-01-14 08:42 . 2007-10-21 18:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Ahead
2010-01-09 23:01 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-09 23:01 . 2007-10-21 18:16 -------- d-----w- c:\program files\Real
2010-01-09 22:46 . 2010-01-09 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-09 22:44 . 2007-10-21 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 21:06 . 2010-01-09 20:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2010-01-09 20:59 . 2010-01-09 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-09 20:58 . 2010-01-09 20:58 -------- d-----w- c:\program files\iPod
2010-01-09 20:58 . 2010-01-09 20:54 -------- d-----w- c:\program files\Common Files\Apple
2010-01-09 20:58 . 2010-01-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-09 20:57 . 2010-01-09 20:57 -------- d-----w- c:\program files\Bonjour
2010-01-09 20:57 . 2010-01-09 20:56 -------- d-----w- c:\program files\QuickTime
2010-01-09 20:55 . 2010-01-09 20:55 -------- d-----w- c:\program files\Apple Software Update
2010-01-09 20:54 . 2010-01-09 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-09 20:27 . 2010-01-09 20:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Gfk NOP
2010-01-09 20:26 . 2010-01-09 20:26 -------- d-----w- c:\program files\Gfk NOP
2010-01-09 19:36 . 2010-01-09 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-01-09 19:31 . 2010-01-09 19:31 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-09 19:15 . 2010-01-09 19:15 -------- d-----w- c:\program files\Microsoft
2010-01-09 19:15 . 2010-01-09 19:14 -------- d-----w- c:\program files\Windows Live
2010-01-09 19:14 . 2010-01-09 19:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-09 19:11 . 2010-01-09 19:11 0 ----a-w- c:\windows\nsreg.dat
2010-01-09 19:08 . 2010-01-09 19:08 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-09 18:02 . 2010-01-09 18:02 -------- d-----w- c:\program files\Thomson
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\program files\Wanadoo
2010-01-09 16:24 . 2010-01-09 16:24 -------- d-----w- c:\program files\MSBuild
2009-12-31 16:50 . 2010-01-09 16:10 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2010-01-09 16:11 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2010-01-09 16:11 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-01-09 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2010-01-09 16:10 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-01-09 16:10 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-01-09 16:11 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2010-01-09 16:11 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2010-01-09 16:11 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2010-01-09 16:12 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2010-01-09 16:11 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2010-01-09 16:11 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-08-21 12:52 . 2010-02-06 13:43 180224 ----a-w- c:\program files\mozilla firefox\components\nsgkff31_meter1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pardo"="c:\documents and settings\Admin\Application Data\Adobe\Update\dlgcom.dat" [2010-02-17 26032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"none"="c:\AUTOEXEC.BAT" [2010-02-19 57]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2/5/2010 7:22 PM 15360]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 10:28 AM 30864]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 1:53 AM 30104]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2/5/2010 7:22 PM 9088]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 1:53 AM 30104]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wanadoo.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ykrc7j93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ykrc7j93.default\extensions\[email protected]\components\MarktMonitorPlugin.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff31_meter1.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-Rzemajomowap - c:\windows\izebiweyifeg.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-20 20:19:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-20 20:19

Pre-Run: 22,340,829,184 bytes free
Post-Run: 23,249,833,984 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FC0B221D8AAA6D3D9F10F389C6338B40
  • 0

#8
Rorschach112
Posted 20 February 2010 - 02:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Dnarutafuzacanuv.bin
c:\windows\Azepuxuzedesuvar.dat
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\drivers\km_filter.sys
c:\windows\system32\spmsgXP_2k3.dll
c:\windows\system32\WdfCoInstaller01007.dll
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\drivers\km_filter.sys
c:\windows\system32\DRIVERS\nielprt.sys
c:\windows\system32\drivers\nielgfx.sys

Driver::
nnrnstdi
km_filter
nielprt
NielGfx

DDS::
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com

KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
RomanticChrissy
Posted 20 February 2010 - 03:20 PM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey, um when I ran ComboFix and with those commands, it did the scan and then was gonna try logging me off but then the screen got stuck just saying "logging off..." I waited quite long and then I just decided to switch the computer off [by holding down the 'on' switch on the computer] and restart it. I hope I haven't affected the process b/c the log still came up:

ComboFix 10-02-20.03 - Admin 02/20/2010 20:53:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.267 [GMT 0:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt

FILE ::
"c:\windows\Azepuxuzedesuvar.dat"
"c:\windows\Dnarutafuzacanuv.bin"
"c:\windows\system32\drivers\km_filter.sys"
"c:\windows\system32\drivers\nielgfx.sys"
"c:\windows\system32\DRIVERS\nielprt.sys"
"c:\windows\system32\drivers\nnrnstdi.sys"
"c:\windows\system32\spmsgXP_2k3.dll"
"c:\windows\system32\WdfCoInstaller01007.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Azepuxuzedesuvar.dat
c:\windows\Dnarutafuzacanuv.bin
c:\windows\system32\drivers\km_filter.sys
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\spmsgXP_2k3.dll
c:\windows\system32\WdfCoInstaller01007.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNRNSTDI
-------\Service_km_filter
-------\Service_NielGfx
-------\Service_nielprt
-------\Service_nnrnstdi


((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-18 23:54 . 2010-02-18 23:54 -------- d-----w- C:\_OTM
2010-02-14 12:13 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-14 12:13 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-14 12:13 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 12:13 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-14 09:09 . 2010-02-14 09:09 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-02-14 09:08 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 09:08 . 2010-02-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-14 09:08 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 09:08 . 2010-02-14 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 05:01 . 2010-02-13 05:01 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Threat Expert
2010-02-13 01:53 . 2010-02-13 01:53 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 01:53 . 2010-02-13 01:53 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-12 23:25 . 2010-02-12 23:25 -------- d-----w- c:\program files\Loaris
2010-02-12 22:50 . 2010-02-14 12:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-12 22:50 . 2010-02-14 12:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-12 22:11 . 2010-02-12 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG8
2010-02-11 19:19 . 2010-02-11 19:19 -------- d-----w- c:\documents and settings\Admin\Application Data\AdobeUM
2010-02-06 14:07 . 2010-02-06 14:12 57344 ----a-w- C:\clipstreamsa.dll
2010-02-05 19:16 . 2010-02-05 19:16 -------- d-----w- c:\program files\NetRatingsNetSight
2010-01-31 13:39 . 2010-01-31 13:39 -------- d-----w- c:\program files\LG Electronics
2010-01-31 13:38 . 2005-09-05 11:33 81920 ----a-r- c:\windows\system32\srctrl.dll
2010-01-31 13:38 . 2010-01-31 13:38 -------- d-----w- c:\program files\LGGSM
2010-01-30 16:27 . 2010-01-30 16:27 -------- d-----w- c:\windows\Sun
2010-01-30 16:23 . 2010-01-30 16:23 -------- d-----w- c:\program files\Common Files\Java
2010-01-30 16:23 . 2010-01-30 16:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-30 16:22 . 2010-01-30 16:22 -------- d-----w- c:\program files\Java
2010-01-26 16:51 . 2010-01-26 16:51 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 15:33 . 2010-01-09 16:11 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-16 21:49 . 2007-10-21 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 17:15 . 2010-01-09 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-05 19:22 . 2010-01-09 20:58 -------- d-----w- c:\program files\iTunes
2010-02-05 19:21 . 2010-02-05 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-02-05 19:21 . 2010-02-05 19:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-31 13:38 . 2007-10-21 18:00 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-30 16:24 . 2010-01-30 16:24 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\msvcp71.dll
2010-01-30 16:24 . 2010-01-30 16:24 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\msvcr71.dll
2010-01-30 16:24 . 2010-01-30 16:24 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47ce4555-n\jmc.dll
2010-01-30 16:23 . 2010-01-30 16:23 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b9bd0c9-n\decora-sse.dll
2010-01-30 16:23 . 2010-01-30 16:23 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b9bd0c9-n\decora-d3d.dll
2010-01-26 16:35 . 2007-10-21 17:00 74808 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 18:59 . 2010-01-24 18:59 1956072 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-16 09:53 . 2007-10-21 16:53 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-15 23:14 . 2010-01-09 16:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 08:43 . 2010-01-09 19:52 -------- d-----w- c:\program files\Common Files\Real
2010-01-14 08:42 . 2007-10-21 18:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Ahead
2010-01-09 23:01 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-09 23:01 . 2007-10-21 18:16 -------- d-----w- c:\program files\Real
2010-01-09 22:46 . 2010-01-09 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-01-09 22:45 . 2010-01-09 22:45 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-01-09 22:44 . 2007-10-21 18:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 21:06 . 2010-01-09 20:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2010-01-09 20:59 . 2010-01-09 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-09 20:58 . 2010-01-09 20:58 -------- d-----w- c:\program files\iPod
2010-01-09 20:58 . 2010-01-09 20:54 -------- d-----w- c:\program files\Common Files\Apple
2010-01-09 20:58 . 2010-01-09 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-09 20:57 . 2010-01-09 20:57 -------- d-----w- c:\program files\Bonjour
2010-01-09 20:57 . 2010-01-09 20:56 -------- d-----w- c:\program files\QuickTime
2010-01-09 20:55 . 2010-01-09 20:55 -------- d-----w- c:\program files\Apple Software Update
2010-01-09 20:54 . 2010-01-09 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-09 20:27 . 2010-01-09 20:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Gfk NOP
2010-01-09 20:26 . 2010-01-09 20:26 -------- d-----w- c:\program files\Gfk NOP
2010-01-09 19:36 . 2010-01-09 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-01-09 19:31 . 2010-01-09 19:31 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-09 19:15 . 2010-01-09 19:15 -------- d-----w- c:\program files\Microsoft
2010-01-09 19:15 . 2010-01-09 19:14 -------- d-----w- c:\program files\Windows Live
2010-01-09 19:14 . 2010-01-09 19:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-09 19:11 . 2010-01-09 19:11 0 ----a-w- c:\windows\nsreg.dat
2010-01-09 19:08 . 2010-01-09 19:08 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-09 18:02 . 2010-01-09 18:02 -------- d-----w- c:\program files\Thomson
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\program files\Wanadoo
2010-01-09 16:24 . 2010-01-09 16:24 -------- d-----w- c:\program files\MSBuild
2009-12-31 16:50 . 2010-01-09 16:10 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2010-01-09 16:11 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2010-01-09 16:11 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-01-09 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2010-01-09 16:10 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-01-09 16:10 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-01-09 16:11 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2010-01-09 16:11 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2010-01-09 16:11 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2010-01-09 16:12 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2010-01-09 16:11 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2010-01-09 16:11 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-08-21 12:52 . 2010-02-06 13:43 180224 ----a-w- c:\program files\mozilla firefox\components\nsgkff31_meter1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pardo"="c:\documents and settings\Admin\Application Data\Adobe\Update\dlgcom.dat" [2010-02-17 26032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"none"="c:\AUTOEXEC.BAT" [2010-02-19 57]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 10:28 AM 30864]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 1:53 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 1:53 AM 30104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wanadoo.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
TCP: {D478507A-E238-4B93-8ACA-28D00F5EC1FE} = 193.36.79.100 80.10.246.1
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ykrc7j93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ykrc7j93.default\extensions\[email protected]\components\MarktMonitorPlugin.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff31_meter1.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-20 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-20 21:17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-20 21:17
ComboFix2.txt 2010-02-20 20:20

Pre-Run: 23,258,447,872 bytes free
Post-Run: 23,224,258,560 bytes free

- - End Of File - - F9D9B6B2EB8CC59D0112296D84BEF611

Edit: Erm... now I've lost my sound on the computer... I click volume control and apparently there's no 'active mixer devices' available or something :S?

Edited by RomanticChrissy, 20 February 2010 - 03:54 PM.

  • 0

#10
Rorschach112
Posted 21 February 2010 - 04:51 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
remind me bout that at the end

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

Advertisements

#11
RomanticChrissy
Posted 21 February 2010 - 05:51 AM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.44
Database version: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2010 11:41:04 AM
mbam-log-2010-02-21 (11-41-04).txt

Scan type: Quick Scan
Objects scanned: 107223
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The Kaspersky Scanner came up with an error, here's the log of it (this was on the webpage):

The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-bin-winnt-redist.jar
File download: packages/kos-bin-winnt-engine.jar
File download: packages/kos-bin-winnt.jar
File download: packages/kos-extras.jar
null

null
Updates source is selected: http://downloads5.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: ftp://downloads5.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: http://downloads2.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: ftp://downloads4.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: ftp://downloads1.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: http://downloads3.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: ftp://downloads3.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: ftp://downloads2.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: http://downloads4.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz
Updates source is selected: http://downloads1.kaspersky-labs.com/
File download: index/master.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml.klz
File download: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
File download: index/master.xml.klz

0 [ERROR: Invalid file signature]
  • 0

#12
Rorschach112
Posted 21 February 2010 - 06:00 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#13
RomanticChrissy
Posted 21 February 2010 - 06:06 AM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL?
  • 0

#14
Rorschach112
Posted 21 February 2010 - 06:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sorry

run a new DDS scan and post that log
  • 0

#15
RomanticChrissy
Posted 21 February 2010 - 07:49 AM

RomanticChrissy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Admin at 13:46:43.40 on Sun 02/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.36 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wanadoo.co.uk
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: IMM Toolbar: {65dcb62d-0c89-467b-bcc3-b04fb0773d1e} - c:\program files\gfk nop\imm toolbar\MarktMonitorShell.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pardo] rundll32.exe "c:\documents and settings\admin\application data\adobe\update\dlgcom.dat""
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [none] c:\AUTOEXEC.BAT
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {D478507A-E238-4B93-8ACA-28D00F5EC1FE} = 193.36.79.100 80.10.246.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\ykrc7j93.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\ykrc7j93.default\extensions\[email protected]\components\MarktMonitorPlugin.dll
FF - component: c:\program files\mozilla firefox\components\nsgkff31_meter1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-2-20 9088]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100219.002\NAVENG.sys [2010-2-19 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100219.002\NAVEX15.sys [2010-2-19 1324720]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]

=============== Created Last 30 ================

2010-02-20 21:12:31 9088 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-02-20 19:46:35 0 d-sha-r- C:\cmdcons
2010-02-20 19:44:36 98816 ----a-w- c:\windows\sed.exe
2010-02-20 19:44:36 77312 ----a-w- c:\windows\MBR.exe
2010-02-20 19:44:36 261632 ----a-w- c:\windows\PEV.exe
2010-02-20 19:44:36 161792 ----a-w- c:\windows\SWREG.exe
2010-02-18 23:54:49 0 d-----w- C:\_OTM
2010-02-18 23:24:01 19968 ----a-w- c:\windows\system32\ylvr.dwo
2010-02-14 12:13:51 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-14 12:13:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-14 12:13:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-14 12:13:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-14 09:09:01 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-02-14 09:08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 09:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-14 09:08:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 09:08:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 01:53:53 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 01:53:53 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-12 23:25:48 0 d-----w- c:\program files\Loaris
2010-02-12 22:50:41 0 d-----w- c:\program files\common files\PC Tools
2010-02-12 22:11:23 0 d-----w- c:\docume~1\admin\applic~1\AVG8
2010-02-06 19:17:43 3255 ----a-w- c:\windows\system32\wbem\Outlook_01caa7610e6ca3d6.mof
2010-02-06 14:07:41 57344 ----a-w- C:\clipstreamsa.dll
2010-02-05 19:21:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-02-05 19:21:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-05 19:16:33 0 d-----w- c:\program files\NetRatingsNetSight
2010-01-31 13:39:08 0 d-----w- c:\program files\LG Electronics
2010-01-31 13:38:40 81920 ----a-r- c:\windows\system32\srctrl.dll
2010-01-31 13:38:18 0 d-----w- c:\program files\LGGSM
2010-01-30 16:23:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-30 16:23:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 16:51:01 0 d-sh--w- c:\documents and settings\admin\PrivacIE

==================== Find3M ====================

2010-02-18 15:33:39 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-18 11:34:24 96152 ----a-w- c:\windows\fonts\INFECTED.ttf
2010-01-09 23:01:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 13:47:27.46 ===============

Attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2007 5:57:01 PM
System Uptime: 2/21/2010 1:43:44 PM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7095
Processor: Intel® Celeron® CPU 2.40GHz | Socket 478 | 2400/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 21.604 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 33 GiB total, 31.761 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP5: 1/9/2010 2:18:43 PM - Software Distribution Service 3.0
RP6: 1/9/2010 4:12:33 PM - Installed Microsoft Office Professional Plus 2007
RP7: 1/9/2010 4:20:18 PM - Installed Windows XP Service Pack 3.
RP8: 1/9/2010 5:36:32 PM - Software Distribution Service 3.0
RP9: 1/9/2010 8:58:07 PM - Installed iTunes
RP10: 1/9/2010 10:07:01 PM - Installed Adobe Photoshop CS2
RP11: 1/9/2010 10:20:09 PM - Removed Adobe Photoshop CS2
RP12: 1/9/2010 10:43:42 PM - Installed Adobe Photoshop CS2
RP13: 1/12/2010 7:39:58 PM - Software Distribution Service 3.0
RP14: 1/14/2010 7:27:14 PM - Software Distribution Service 3.0
RP15: 1/15/2010 5:52:53 PM - Software Distribution Service 3.0
RP16: 1/15/2010 10:47:14 PM - Software Distribution Service 3.0
RP17: 1/16/2010 9:31:29 AM - Software Distribution Service 3.0
RP18: 1/16/2010 6:09:37 PM - Software Distribution Service 3.0
RP19: 1/21/2010 7:40:13 PM - Software Distribution Service 3.0
RP20: 1/30/2010 4:22:13 PM - Installed Java™ 6 Update 18
RP21: 1/31/2010 1:38:16 PM - Installed LG GSM PC Components
RP22: 1/31/2010 1:39:07 PM - Installed LG USB Modem Driver
RP23: 2/5/2010 7:21:09 PM - Installed Windows XP Wdf01007.
RP24: 2/10/2010 5:13:12 PM - Software Distribution Service 3.0
RP25: 2/13/2010 1:55:28 AM - Installed AVG 9.0

==== Installed Programs ======================

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASTRA32 - Advanced System Information Tool 1.54
Bonjour
CueClub
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
IMM toolbar 2.0.0 Build 878
iTunes
Java Auto Updater
Java™ 6 Update 18
LG GSM PC Components
LG USB Modem Driver
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.8)
MSVCRT
Nero 7 Ultra Edition
Nielsen
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SpeedTouch USB Software
Symantec AntiVirus Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/20/2010 8:59:52 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NNRNSTDI\0000 disappeared from the system without first being prepared for removal.
2/20/2010 8:53:05 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 8:53:04 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2010 7:13:32 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/19/2010 12:01:10 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).
2/19/2010 12:01:09 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/18/2010 11:58:05 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s).
2/18/2010 11:55:14 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/18/2010 11:55:14 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/18/2010 11:55:14 PM, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s).
2/18/2010 11:55:14 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/18/2010 11:55:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/14/2010 9:37:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/14/2010 8:55:34 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP