Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my pc has been had by virus malware,please help


  • Please log in to reply

#1
dodge101

dodge101

    Member

  • Member
  • PipPip
  • 13 posts
my pc has been attacked by a virus, can't access start menu commands ( control panel my computer etc) downloaded stopzilla thinking it was free but not to remove it seems.
Stopzilla has quarantined 244 virus accordingly but still can't access system controls.
now message keeps saying virtual memory minimum to low don't know if this is connected,
have disabled system restore as a virus was using that it seems every time i rebooted to reinstate itself.
have tried several different reg cleaners and worm removers as well as anti spyware still though to no evail.

Plese if anyone could help i would be eternally gratefull and allthough i'm not loaded would be willing to donate what i can for any help.
thanking you in advance
Dodge
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi,

Donations are never required :) , Please Try the following first



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-07-12.1 - D&C1 2008-07-12 20:22:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.422 [GMT 1:00]
Running from: C:\Documents and Settings\D&C1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\D&C1\Favorites\Error Cleaner.url
C:\Documents and Settings\D&C1\Favorites\Privacy Protector.url
C:\Documents and Settings\D&C1\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\QBeKknmp.ini
C:\WINDOWS\system32\QBeKknmp.ini2
C:\WINDOWS\system32\SZComp5.dll
C:\WINDOWS\system32\umiqsvhh.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-10 23:06 . 2008-07-10 23:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-10 23:06 . 2008-07-10 23:06 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\PC Tools
2008-07-10 23:06 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-07-10 23:06 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-07-09 19:24 . 2008-07-09 19:24 2,560 --ah----- C:\WINDOWS\system32\drivers\mchInjDrv.sys.szcpf
2008-07-09 17:44 . 2008-07-12 20:34 16,952 --ah----- C:\WINDOWS\system32\drivers\RkPavproc1.sys.szcpf
2008-07-09 17:14 . 2008-04-29 11:33 16,952 --------- C:\WINDOWS\system32\drivers\RkPavproc1.sys
2008-07-09 17:11 . 2008-07-09 17:11 <DIR> d-------- C:\Program Files\Panda Security
2008-07-09 17:11 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-07 20:18 . 2006-10-24 14:27 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\You've Got Pictures Screensaver
2008-07-07 20:18 . 2006-10-24 14:24 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\Symantec
2008-07-07 20:18 . 2006-10-24 14:33 <DIR> d--h----- C:\Documents and Settings\D&C1\Application Data\Gtek
2008-07-07 20:18 . 2006-10-24 14:26 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\Corel
2008-07-07 20:18 . 2006-10-30 23:10 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\AOL
2008-07-07 20:18 . 2008-07-07 20:18 <DIR> d-------- C:\Documents and Settings\D&C1
2008-07-07 18:59 . 2008-07-07 19:43 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-07 00:40 . 2006-10-24 14:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-07 00:40 . 2006-10-24 14:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-07 00:40 . 2006-10-24 14:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-07 00:40 . 2006-10-24 14:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-07-07 00:40 . 2006-10-30 23:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-07-07 00:40 . 2008-07-07 00:40 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Program Files\ThreatFire
2008-07-06 21:11 . 2008-07-06 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-06 21:11 . 2008-04-24 16:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-07-06 21:11 . 2008-04-24 16:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-07-06 21:11 . 2008-04-24 16:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-07-06 21:11 . 2008-04-24 16:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-07-06 20:53 . 2008-07-12 19:28 23,720 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 20:52 . 2008-07-06 20:52 <DIR> d-------- C:\Program Files\STOPzilla!
2008-07-06 20:52 . 2008-07-06 20:52 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-06 20:52 . 2008-07-12 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-06 20:52 . 2008-07-06 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-06 20:05 . 2008-07-06 20:05 <DIR> d-------- C:\Program Files\RegCure
2008-07-06 11:51 . 2008-07-06 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-04 20:55 . 2008-07-04 20:55 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-07-04 20:55 . 2008-07-04 20:55 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 13:38 . 2008-07-02 13:38 <DIR> d-------- C:\Documents and Settings\Kirsty\Application Data\Apple Computer
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-26 09:19 . 2008-06-26 09:50 <DIR> d-------- C:\Program Files\Vodafone PC Assistant
2008-06-26 09:18 . 2007-03-27 03:26 88,960 -ra------ C:\WINDOWS\system32\drivers\hmvmdm.sys
2008-06-20 18:41 . 2008-06-20 18:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 14:51 . 2008-07-06 19:18 <DIR> d-------- C:\Program Files\SpeedFan
2008-06-20 14:51 . 2008-06-20 14:51 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-20 11:44 . 2008-06-20 11:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:14 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-19 20:14 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-19 20:14 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-19 20:14 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-19 20:14 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 19:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 19:29 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-06 10:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 10:41 --------- d-----w C:\Program Files\Games
2008-07-05 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-04 08:16 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 08:16 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 08:16 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-25 08:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-22 16:57 --------- d-----w C:\Program Files\PokerStars
2008-05-18 17:33 --------- d-----w C:\Documents and Settings\Brian\Application Data\Propellerhead Software
2008-05-14 20:49 --------- d-----w C:\Program Files\AVG
2008-05-14 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-13 09:03 34,432 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-15 19:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-26 17:18 0 ----a-w C:\Documents and Settings\Kirsty\Application Data\wklnhst.dat
2006-11-19 19:02 0 ----a-w C:\Documents and Settings\Cerys\Application Data\wklnhst.dat
2006-10-30 16:21 88 --sh--r C:\WINDOWS\system32\D53891D06F.sys
2006-10-30 16:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 22:28 68856]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2007-04-16 11:47 2119176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-24 14:27 26112]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 05:56 73728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 22:58 8704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 08:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:16 1232152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 16:52 259392]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-16 11:47 2119176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dlcgcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe"=
"C:\\Program Files\\Games\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.5\\cnc3game.dat"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"55889:TCP"= 55889:TCP:127.0.0.1
"55888:TCP"= 55888:TCP:127.0.0.1
"55887:TCP"= 55887:TCP:127.0.0.1
"55886:TCP"= 55886:TCP:127.0.0.1
"55885:TCP"= 55885:TCP:127.0.0.1
"55884:TCP"= 55884:TCP:127.0.0.1
"55883:TCP"= 55883:TCP:127.0.0.1
"55882:TCP"= 55882:TCP:127.0.0.1
"55881:TCP"= 55881:TCP:127.0.0.1
"55889:UDP"= 55889:UDP:torrent
"55888:UDP"= 55888:UDP:torrent
"55887:UDP"= 55887:UDP:torrent
"55886:UDP"= 55886:UDP:torrent
"55885:UDP"= 55885:UDP:torrent
"55884:UDP"= 55884:UDP:torrent
"55883:UDP"= 55883:UDP:torrent
"55882:UDP"= 55882:UDP:torrent
"55881:UDP"= 55881:UDP:torrent

R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys [2005-04-04 17:25]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 16:52]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 16:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:16]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:16]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:16]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:16]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 16:52]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\hmvmdm.sys [2007-03-27 03:26]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 22:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-12 19:37:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-12 19:34:54 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-06 19:05:50 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
ShellExecuteHooks-{3BA3028F-FD37-46BF-AD27-733734684F06} - (no file)
SSODL-okmdepgb-{46D1C697-8B3F-4F0A-8813-40EDD00FA032} - (no file)
SSODL-axrfgvek-{417996EC-8EB8-4747-ABD6-024C84357DF5} - C:\WINDOWS\axrfgvek.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 20:35:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-12 20:48:23 - machine was rebooted [D&C1]
ComboFix-quarantined-files.txt 2008-07-12 19:46:57

Pre-Run: 74,218,336,256 bytes free
Post-Run: 76,348,055,552 bytes free

318 --- E O F --- 2008-07-12 15:40:35
  • 0

#4
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Above is tjhe log file you requested, my start menu seems to have reurned but sop has the wierd spyware protection icon i thought i'd got rid of.
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Open notepad and copy/paste the text in RED below into it:


File::
C:\WINDOWS\TEMP\mc22.tmp
Driver::
mchInjDrv


Save this as CFScript.txt, in the same location as ComboFix.exe (desktop)

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#6
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Do i need to disable antivirus etc again for this or any other programmes?
also will it start as soon as put the script into combofix?

sorry if i seem a bit dumb just would like to be preparerd!! :)
  • 0

#7
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
yes it will start, as soon as you put the script in. I would disable the things you disabled the first time :)
  • 0

#8
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-07-12.1 - D&C1 2008-07-15 17:47:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.543 [GMT 1:00]
Running from: C:\Documents and Settings\D&C1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\D&C1\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\TEMP\mc22.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-12 23:52 . 2008-07-12 23:52 <DIR> d-------- C:\d1ec4d082972fd846a9e
2008-07-12 23:41 . 2008-07-12 23:41 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\Ubisoft
2008-07-09 19:24 . 2008-07-09 19:24 2,560 --ah----- C:\WINDOWS\system32\drivers\mchInjDrv.sys.szcpf
2008-07-09 17:44 . 2008-07-15 17:53 16,952 --ah----- C:\WINDOWS\system32\drivers\RkPavproc1.sys.szcpf
2008-07-09 17:14 . 2008-04-29 11:33 16,952 --------- C:\WINDOWS\system32\drivers\RkPavproc1.sys
2008-07-09 17:11 . 2008-07-09 17:11 <DIR> d-------- C:\Program Files\Panda Security
2008-07-09 17:11 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-07 20:18 . 2006-10-24 14:27 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\You've Got Pictures Screensaver
2008-07-07 20:18 . 2006-10-24 14:24 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\Symantec
2008-07-07 20:18 . 2006-10-24 14:33 <DIR> d--h----- C:\Documents and Settings\D&C1\Application Data\Gtek
2008-07-07 20:18 . 2006-10-24 14:26 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\Corel
2008-07-07 20:18 . 2006-10-30 23:10 <DIR> d-------- C:\Documents and Settings\D&C1\Application Data\AOL
2008-07-07 20:18 . 2008-07-07 20:18 <DIR> d-------- C:\Documents and Settings\D&C1
2008-07-07 18:59 . 2008-07-13 10:36 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-07 00:40 . 2006-10-24 14:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-07 00:40 . 2006-10-24 14:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-07 00:40 . 2006-10-24 14:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-07 00:40 . 2006-10-24 14:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-07-07 00:40 . 2006-10-30 23:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-07-07 00:40 . 2008-07-07 00:40 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 20:53 . 2008-07-12 19:28 23,720 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 20:52 . 2008-07-06 20:52 <DIR> d-------- C:\Program Files\STOPzilla!
2008-07-06 20:52 . 2008-07-06 20:52 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-06 20:52 . 2008-07-15 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-06 20:52 . 2008-07-06 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-06 11:51 . 2008-07-06 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-04 20:55 . 2008-07-04 20:55 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-07-04 20:55 . 2008-07-04 20:55 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 13:38 . 2008-07-02 13:38 <DIR> d-------- C:\Documents and Settings\Kirsty\Application Data\Apple Computer
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-26 09:19 . 2008-06-26 09:50 <DIR> d-------- C:\Program Files\Vodafone PC Assistant
2008-06-26 09:18 . 2007-03-27 03:26 88,960 -ra------ C:\WINDOWS\system32\drivers\hmvmdm.sys
2008-06-20 18:41 . 2008-06-20 18:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 14:51 . 2008-07-13 10:24 <DIR> d-------- C:\Program Files\SpeedFan
2008-06-20 14:51 . 2008-06-20 14:51 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-20 11:44 . 2008-06-20 11:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:14 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-19 20:14 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-19 20:14 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-19 20:14 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-19 20:14 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-19 20:14 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 23:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 19:29 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-06 10:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 10:41 --------- d-----w C:\Program Files\Games
2008-07-05 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-04 08:16 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 08:16 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-25 08:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-22 16:57 --------- d-----w C:\Program Files\PokerStars
2008-05-18 17:33 --------- d-----w C:\Documents and Settings\Brian\Application Data\Propellerhead Software
2007-06-15 19:52 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-26 17:18 0 ----a-w C:\Documents and Settings\Kirsty\Application Data\wklnhst.dat
2006-11-19 19:02 0 ----a-w C:\Documents and Settings\Cerys\Application Data\wklnhst.dat
2006-10-30 16:21 88 --sh--r C:\WINDOWS\system32\D53891D06F.sys
2006-10-30 16:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_20.46.03.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 19:34:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-15 16:54:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-10 18:34:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-13 08:21:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-10 18:34:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-13 08:21:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-10 18:34:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 08:21:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 08:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-18 22:28 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-24 14:27 26112]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 05:56 73728]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 22:58 8704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 08:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:16 1232152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dlcgcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe"=
"C:\\Program Files\\Games\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.5\\cnc3game.dat"=
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Games\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"55889:TCP"= 55889:TCP:127.0.0.1
"55888:TCP"= 55888:TCP:127.0.0.1
"55887:TCP"= 55887:TCP:127.0.0.1
"55886:TCP"= 55886:TCP:127.0.0.1
"55885:TCP"= 55885:TCP:127.0.0.1
"55884:TCP"= 55884:TCP:127.0.0.1
"55883:TCP"= 55883:TCP:127.0.0.1
"55882:TCP"= 55882:TCP:127.0.0.1
"55881:TCP"= 55881:TCP:127.0.0.1
"55889:UDP"= 55889:UDP:torrent
"55888:UDP"= 55888:UDP:torrent
"55887:UDP"= 55887:UDP:torrent
"55886:UDP"= 55886:UDP:torrent
"55885:UDP"= 55885:UDP:torrent
"55884:UDP"= 55884:UDP:torrent
"55883:UDP"= 55883:UDP:torrent
"55882:UDP"= 55882:UDP:torrent
"55881:UDP"= 55881:UDP:torrent

R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys [2005-04-04 17:25]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:16]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:16]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:16]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:16]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\hmvmdm.sys [2007-03-27 03:26]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 22:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-15 16:57:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 17:54:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-15 18:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 17:05:00
ComboFix2.txt 2008-07-12 19:48:26

Pre-Run: 75,373,568,000 bytes free
Post-Run: 76,186,882,048 bytes free

268 --- E O F --- 2008-07-13 00:25:26
  • 0

#9
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi loophole, thanks for all the help, It is much appreciated,

Above is the new combofix log and here is the eset log file,


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3269 (20080715)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=4d552493c2c0f444825274996c24e376
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-15 06:10:12
# local_time=2008-07-15 07:10:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=516742
# found=0
# scan_time=3249

I hope it all makes more sense to you than me
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi, the scan found nothing, how is it running?
  • 0

Advertisements


#11
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes it seems to be running fine, Better than in a long while actually!!

Thanks again for all the help, My pc is very important to me and my kids, it's invaluable for their school work, and for a while there i thought we were going to the loose the lot!!

If i could just ask a question, I've had and used my pc for a couple of years now but it's only been the last few months that i've started to actually look at how my computer works. This problem has also forced me to have a closer look at the system and registry files. I kind of think that a little bit of knowledge with these things could be a dangerous thing, so my question is where would i go to increase my knowledge enough to use these controls if that is possible without killing my pc?

Thanks again for your help, I get paid next week and i do wish to make a donation( i do understand that thats not expected). Do i make that directly to you or to the site, and if to you how do i find you to do so.

all the best buddy

Dodge
  • 0

#12
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I've just noticed that my virtual drives don't seem to work anymore, It will start to load the games but then crashes. I also tried to install a game from an iso into daemon and nero image drive, nothing happens at all it says that its on the drive but then nothing!! was just wondering if this could be connected to my previous problem?
  • 0

#13
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
I'm not sure honestly, I wouldnt think so. can you post the following, actually I just want the main.txt but you can post both

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#14
dodge101

dodge101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
main.txt


Deckard's System Scanner v20071014.68
Run by D&C1 on 2008-07-16 20:02:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-07-16 19:02:32 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-07-15 19:44:22 UTC - RP8 - Removed Assassin's Creed
7: 2008-07-15 16:47:39 UTC - RP7 - ComboFix created restore point
6: 2008-07-15 10:04:45 UTC - RP6 - System Checkpoint
5: 2008-07-14 09:44:43 UTC - RP5 - System Checkpoint


-- First Restore Point --
1: 2008-07-12 19:18:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-16 20:04:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\D&C1\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061024
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191410253046
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{21A3E500-286D-4A9F-A879-362D1028066D}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: dlcg_device - Unknown owner - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe


--
End of file - 16288 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 giveio - c:\windows\system32\giveio.sys
R0 ndisrd - c:\windows\system32\drivers\ndisrd.sys <Not Verified; NT Kernel Resources; NDIS packet redirector driver>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 netwg311 (NETGEAR WG311v2 802.11g Wireless PCI Adapter) - c:\windows\system32\drivers\netwg311.sys <Not Verified; Texas Instruments; TNET1130 WLAN Adapter>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311v2 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_104C&DEV_9066&SUBSYS_4C001385&REV_00\4&1B02CB0B&0&10F0
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG311v2 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_104C&DEV_9066&SUBSYS_4C001385&REV_00\4&1B02CB0B&0&10F0
Service: netwg311

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT


-- Scheduled Tasks -------------------------------------------------------------

2008-07-16 17:16:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-09 23:02:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 19:50:46 0 d-------- C:\Documents and Settings\D&C1\Application Data\Sun
2008-07-16 17:37:06 0 d-------- C:\WINDOWS\LastGood
2008-07-15 18:15:16 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-12 23:52:52 0 d-------- C:\d1ec4d082972fd846a9e
2008-07-12 20:21:42 68096 --a------ C:\WINDOWS\zip.exe
2008-07-12 20:21:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-12 20:21:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-12 20:21:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-12 20:21:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-12 20:21:42 98816 --a------ C:\WINDOWS\sed.exe
2008-07-12 20:21:42 80412 --a------ C:\WINDOWS\grep.exe
2008-07-12 20:21:42 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-09 23:07:02 0 d-------- C:\WINDOWS\pss
2008-07-09 17:11:54 0 d-------- C:\Program Files\Panda Security
2008-07-09 17:08:12 0 d-------- C:\Documents and Settings\D&C1\Application Data\Macromedia
2008-07-09 17:01:14 0 d-------- C:\Documents and Settings\D&C1\Application Data\Google
2008-07-07 20:38:59 0 d-------- C:\Documents and Settings\D&C1\Application Data\Adobe
2008-07-07 20:18:04 0 dr------- C:\Documents and Settings\D&C1\Favorites
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Desktop
2008-07-07 20:18:04 0 d--hs---- C:\Documents and Settings\D&C1\Cookies
2008-07-07 20:18:04 0 dr-h----- C:\Documents and Settings\D&C1\Application Data
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Application Data\You've Got Pictures Screensaver
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Application Data\Symantec
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Application Data\Identities
2008-07-07 20:18:04 0 d--h----- C:\Documents and Settings\D&C1\Application Data\Gtek
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Application Data\Corel
2008-07-07 20:18:04 0 d-------- C:\Documents and Settings\D&C1\Application Data\AOL
2008-07-07 20:18:03 0 d--h----- C:\Documents and Settings\D&C1\Templates
2008-07-07 20:18:03 0 dr------- C:\Documents and Settings\D&C1\Start Menu
2008-07-07 20:18:03 0 dr-h----- C:\Documents and Settings\D&C1\SendTo
2008-07-07 20:18:03 0 dr-h----- C:\Documents and Settings\D&C1\Recent
2008-07-07 20:18:03 0 d--h----- C:\Documents and Settings\D&C1\PrintHood
2008-07-07 20:18:03 0 d--h----- C:\Documents and Settings\D&C1\NetHood
2008-07-07 20:18:03 0 dr------- C:\Documents and Settings\D&C1\My Documents
2008-07-07 20:18:03 0 d--h----- C:\Documents and Settings\D&C1\Local Settings
2008-07-07 20:18:02 2097152 --ah----- C:\Documents and Settings\D&C1\NTUSER.DAT
2008-07-07 18:59:59 0 d-------- C:\Program Files\Registry Clean Expert
2008-07-07 08:08:17 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-07 00:40:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-07 00:40:08 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-07 00:40:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-07-07 00:40:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-07-07 00:40:07 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-07 00:40:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-07 00:40:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-07 00:40:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-07 00:40:06 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-07 00:40:06 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-07 00:40:06 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-07 00:40:06 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-07 00:40:05 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-07 00:40:05 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-07 00:40:05 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-07 00:40:05 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-07 00:40:05 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-07 00:40:05 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-07 00:40:05 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-06 20:52:35 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-06 20:52:13 0 d-------- C:\Program Files\STOPzilla!
2008-07-06 20:52:12 0 d-------- C:\Program Files\Common Files\iS3
2008-07-06 20:52:12 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-04 20:55:49 0 d-------- C:\Program Files\Perfect Uninstaller
2008-07-04 10:42:45 0 d-------- C:\Documents and Settings\Kirsty\Application Data\Opera
2008-07-03 15:41:10 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-07-02 13:38:18 0 d-------- C:\Documents and Settings\Kirsty\Application Data\Apple Computer
2008-06-26 10:56:58 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:56:46 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:56 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:36 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:55:12 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:50 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:20 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:54:04 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 10:50:04 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-06-26 09:19:07 0 d-------- C:\Program Files\Vodafone PC Assistant
2008-06-20 14:51:39 0 d-------- C:\Program Files\SpeedFan


-- Find3M Report ---------------------------------------------------------------

2008-07-06 20:52:12 0 d-------- C:\Program Files\Common Files
2008-07-06 20:29:36 0 d-------- C:\Program Files\PeerGuardian2
2008-07-06 11:41:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 11:41:32 0 d-------- C:\Program Files\Games
2008-06-25 09:47:16 0 d-------- C:\Program Files\Dl_cats
2008-05-22 17:57:54 0 d-------- C:\Program Files\PokerStars


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [06/07/2006 07:15 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/10/2005 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 04:30 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [24/10/2006 02:27 PM]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [08/09/2005 05:56 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 03:57 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 03:12 AM]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [18/10/2006 10:58 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/09/2007 08:07 AM]
"nwiz"="nwiz.exe" [17/09/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/09/2007 08:07 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/07/2008 09:16 AM]
"SigmatelSysTrayApp"="stsystra.exe" [20/03/2006 05:00 PM C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [16/07/2006 09:29 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [28/10/2005 05:25 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [18/05/2007 10:28 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 01:54 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c49a17a-67fc-11db-b1d1-806d6172696f}]
AutoRun\command- E:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-07-16 20:05:00 ------------

extra.txt




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1021.84 MiB / 483.93 MiB
Pagefile Memory (total/avail): 2459.45 MiB / 2036.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1884.42 MiB

C: is Fixed (NTFS) - 171.44 GiB total, 77.37 GiB free.
D: is Fixed (NTFS) - 58.18 GiB total, 30.15 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 - 232.83 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 171.44 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 58.18 GiB - D:
\PARTITION3 - Unknown - 3.15 GiB

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dlcgcoms.exe"="C:\\WINDOWS\\system32\\dlcgcoms.exe:*:Enabled:Dell 810 Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe:*:Enabled:Dell 810 Printer Status"
"C:\\Program Files\\Games\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Games\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Disabled:Need For Speed III for Win32"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.5\\cnc3game.dat"="C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.5\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"="C:\\Program Files\\Games\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\D&C1\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVES-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\D&C1
LOGONSERVER=\\DAVES-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Executive Software\Diskeeper;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\D&C1\LOCALS~1\Temp
TMP=C:\DOCUME~1\D&C1\LOCALS~1\Temp
USERDOMAIN=DAVES-PC
USERNAME=D&C1
USERPROFILE=C:\Documents and Settings\D&C1
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Cerys
Joe
Kirsty
Brian
D&C1 (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type40894 / Error
Event Submitted/Written: 07/16/2008 02:46:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dmc3se.exe, version 1.0.0.0, faulting module dmc3se.exe, version 1.0.0.0, fault address 0x002db67d.
Processing media-specific event for [dmc3se.exe!ws!]

Event Record #/Type40881 / Error
Event Submitted/Written: 07/15/2008 08:42:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application assassinscreed_dx9.exe, version 1.0.2.1, faulting module assassinscreed_dx9.exe, version 1.0.2.1, fault address 0x00d534a2.
Processing media-specific event for [assassinscreed_dx9.exe!ws!]

Event Record #/Type40863 / Warning
Event Submitted/Written: 07/15/2008 11:08:35 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type40856 / Success
Event Submitted/Written: 07/15/2008 09:18:54 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type40851 / Warning
Event Submitted/Written: 07/14/2008 03:18:05 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type41913 / Warning
Event Submitted/Written: 07/16/2008 05:13:48 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Downloads because the directory C:\Documents and Settings\Dave\My Documents\Downloads no longer exists. Please run "net share Downloads /delete" to delete the share, or recreate the directory C:\Documents and Settings\Dave\My Documents\Downloads.

Event Record #/Type41892 / Warning
Event Submitted/Written: 07/16/2008 01:39:59 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Downloads because the directory C:\Documents and Settings\Dave\My Documents\Downloads no longer exists. Please run "net share Downloads /delete" to delete the share, or recreate the directory C:\Documents and Settings\Dave\My Documents\Downloads.

Event Record #/Type41865 / Warning
Event Submitted/Written: 07/15/2008 09:05:44 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Downloads because the directory C:\Documents and Settings\Dave\My Documents\Downloads no longer exists. Please run "net share Downloads /delete" to delete the share, or recreate the directory C:\Documents and Settings\Dave\My Documents\Downloads.

Event Record #/Type41825 / Error
Event Submitted/Written: 07/15/2008 05:54:15 PM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

Event Record #/Type41823 / Warning
Event Submitted/Written: 07/15/2008 05:54:11 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Downloads because the directory C:\Documents and Settings\Dave\My Documents\Downloads no longer exists. Please run "net share Downloads /delete" to delete the share, or recreate the directory C:\Documents and Settings\Dave\My Documents\Downloads.



-- End of Deckard's System Scanner: finished at 2008-07-16 20:05:00 ------------
  • 0

#15
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Dodge, when did you first notice the problem? Nothing out of the ordinary
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP