Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

UCAD.SYS

Started by sunsun , Aug 16 2009 02:16 PM

  • Please log in to reply

#1
sunsun
Posted 16 August 2009 - 02:16 PM

sunsun

    New Member

  • Member
  • Pip
  • 1 posts
CaN SOMEONE LOOK AT THIS FOR ME PLEASE.....

ComboFix 09-08-10.06 - san_dtm 08/16/2009 15:10.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2813.1954 [GMT -4:00]
Running from: c:\users\san_dtm\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-616129936-3446404006-1920056019-500
c:\users\san_dtm\AppData\Roaming\.#
c:\users\Ty da truth\AppData\Roaming\.#
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\drivers\UACtymwvrqivo.sys
c:\windows\system32\UACbujpqnfdds.dll
c:\windows\system32\UACeeqtbtmptm.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACrdxwwxlpev.dll
c:\windows\system32\UACrybrbpccio.dat


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 19:23 . 2009-08-16 19:27 -------- d-----w- c:\users\san_dtm\AppData\Local\temp
2009-08-16 19:23 . 2009-08-16 19:23 -------- d-----w- c:\users\Ty da truth\AppData\Local\temp
2009-08-16 19:23 . 2009-08-16 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-16 02:36 . 2009-08-16 18:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-08-16 01:12 . 2009-08-16 02:39 1249056 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-16 00:43 . 2009-08-16 18:13 -------- d-----w- c:\programdata\ParetoLogic
2009-08-16 00:43 . 2009-08-16 18:13 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-16 00:43 . 2009-08-16 00:43 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-08-16 00:43 . 2009-08-16 00:43 -------- d-----w- c:\users\san_dtm\AppData\Local\Downloaded Installations
2009-08-14 15:22 . 2009-08-14 15:22 -------- d-----w- c:\users\Ty da truth\AppData\Local\AVG Security Toolbar
2009-08-14 04:05 . 2009-08-16 02:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-14 03:52 . 2009-08-14 05:33 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-14 03:35 . 2009-08-14 03:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-14 03:35 . 2009-08-14 03:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 03:35 . 2009-08-14 03:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 03:35 . 2009-08-16 18:11 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-14 03:34 . 2009-08-16 18:46 -------- d-----w- c:\programdata\avg8
2009-08-14 03:15 . 2009-08-14 03:15 -------- d-----w- c:\program files\AVG
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\users\san_dtm\AppData\Roaming\AVG8
2009-08-13 21:15 . 2009-08-13 21:15 -------- d-----w- c:\users\san_dtm\AppData\Local\Yahoo
2009-08-11 23:33 . 2009-08-11 23:33 -------- d-----w- c:\users\san_dtm\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-11 23:33 . 2008-06-12 10:09 33088 ----a-w- c:\users\san_dtm\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-11 23:19 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-11 23:19 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-11 23:19 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-11 23:19 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-11 23:19 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-11 23:19 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-11 23:19 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-11 23:19 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 22:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 22:27 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 22:26 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 22:26 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 22:26 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 22:26 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 22:26 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 22:26 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-10 03:48 . 2009-08-10 03:48 -------- d-----w- c:\users\san_dtm\AppData\Local\Real
2009-08-10 03:46 . 2009-08-10 03:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-10 03:46 . 2009-08-10 03:46 -------- d-----w- c:\program files\Real
2009-08-10 03:46 . 2009-08-10 03:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-10 03:46 . 2009-08-10 03:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-10 03:46 . 2009-08-10 03:47 -------- d-----w- c:\program files\Common Files\Real
2009-08-08 16:36 . 2009-08-08 16:36 -------- d-----w- c:\windows\system32\EventProviders
2009-08-08 01:54 . 2009-06-22 14:58 13312 ----a-w- c:\windows\system32\drivers\snetcfg.exe
2009-08-08 01:54 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-08-08 01:54 . 2009-06-22 14:58 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2009-08-08 01:54 . 2009-08-08 01:54 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-08 01:54 . 2009-08-12 00:04 -------- d-----w- c:\program files\PersonalAV
2009-08-06 21:04 . 2009-08-06 21:04 -------- d-----w- c:\programdata\SpinTop Games
2009-08-06 18:25 . 2009-08-06 18:25 -------- d-----w- c:\programdata\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 19:09 . 2008-12-04 12:57 -------- d-----w- c:\program files\Google
2009-08-16 02:39 . 2009-08-16 01:12 18848 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-16 01:22 . 2009-05-29 02:13 1356 ----a-w- c:\users\san_dtm\AppData\Local\d3d9caps.dat
2009-08-14 15:32 . 2009-02-20 23:06 1356 ----a-w- c:\users\Ty da truth\AppData\Local\d3d9caps.dat
2009-08-14 00:34 . 2008-12-04 12:57 -------- d-----w- c:\program files\Acer GameZone
2009-08-14 00:18 . 2009-05-28 20:22 -------- d-----w- c:\program files\Yahoo!
2009-08-13 21:12 . 2009-02-09 04:41 -------- d-----w- c:\program files\LimeWire
2009-08-13 21:09 . 2009-02-09 04:44 -------- d-----w- c:\users\san_dtm\AppData\Roaming\LimeWire
2009-08-13 00:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-13 00:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-13 00:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-08-13 00:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-08-13 00:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-08-13 00:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 00:16 . 2006-11-02 12:35 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-08-13 00:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-09 02:48 . 2009-02-01 00:54 3288 ----a-w- c:\users\san_dtm\AppData\Roaming\wklnhst.dat
2009-08-07 11:09 . 2009-05-06 22:57 -------- d-----w- c:\programdata\Lx_cats
2009-07-24 18:47 . 2008-12-04 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-28 18:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 18:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 18:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 18:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 03:02 . 2009-07-17 03:02 -------- d-----w- c:\program files\Safari
2009-07-17 02:59 . 2009-07-17 02:58 -------- d-----w- c:\program files\iTunes
2009-07-17 02:58 . 2009-07-17 02:58 -------- d-----w- c:\program files\iPod
2009-07-17 02:58 . 2009-03-01 19:36 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 02:54 . 2009-07-17 02:54 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-02 22:12 . 2008-12-04 13:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-02 19:38 . 2009-06-30 12:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-02 13:20 . 2009-07-02 13:20 0 ----a-w- c:\windows\nsreg.dat
2009-06-30 22:45 . 2009-02-09 04:42 -------- d-----w- c:\program files\Java
2009-06-28 17:15 . 2009-06-28 14:07 148 ----a-w- c:\users\Ty da truth\AppData\Roaming\wklnhst.dat
2009-06-28 14:07 . 2009-06-28 14:07 -------- d-----w- c:\users\Ty da truth\AppData\Roaming\Template
2009-06-25 16:11 . 2009-03-01 19:40 -------- d-----w- c:\users\san_dtm\AppData\Roaming\Apple Computer
2009-06-23 23:46 . 2009-03-23 11:34 -------- d-----w- c:\users\Ty da truth\AppData\Roaming\Apple Computer
2009-06-23 23:38 . 2009-02-11 13:00 72112 ----a-w- c:\users\Ty da truth\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 01:12 . 2009-02-01 00:13 72112 ----a-w- c:\users\san_dtm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 21:14 . 2008-12-04 12:42 -------- d-----w- c:\programdata\Microsoft Help
2009-06-21 21:10 . 2008-12-04 12:43 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-15 17:21 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 17:21 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 17:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 17:21 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-29 18:36 . 2009-05-29 18:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 18:36 . 2009-05-29 18:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-21 15:33 . 2009-02-09 04:43 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2009-01-23 3231744]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-10 198160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-14 2007832]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-06-25 1826816]

c:\users\Ty da truth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\san_dtm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E894174-969B-4013-B526-578E71C7CB6C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7DE76EB0-3F88-4381-A5CC-7925FF880060}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{63F027F4-B8B6-4D7A-99F8-FFC82DA17811}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{5D01E096-B44B-4E12-A43C-A8DA2E993D18}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{F262D194-1191-4B31-AFF4-80B5C248392B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{D36E485E-0352-4F7E-8B44-FFF5B2FE369C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{C0B37FA9-30EA-4507-A1CC-95ECEC017E27}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{47E69117-DF75-41B3-ABE8-ACD797F39359}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{86E2096C-5BCA-43E6-B4B3-F577BCA7F42A}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{25D77E96-4536-4C0C-9B01-6C3CD551FFC6}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{4B535D2E-3BF5-4470-A6F5-71AD821BE76B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{9989D123-772C-4EFD-B8A9-B62F6C530F38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{8567F000-E6E2-4BAD-9AD6-13AB8F325D46}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E3698071-6A8C-4958-833A-E04E17BF77F6}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{EE68DB29-05AD-4FFF-BD2D-1683B45A4DEE}c:\\world of warcraft\\launcher.exe"= UDP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{B06072DB-05EB-4ED2-B6D9-E411BB3279EC}c:\\world of warcraft\\launcher.exe"= TCP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"{84AB8DD7-5103-4AE6-B6B0-75CDC163BB79}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{6C626DAB-C2A0-4D50-BC5D-D9BA9A1CEF74}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:Blizzard Downloader
"{15C2F2C7-C966-4AA0-8984-619774A80611}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8E306105-1E4A-4BDD-82EC-80E3F9BE4518}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{19E0EB4A-BCFA-4D4B-AFE6-EBC1DEC52920}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{F26EC547-DD07-4E6C-B0A2-FAD94AEC8D7D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{53709E2D-AEA1-47AA-B86F-CC922AFF6E5F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/13/2009 11:35 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/13/2009 11:35 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/13/2009 11:34 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/13/2009 11:34 PM 297752]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 5:11 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12/10/2008 8:13 PM 24576]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/8/2009 11:21 PM 210216]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/26/2008 1:36 AM 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/26/2008 1:36 AM 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/18/2007 12:09 AM 11032]
R3 NdisrdMP;NdisrdMP;c:\windows\System32\drivers\Ndisrd.sys [8/7/2009 9:54 PM 22016]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [2/27/2008 7:07 PM 98984]
S3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\Ndisrd.sys [8/7/2009 9:54 PM 22016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-22 16:53]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-22 16:53]

2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{D31AAFA5-5F6A-411C-837E-D94853D2DEC6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-MS AntiSpyware 2009 - c:\programdata\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\san_dtm\AppData\Roaming\Mozilla\Firefox\Profiles\r17nk8e6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 15:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2328)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\lxdncoms.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-16 15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 19:34

Pre-Run: 23,388,794,880 bytes free
Post-Run: 27,415,502,848 bytes free

351 --- E O F --- 2009-08-14 05:44
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP