Tried every virus and spyware removal programs but still have infection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
ive tried every virus and spyware removal program that ive looked up but it only finds viruses first time around. norton keeps blocking atatacks thankfully but its starting to bug me.

also, spybot finds Win32.Delf.uc but cannot remove and when i retry in safe mode when ive come back on my norton security if down.

can someone please help me sort this.

heres a HiJackThis report

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:20:54, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: youm_3 - youm_3.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c8b2064dd56) (gupdate1c98c8b2064dd56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 12539 bytes
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
I have run DDS and got the reports ready. gmer keeps crashing so I'll run that tomorrow.

Just for your information, I removed some Trojan.backdoor.gen and checked my bank and nothings wrong
but do you recommend changing bank details and passwords
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

OK, no problem.

Regarding Gmer, a couple of things to try -
Make sure all security programs are properly disabled before running it
Also run this
DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.
  • Double click DeFogger to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

If still no luck then try running it in Safe Mode. If you don't know how to boot your computer to Safe Mode, let me know.
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
Defogger helped run for longer and disabling security helped but
the scan stopped at avgtray.exe I couldn't stop avg.

I'm gonna try safe mode now to see if my security programs get disabled when
I log back into windows. Then scan in safe mode tomorrow. Sorry this is taking long,
I've been busy with some things
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
ok, here are the logs in this order:
DDS.txt
Attach.txt
Defogger_disable.txt
GMER report.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Oli at 20:26:19.60 on 19/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2043 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Oli\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [iPodVideoConverter_upgrade] "c:\program files\e-zsoft\ipodvideoconverter\iPodVideoConverter.exe" /upgrade
mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
mRun: [AVG9_TRAY] "c:\progra~1\avg\avg9\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\oli\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: youm_3 - youm_3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\oli\applic~1\mozilla\firefox\profiles\2dyponi4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\oli\application data\mozilla\firefox\profiles\2dyponi4.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\oli\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-16 52872]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-16 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-16 172592]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-16 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-16 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-16 242896]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-16 501888]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2010-4-16 108880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-16 116784]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-16 308064]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-4-16 126392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-4-16 1201640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-16 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100419.002\NAVENG.SYS [2010-4-19 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100419.002\NAVEX15.SYS [2010-4-19 1324720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-1-21 98984]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-16 369920]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-04-19 18:47:22 0 d-----w- c:\docume~1\oli\applic~1\AVG9
2010-04-17 23:20:25 0 d-----w- c:\program files\TrendMicro
2010-04-17 23:02:17 0 d-----r- c:\program files\Skype
2010-04-17 22:51:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-17 22:51:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 22:46:31 0 d-----w- c:\program files\Winamp Detect
2010-04-17 22:28:07 0 d-----w- c:\program files\Secunia
2010-04-17 12:49:55 0 d--h--w- C:\$AVG
2010-04-16 22:49:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-16 22:49:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-16 22:49:24 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-16 22:49:18 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-16 22:49:13 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-16 22:48:27 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-04-16 22:43:42 0 d-----w- c:\program files\AVG
2010-04-16 22:43:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-04-16 13:54:22 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-16 01:20:14 0 d-----w- c:\program files\MSSOAP
2010-04-16 01:20:09 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-04-16 00:47:30 1563008 ----a-w- c:\windows\WRSetup.dll
2010-04-16 00:47:30 0 d-----w- c:\program files\Webroot
2010-04-16 00:47:30 0 d-----w- c:\docume~1\oli\applic~1\Webroot
2010-04-16 00:47:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-04-15 23:59:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 23:59:55 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 23:59:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-15 23:59:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 23:59:55 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-15 23:59:19 0 d-----w- c:\program files\Norton Internet Security
2010-04-15 23:57:24 0 d-----w- c:\program files\NortonInstaller
2010-04-15 23:24:57 0 d-----w- c:\windows\ie8updates
2010-04-15 23:15:19 0 d-----w- c:\docume~1\oli\applic~1\Tific
2010-04-15 23:06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-15 23:06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-15 22:55:38 0 d-----w- c:\windows\ERUNT
2010-04-15 22:54:39 0 d-----w- C:\SDFix
2010-04-13 19:05:33 0 d-sh--w- c:\documents and settings\oli\IECompatCache
2010-04-13 19:03:40 0 d-sh--w- c:\documents and settings\oli\PrivacIE
2010-04-13 18:56:11 0 d-sh--w- c:\documents and settings\oli\IETldCache
2010-04-13 17:39:38 0 dc-h--w- c:\windows\ie8
2010-04-13 13:33:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-13 00:30:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-13 00:30:30 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 00:30:30 0 d-----w- c:\docume~1\oli\applic~1\SUPERAntiSpyware.com
2010-04-12 14:31:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-12 14:27:53 0 d-----w- c:\program files\Lavasoft
2010-04-06 22:04:11 0 d-----w- c:\docume~1\oli\applic~1\Malwarebytes
2010-04-06 22:04:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:04:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-06 22:04:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 22:04:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 01:26:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 22:25:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-03-31 19:17:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-03-31 19:17:36 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-03-31 19:17:36 479298 ----a-w- c:\windows\system32\wbocx.ocx
2010-03-31 19:17:36 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-03-31 17:08:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2010-03-30 20:48:34 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-03-30 20:48:31 0 d-----w- c:\program files\World of Warcraft
2010-03-23 16:09:41 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-22 21:29:09 0 d-----w- C:\Downloads
2010-03-22 21:29:07 0 d-----w- c:\docume~1\oli\applic~1\BitComet
2010-03-22 21:25:28 0 d-----w- c:\program files\BitComet
2010-03-21 02:54:04 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe

==================== Find3M ====================

2010-04-13 15:42:27 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-07 19:29:49 1772 ----a-w- c:\docume~1\oli\applic~1\wklnhst.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 20:28:58.52 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/01/2009 11:49:48
System Uptime: 19/04/2010 19:50:14 (1 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 45.825 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP101: 29/12/2009 22:48:28 - Installed EasyInfo
RP102: 08/01/2010 17:49:33 - System Checkpoint
RP103: 13/01/2010 14:29:52 - System Checkpoint
RP104: 14/01/2010 16:04:48 - Software Distribution Service 3.0
RP105: 21/01/2010 15:42:38 - Software Distribution Service 3.0
RP106: 22/01/2010 16:48:50 - Software Distribution Service 3.0
RP107: 02/02/2010 18:26:17 - Installed Project64 1.6
RP108: 06/02/2010 03:18:09 - System Checkpoint
RP109: 14/02/2010 14:18:12 - Software Distribution Service 3.0
RP110: 18/02/2010 14:44:21 - Software Distribution Service 3.0
RP111: 25/02/2010 15:58:42 - Software Distribution Service 3.0
RP112: 12/03/2010 06:58:23 - Software Distribution Service 3.0
RP113: 17/03/2010 16:49:32 - System Checkpoint
RP114: 20/03/2010 13:12:43 - Installed gmax
RP115: 23/03/2010 20:53:48 - Software Distribution Service 3.0
RP116: 29/03/2010 19:50:38 - System Checkpoint
RP117: 31/03/2010 19:29:24 - Software Distribution Service 3.0
RP118: 01/04/2010 20:58:19 - System Checkpoint
RP119: 06/04/2010 23:25:12 - Downloaded and used malwarebytes to remove viruses. WoW was installed
RP120: 08/04/2010 02:23:01 - started watching ikkitousen anime, viruses were wiped off...
RP121: 08/04/2010 04:12:27 - latest virus sweep. started ikkitousen.
RP122: 12/04/2010 15:48:33 - installed and ran Ad-Aware, cleared some adware
RP123: 13/04/2010 00:23:08 - 2nd ad-aware virus sweep
RP124: 13/04/2010 01:30:29 - Installed SUPERAntiSpyware Professional
RP125: 13/04/2010 02:48:41 - superantispyware installed and removes viruses.
RP126: 13/04/2010 14:32:58 - Restore Operation
RP127: 13/04/2010 18:42:09 - Installed Windows Internet Explorer 8.
RP128: 14/04/2010 01:43:56 - Spybot found more viruses. latest norton installed.
RP129: 14/04/2010 15:59:54 - think viruses are not that much of probs. joe came around
RP130: 16/04/2010 00:24:26 - Software Distribution Service 3.0
RP131: 16/04/2010 00:29:19 - Restore Operation
RP132: 16/04/2010 00:32:41 - Software Distribution Service 3.0
RP133: 16/04/2010 03:00:17 - Software Distribution Service 3.0
RP134: 16/04/2010 23:43:22 - Installed AVG 9.0
RP135: 17/04/2010 13:25:58 - Avg Update
RP136: 17/04/2010 13:26:50 - Avg Update
RP137: 17/04/2010 23:41:00 - Installed QuickTime
RP138: 17/04/2010 23:50:10 - Removed Java(TM) 6 Update 15
RP139: 17/04/2010 23:50:51 - Installed Java(TM) 6 Update 20
RP140: 18/04/2010 00:01:57 - Removed Skype™ 4.0
RP141: 18/04/2010 00:02:14 - Installed Skype™ 4.2
RP142: 18/04/2010 00:20:23 - Installed HiJackThis
RP143: 18/04/2010 03:18:59 - Removed Adobe Reader 9.
RP144: 18/04/2010 03:19:36 - Installed Adobe Reader 9.3.
RP145: 18/04/2010 21:45:40 - Removed Google Earth.
RP146: 19/04/2010 19:57:43 - Avg Update
RP147: 19/04/2010 19:58:54 - Avg Update

==== Installed Programs ======================

4U MP4 Video Converter (version 3.0.2)
Acrobat.com
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3
AGEIA PhysX v7.11.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 9.0
AviSynth 2.5
BitComet 1.19
BitTorrent
Bonjour
CD Audio Reader Filter (remove only)
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Music Converter
DC-Bass Source 1.1.1
Debut Video Capture Software
DirectVobSub (remove only)
DNA
DScaler 5 Mpeg Decoders
EA Download Manager
EA Download Manager UI
ffdshow [rev 2527] [2008-12-19]
Fraps (remove only)
GameSpy Comrade
Garry's Mod
gmax
Google Update Helper
Haali Media Splitter
Half-Life
Half-Life 2
Half-Life(R) 2
Half-Life: Blue Shift
Hex Workshop v6
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Codec Pack 4.7.0 (Basic)
Lexmark 3600-4600 Series
LookInMyPC
Lugaru v1.05
Mac OS X Cursors
Macromedia Flash MX
Malwarebytes' Anti-Malware
MAX Memory for Xbox 360
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0.4)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NaturalMotion endorphin 2.7.1
NaturalMotion endorphin Control Panel for Maya 7.0 (Version 1.0
NaturalMotion endorphin Control Panel for Maya 8.0 (Version 1.0
Nero 7 Essentials
neroxml
Norton Internet Security
NVIDIA Drivers
OccupationCS: Source
Oddworld: Abe's Exoddus
OpenAL
OpenSource DTS/AC3/DD+ Source Filter (remove only)
PowerISO
Project64 1.6
PunkBuster Services
QuickTime
RealPlayer
Replay Converter 3
Roblox for Oli
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
ShellWM 0.5 (remove only)
SHOUTcast Source (remove only)
SigmaTel Audio
Skype™ 4.2
SOFTIMAGE CROSSWALK 2.05
SOFTIMAGE XSI 6 Mod Tool
Sound Blaster ADVANCED MB Drivers
SPORE™
SPORE™ Creepy & Cute Parts Pack
Spy Sweeper Core
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Professional
System Requirements Lab
TortoiseSVN 1.6.3.16613 (32 bit)
Uninstall 1.0.0.1
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Veoh Web Player Beta
Videora iPod Converter 4.07
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
Webroot Internet Security Essentials
Winamp
Winamp Application Detect
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
XPort 360
YouTube Downloader App 1.02
Zoom Player (remove only)

==== Event Viewer Messages From Past Week ========

17/04/2010 19:51:10, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
16/04/2010 22:53:17, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
16/04/2010 02:19:43, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706bf: Security Update for Windows XP (KB980232).
16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB976662).
16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for the 2007 Microsoft Office System (KB981715).
16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB979683).
15/04/2010 23:54:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SymIRON SYMTDI Tcpip
15/04/2010 19:52:06, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001AA00C6CCF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
14/04/2010 21:06:14, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ABB75354-8A99-4AC6-93. The master browser is stopping or an election is being forced.
13/04/2010 20:13:37, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The specified module could not be found.
13/04/2010 20:12:51, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The specified module could not be found.
13/04/2010 17:51:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
13/04/2010 15:08:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
13/04/2010 14:58:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Norton Internet Security service.
13/04/2010 14:44:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
13/04/2010 14:40:08, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
13/04/2010 14:37:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SYMTDI Tcpip
13/04/2010 14:37:32, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:37:32, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:37:32, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:37:32, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:37:32, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:37:32, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2010 14:35:23, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
13/04/2010 14:35:23, error: SRTSP [4] - Error loading virus definitions.
13/04/2010 14:29:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SYMTDI
13/04/2010 00:08:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/04/2010 00:07:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 SCDEmu SRTSP SRTSPX SYMTDI
12/04/2010 21:04:44, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/04/2010 21:03:56, error: Service Control Manager [7034] - The lxdx_device service terminated unexpectedly. It has done this 1 time(s).
12/04/2010 21:03:44, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/04/2010 21:01:14, error: Service Control Manager [7003] - The Fast User Switching Compatibility service depends on the following nonexistent service: TermService
12/04/2010 21:00:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService service to connect.
12/04/2010 21:00:51, error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/04/2010 21:00:18, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/04/2010 21:00:18, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
12/04/2010 19:32:26, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/04/2010 18:56:23, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/04/2010 16:34:46, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:22 on 20/04/2010 (Oli)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 1.19 | BitTorrent | DNA

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:

AVG 9.0 | Norton Internet Security | Webroot Internet Security Essentials

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove two of them NOW.

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
Hi,

Thanks for a quick reply and ive taken your advice and removed P2P programs and AVG and Webroot

my computer started up and finished malware removal and it started quicker than normal and the first time norton, (when i turned it back on), hasn't come up with an alert saying 'computer blocked incoming attack' so great progress so far.

heres the report:


ComboFix 10-04-21.01 - Oli 22/04/2010 17:49:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2591 [GMT 1:00]
Running from: c:\documents and settings\Oli\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 15:54 . 2010-04-16 00:02 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG.SYS
2010-04-22 15:54 . 2010-04-16 00:02 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\EECTRL.SYS
2010-04-22 15:54 . 2010-04-16 00:02 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\CCERASER.DLL
2010-04-22 15:54 . 2010-04-16 00:02 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ECMSVR32.DLL
2010-04-22 15:54 . 2010-04-16 00:02 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG32.DLL
2010-04-22 15:54 . 2010-04-16 00:02 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX32A.DLL
2010-04-22 15:54 . 2010-04-16 00:02 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX15.SYS
2010-04-22 15:54 . 2010-04-16 00:02 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ERASER.SYS
2010-04-18 20:26 . 2010-04-18 20:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-04-18 02:19 . 2010-04-18 02:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 23:20 . 2010-04-17 23:20 388096 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-17 23:20 . 2010-04-17 23:20 -------- d-----w- c:\program files\TrendMicro
2010-04-17 23:02 . 2010-04-17 23:02 -------- d-----r- c:\program files\Skype
2010-04-17 22:52 . 2010-04-17 22:52 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 22:52 . 2010-04-17 22:52 503808 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcp71.dll
2010-04-17 22:52 . 2010-04-17 22:52 499712 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\jmc.dll
2010-04-17 22:52 . 2010-04-17 22:52 348160 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcr71.dll
2010-04-17 22:52 . 2010-04-17 22:52 61440 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-sse.dll
2010-04-17 22:52 . 2010-04-17 22:52 12800 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-d3d.dll
2010-04-17 22:51 . 2010-04-17 22:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 22:49 . 2010-04-17 22:49 79488 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-17 22:49 . 2010-04-17 22:49 152576 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-17 22:46 . 2010-04-17 22:46 -------- d-----w- c:\program files\Winamp Detect
2010-04-17 22:42 . 2010-04-17 22:43 -------- d-----w- c:\program files\QuickTime
2010-04-17 22:28 . 2010-04-17 22:28 -------- d-----w- c:\program files\Secunia
2010-04-17 12:49 . 2010-04-17 12:49 -------- d-----w- C:\$AVG
2010-04-17 00:02 . 2010-04-21 21:22 0 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\prvlcl.dat
2010-04-16 22:43 . 2010-04-16 22:43 -------- d-----w- c:\program files\AVG
2010-04-16 22:04 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 22:04 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 22:04 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 22:04 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-16 22:04 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-16 13:54 . 2010-04-16 13:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-16 01:22 . 2010-04-16 01:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-16 01:20 . 2010-04-16 01:20 -------- d-----w- c:\program files\MSSOAP
2010-04-16 00:05 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-04-16 00:05 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-16 00:05 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-16 00:05 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-04-16 00:05 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-16 00:05 . 2009-11-05 22:06 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-04-16 00:03 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-16 00:03 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-16 00:03 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-16 00:03 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-16 00:03 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-16 00:00 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2010-04-16 00:00 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
2010-04-15 23:59 . 2010-04-16 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-15 23:59 . 2010-04-15 23:59 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-15 23:59 . 2010-04-15 23:59 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 23:59 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2010-04-15 23:59 . 2009-11-07 01:08 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
2010-04-15 23:59 . 2010-04-15 23:59 -------- d-----w- c:\program files\Norton Internet Security
2010-04-15 23:57 . 2010-04-15 23:57 -------- d-----w- c:\program files\NortonInstaller
2010-04-15 23:24 . 2010-04-15 23:25 -------- d-----w- c:\windows\ie8updates
2010-04-15 23:15 . 2010-04-15 23:15 -------- d-----w- c:\documents and settings\Oli\Application Data\Tific
2010-04-15 23:06 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-15 23:06 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-15 22:55 . 2010-04-15 22:55 -------- d-----w- c:\windows\ERUNT
2010-04-15 22:54 . 2010-04-15 23:13 -------- d-----w- C:\SDFix
2010-04-14 13:59 . 2010-04-14 13:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-13 19:05 . 2010-04-13 19:05 -------- d-sh--w- c:\documents and settings\Oli\IECompatCache
2010-04-13 19:03 . 2010-04-13 19:03 -------- d-sh--w- c:\documents and settings\Oli\PrivacIE
2010-04-13 18:58 . 2010-04-13 18:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-13 18:56 . 2010-04-13 18:56 -------- d-sh--w- c:\documents and settings\Oli\IETldCache
2010-04-13 17:39 . 2010-04-13 17:44 -------- dc-h--w- c:\windows\ie8
2010-04-13 13:33 . 2010-04-13 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-13 00:31 . 2010-04-13 00:31 52224 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 00:31 . 2010-04-13 00:31 117760 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com
2010-04-12 23:22 . 2010-04-12 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 14:31 . 2010-04-12 14:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\program files\Lavasoft
2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-08 15:08 . 2010-04-08 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\Oli\Application Data\Malwarebytes
2010-04-06 22:04 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-06 22:04 . 2010-04-14 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 22:04 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 01:27 . 2010-04-14 13:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-06 01:26 . 2010-04-16 13:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 00:30 . 2010-04-02 00:30 -------- d-----w- c:\documents and settings\Oli\Local Settings\Application Data\Blizzard Entertainment
2010-04-01 22:25 . 2010-04-01 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-31 19:22 . 2010-03-31 19:22 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-03-31 19:21 . 2010-03-31 19:21 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-31 19:17 . 2010-03-31 19:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-03-31 17:08 . 2010-03-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-03-30 20:48 . 2010-03-31 16:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 20:48 . 2010-04-12 17:57 -------- d-----w- c:\program files\World of Warcraft
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 16:54 . 2004-08-10 13:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-04-22 16:38 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\Oli\Application Data\Skype
2010-04-22 16:37 . 2009-01-20 20:15 -------- d-----w- c:\program files\Steam
2010-04-22 16:26 . 2009-02-02 12:17 -------- d-----w- c:\program files\BitTorrent
2010-04-22 16:26 . 2010-03-22 21:25 -------- d-----w- c:\program files\BitComet
2010-04-18 20:39 . 2009-02-11 20:53 -------- d-----w- c:\program files\Google
2010-04-18 02:14 . 2009-06-09 22:01 -------- d-----w- c:\program files\RealMedia
2010-04-17 23:02 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-17 23:01 . 2010-03-22 21:29 -------- d-----w- c:\documents and settings\Oli\Application Data\BitComet
2010-04-17 22:47 . 2009-02-17 17:53 -------- d-----w- c:\program files\Winamp
2010-04-17 22:46 . 2009-02-17 17:53 -------- d-----w- c:\documents and settings\Oli\Application Data\Winamp
2010-04-17 22:40 . 2009-01-20 22:12 -------- d-----w- c:\program files\Common Files\Apple
2010-04-17 22:38 . 2009-01-21 07:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-17 00:59 . 2009-02-02 12:19 -------- d-----w- c:\documents and settings\Oli\Application Data\BitTorrent
2010-04-16 00:39 . 2009-05-17 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 23:59 . 2010-04-15 23:59 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 23:59 . 2010-04-15 23:59 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 23:59 . 2009-01-20 19:51 -------- d-----w- c:\program files\Symantec
2010-04-15 23:34 . 2009-01-20 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-15 18:55 . 2009-02-08 15:45 -------- d-----w- c:\documents and settings\Oli\Application Data\skypePM
2010-04-14 15:08 . 2009-01-29 02:49 -------- d-----w- c:\documents and settings\Oli\Application Data\Saytpu
2010-04-14 00:10 . 2009-06-29 11:28 -------- d-----w- c:\documents and settings\Oli\Application Data\Atim
2010-04-13 15:42 . 2004-08-10 13:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-13 00:30 . 2009-02-03 17:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-12 23:23 . 2009-04-22 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-07 19:29 . 2009-01-21 21:07 1772 ----a-w- c:\documents and settings\Oli\Application Data\wklnhst.dat
2010-04-06 00:58 . 2009-10-27 12:58 623608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-22 02:33 . 2010-03-22 02:33 -------- d-----w- c:\documents and settings\Oli\Application Data\Media Player Classic
2010-03-21 21:20 . 2009-01-20 20:06 44592 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-21 03:06 . 2010-03-21 02:54 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe
2010-03-20 23:38 . 2009-06-28 14:17 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-17 20:13 . 2010-03-17 20:13 7680 ----a-w- c:\documents and settings\Oli\Application Data\Thinstall\Fireworks\4000001be300002i\Fireworks.exe
2010-03-17 20:13 . 2010-03-17 20:13 -------- d-----w- c:\documents and settings\Oli\Application Data\Thinstall
2010-03-10 06:15 . 2004-08-10 13:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 13:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 13:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-23 16:09 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 13:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 13:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 18:26 . 2010-02-02 18:26 8854 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
.
Infected c:\windows\system32\user32.dll hex repaired


------- Sigcheck -------

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

c:\windows\System32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-02-24 1217872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26105128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-07-27 282624]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-03-20 107176]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-09-08 503808]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Oli\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"8518:TCP"= 8518:TCP:BitComet 8518 TCP
"8518:UDP"= 8518:UDP:BitComet 8518 UDP
"15171:TCP"= 15171:TCP:BitComet 15171 TCP
"15171:UDP"= 15171:UDP:BitComet 15171 UDP

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [16/04/2010 01:05 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [16/04/2010 01:05 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 21:38 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [16/04/2010 01:05 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [16/04/2010 01:05 116784]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [16/04/2010 01:04 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/04/2010 01:02 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [16/04/2010 23:04 329592]
S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 21:55 133104]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [21/01/2009 22:00 98984]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Oli\Application Data\Mozilla\Firefox\Profiles\2dyponi4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Oli\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray.exe
Notify-youm_3 - youm_3.dll
AddRemove-endorphin Control Panel for Maya 7.0_is1 - c:\mayatestinstallationfolder;\unins000.exe
AddRemove-endorphin Control Panel for Maya 8.0_is1 - c:\mayatestinstallationfolder;\unins001.exe
AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1214440339-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:d0,6b,8f,63,45,10,89,c3,76,cb,95,56,a3,16,40,96,b8,d5,2e,d3,87,
53,74,42,29,96,be,6c,33,0a,74,81,15,37,f9,ed,87,64,1d,ca,a9,4c,b6,18,7d,67,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Completion time: 2010-04-22 17:57:57
ComboFix-quarantined-files.txt 2010-04-22 16:57

Pre-Run: 49,799,532,544 bytes free
Post-Run: 49,768,235,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"

- - End Of File - - EB270AC91216B384AF3CE3E36F487A14
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

Looking better.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:
FCopy::
c:\windows\ServicePackFiles\i386\termsrv.dll | c:\windows\System32\termsrv.dll
File::
c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
Folder::
c:\program files\BitTorrent
c:\program files\BitComet
c:\documents and settings\Oli\Application Data\BitComet
c:\documents and settings\Oli\Application Data\BitTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8518:TCP"=-
"8518:UDP"=-
"15171:TCP"=-
"15171:UDP"=-
DDS::
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.

To post in next reply:
ComboFix log
Kaspersky Online Scan log
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
Hi,

Again, thanks for the quick reply and i'd like to ask and tell you some thing

when will i have to click on 'enable' in defogger, and ive done CFScript instructions and have a report here which ill post now but kasperky ill have to do after the weekend as im off on a weekend trip with my family.

ComboFix 10-04-21.01 - Oli 23/04/2010 13:01:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT 1:00]
Running from: c:\documents and settings\Oli\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Oli\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\Mozilla Firefox\plugins\npbittorrent.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Oli\Application Data\BitComet
c:\documents and settings\Oli\Application Data\BitComet\BitComet.xml
c:\documents and settings\Oli\Application Data\BitComet\cache\post_info.xml
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100322.bak
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100323.bak
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100329.bak
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100415.bak
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100417.bak
c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.bak
c:\documents and settings\Oli\Application Data\BitComet\torrents\jre-6u20-windows-i586-s.exe.xml
c:\documents and settings\Oli\Application Data\BitComet\torrents\SkypeSetup.msi.xml
c:\documents and settings\Oli\Application Data\BitTorrent
c:\documents and settings\Oli\Application Data\BitTorrent\[LonE]_Saitou_Chiwa_-_Bakemonogatari_OP_Single_-_staple_stable_[w_scans]_(mp3).rar.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\[Nipponsei] Final Fantasy XIII Original Soundtrack.zip.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\[Nipponsei] Yoku Wakaru Gendai Mahou OP Single - Programming for non-fiction [Asou Natsuko].zip.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\[Voice Synth] VOCALOID 2 CV???? 01 ???? (iso+SA&VSTi Crack).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai - Resurrection (PSP, iPod, Zune).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai.1.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Alien vs Predator 2.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Alvin.and.the.Chipmunks.The.Squeakquel.DVDRip.XviD-RUBY.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\American Pie 5 The Naked Mile[2006]DvDrip[Eng]-BugZ.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Be.Kind.Rewind[2008]DvDrip-aXXo.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Bruce Lee Collection - Dvd Rips - xvid.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Bruno.CAM.XViD.READ.NFO-BirdFlu.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\dht.dat
c:\documents and settings\Oli\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Oli\Application Data\BitTorrent\Download Accelerator Plus Premium v9.21+Crack [ kk ].torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Drag.Me.To.Hell.2009.DvDRip-FxM.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Fraps v2.9.9.rar.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Friday the 13th[2009][Extended Edition]DvDrip[Eng]-FXG.1.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Friday the 13th[2009][Extended Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Gladiator - More Music.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Gladiator Soundtrack (Soundtrack Album 2000).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Halloween.2.2009.DVDScr.XviD-QUINCYMKT.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Ice.Age.3.Dawn.Of.The.Dinosaurs.2009.TS.XviD-Fatal.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Legion.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Macromedia Flash MX Pro 2004 + Keygen.zip.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Metallica - Discography 1983-2008 (19 Albums, 23 CDs).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Michael Jackson - Discography (320kbps).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D1~3 [EAC - FLAC] (oan).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D2~3 [EAC - FLAC] (oan).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D3~3 [EAC - FLAC] (oan).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Nero 7.10.1.0.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Ponyo_On.The.Cliff.2008.DVDRip.XviD-ViSiON.NoRar.www.torrent-loco.com.ar.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Power ISO v3.8 + keygen [h33t] [Original].torrent
c:\documents and settings\Oli\Application Data\BitTorrent\resume.dat
c:\documents and settings\Oli\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Oli\Application Data\BitTorrent\rss.dat
c:\documents and settings\Oli\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Oli\Application Data\BitTorrent\Russell.Howard.Live.2008.DVDRip.XviD-HAGGiS.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\S.T.A.L.K.E.R.Shadow.of.Chernobyl-ViTALiTY.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Saw VI 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Oli\Application Data\BitTorrent\settings.dat
c:\documents and settings\Oli\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Oli\Application Data\BitTorrent\Soundtrack - Gladiator.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Tenacious.D-The.Pick.Of.Destiny[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\The.Invention.of.Lying.2009.CAM.XVID-PrisM.[www.torrentfive.com].torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Webroot Spy Sweeper + SerialKeys.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Year One[2009][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Oli\Application Data\BitTorrent\Zombieland 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\program files\BitComet
c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 12:01 . 2008-04-14 05:42 295424 -c--a-w- c:\windows\system32\dllcache\termsrv.dll
2010-04-23 12:01 . 2008-04-14 05:42 295424 ----a-w- c:\windows\system32\termsrv.dll
2010-04-22 15:54 . 2010-04-16 00:02 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG.SYS
2010-04-22 15:54 . 2010-04-16 00:02 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\EECTRL.SYS
2010-04-22 15:54 . 2010-04-16 00:02 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\CCERASER.DLL
2010-04-22 15:54 . 2010-04-16 00:02 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ECMSVR32.DLL
2010-04-22 15:54 . 2010-04-16 00:02 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG32.DLL
2010-04-22 15:54 . 2010-04-16 00:02 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX32A.DLL
2010-04-22 15:54 . 2010-04-16 00:02 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX15.SYS
2010-04-22 15:54 . 2010-04-16 00:02 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ERASER.SYS
2010-04-18 20:26 . 2010-04-18 20:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-04-18 02:19 . 2010-04-18 02:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 23:20 . 2010-04-17 23:20 388096 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-17 23:20 . 2010-04-17 23:20 -------- d-----w- c:\program files\TrendMicro
2010-04-17 23:02 . 2010-04-17 23:02 -------- d-----r- c:\program files\Skype
2010-04-17 22:52 . 2010-04-17 22:52 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 22:52 . 2010-04-17 22:52 503808 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcp71.dll
2010-04-17 22:52 . 2010-04-17 22:52 499712 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\jmc.dll
2010-04-17 22:52 . 2010-04-17 22:52 348160 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcr71.dll
2010-04-17 22:52 . 2010-04-17 22:52 61440 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-sse.dll
2010-04-17 22:52 . 2010-04-17 22:52 12800 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-d3d.dll
2010-04-17 22:51 . 2010-04-17 22:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 22:49 . 2010-04-17 22:49 79488 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-17 22:49 . 2010-04-17 22:49 152576 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-17 22:46 . 2010-04-17 22:46 -------- d-----w- c:\program files\Winamp Detect
2010-04-17 22:42 . 2010-04-17 22:43 -------- d-----w- c:\program files\QuickTime
2010-04-17 22:28 . 2010-04-17 22:28 -------- d-----w- c:\program files\Secunia
2010-04-17 12:49 . 2010-04-17 12:49 -------- d-----w- C:\$AVG
2010-04-17 00:02 . 2010-04-21 21:22 0 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\prvlcl.dat
2010-04-16 22:43 . 2010-04-16 22:43 -------- d-----w- c:\program files\AVG
2010-04-16 22:04 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 22:04 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 22:04 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 22:04 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-16 22:04 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-16 13:54 . 2010-04-16 13:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-16 01:22 . 2010-04-16 01:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-16 01:20 . 2010-04-16 01:20 -------- d-----w- c:\program files\MSSOAP
2010-04-16 00:05 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-04-16 00:05 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-16 00:05 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-16 00:05 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-04-16 00:05 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-16 00:05 . 2009-11-05 22:06 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-04-16 00:03 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-16 00:03 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-16 00:03 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-16 00:03 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-16 00:03 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-16 00:00 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2010-04-16 00:00 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
2010-04-15 23:59 . 2010-04-16 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-15 23:59 . 2010-04-15 23:59 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-15 23:59 . 2010-04-15 23:59 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 23:59 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2010-04-15 23:59 . 2009-11-07 01:08 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
2010-04-15 23:59 . 2010-04-15 23:59 -------- d-----w- c:\program files\Norton Internet Security
2010-04-15 23:57 . 2010-04-15 23:57 -------- d-----w- c:\program files\NortonInstaller
2010-04-15 23:24 . 2010-04-15 23:25 -------- d-----w- c:\windows\ie8updates
2010-04-15 23:15 . 2010-04-15 23:15 -------- d-----w- c:\documents and settings\Oli\Application Data\Tific
2010-04-15 23:06 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-15 23:06 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-15 22:55 . 2010-04-15 22:55 -------- d-----w- c:\windows\ERUNT
2010-04-15 22:54 . 2010-04-15 23:13 -------- d-----w- C:\SDFix
2010-04-14 13:59 . 2010-04-14 13:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-13 19:05 . 2010-04-13 19:05 -------- d-sh--w- c:\documents and settings\Oli\IECompatCache
2010-04-13 19:03 . 2010-04-13 19:03 -------- d-sh--w- c:\documents and settings\Oli\PrivacIE
2010-04-13 18:58 . 2010-04-13 18:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-13 18:56 . 2010-04-13 18:56 -------- d-sh--w- c:\documents and settings\Oli\IETldCache
2010-04-13 17:39 . 2010-04-13 17:44 -------- dc-h--w- c:\windows\ie8
2010-04-13 13:33 . 2010-04-13 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-13 00:31 . 2010-04-13 00:31 52224 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 00:31 . 2010-04-13 00:31 117760 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com
2010-04-12 23:22 . 2010-04-12 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 14:31 . 2010-04-12 14:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\program files\Lavasoft
2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-08 15:08 . 2010-04-08 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\Oli\Application Data\Malwarebytes
2010-04-06 22:04 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-06 22:04 . 2010-04-14 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 22:04 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 01:27 . 2010-04-14 13:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-06 01:26 . 2010-04-23 11:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 00:30 . 2010-04-02 00:30 -------- d-----w- c:\documents and settings\Oli\Local Settings\Application Data\Blizzard Entertainment
2010-04-01 22:25 . 2010-04-01 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-31 19:22 . 2010-03-31 19:22 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-03-31 19:21 . 2010-03-31 19:21 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-31 19:17 . 2010-03-31 19:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2010-03-31 17:08 . 2010-03-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-03-30 20:48 . 2010-03-31 16:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-30 20:48 . 2010-04-12 17:57 -------- d-----w- c:\program files\World of Warcraft
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 17:19 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\Oli\Application Data\Skype
2010-04-22 17:19 . 2009-01-20 20:15 -------- d-----w- c:\program files\Steam
2010-04-22 16:54 . 2004-08-10 13:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-04-18 20:39 . 2009-02-11 20:53 -------- d-----w- c:\program files\Google
2010-04-18 02:14 . 2009-06-09 22:01 -------- d-----w- c:\program files\RealMedia
2010-04-17 23:02 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-17 22:47 . 2009-02-17 17:53 -------- d-----w- c:\program files\Winamp
2010-04-17 22:46 . 2009-02-17 17:53 -------- d-----w- c:\documents and settings\Oli\Application Data\Winamp
2010-04-17 22:40 . 2009-01-20 22:12 -------- d-----w- c:\program files\Common Files\Apple
2010-04-17 22:38 . 2009-01-21 07:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-16 00:39 . 2009-05-17 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 23:59 . 2010-04-15 23:59 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 23:59 . 2010-04-15 23:59 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 23:59 . 2009-01-20 19:51 -------- d-----w- c:\program files\Symantec
2010-04-15 23:34 . 2009-01-20 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-15 18:55 . 2009-02-08 15:45 -------- d-----w- c:\documents and settings\Oli\Application Data\skypePM
2010-04-14 15:08 . 2009-01-29 02:49 -------- d-----w- c:\documents and settings\Oli\Application Data\Saytpu
2010-04-14 00:10 . 2009-06-29 11:28 -------- d-----w- c:\documents and settings\Oli\Application Data\Atim
2010-04-13 15:42 . 2004-08-10 13:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-13 00:30 . 2009-02-03 17:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-12 23:23 . 2009-04-22 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-07 19:29 . 2009-01-21 21:07 1772 ----a-w- c:\documents and settings\Oli\Application Data\wklnhst.dat
2010-04-06 00:58 . 2009-10-27 12:58 623608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-22 02:33 . 2010-03-22 02:33 -------- d-----w- c:\documents and settings\Oli\Application Data\Media Player Classic
2010-03-21 21:20 . 2009-01-20 20:06 44592 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-21 03:06 . 2010-03-21 02:54 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe
2010-03-20 23:38 . 2009-06-28 14:17 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-17 20:13 . 2010-03-17 20:13 7680 ----a-w- c:\documents and settings\Oli\Application Data\Thinstall\Fireworks\4000001be300002i\Fireworks.exe
2010-03-17 20:13 . 2010-03-17 20:13 -------- d-----w- c:\documents and settings\Oli\Application Data\Thinstall
2010-03-10 06:15 . 2004-08-10 13:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 13:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 13:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-23 16:09 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 13:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 13:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 18:26 . 2010-02-02 18:26 8854 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( [email protected]_16.55.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-22 17:17 . 2010-04-22 17:17 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
+ 2010-04-22 17:18 . 2010-04-22 17:18 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\462b5.msp
+ 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-02-24 1217872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26105128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-07-27 282624]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-03-20 107176]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-09-08 503808]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Oli\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\youm_3]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"8518:TCP"= 8518:TCP:BitComet 8518 TCP
"8518:UDP"= 8518:UDP:BitComet 8518 UDP
"15171:TCP"= 15171:TCP:BitComet 15171 TCP
"15171:UDP"= 15171:UDP:BitComet 15171 UDP

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [16/04/2010 01:05 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [16/04/2010 01:05 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 21:38 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [16/04/2010 01:05 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [16/04/2010 01:05 116784]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [16/04/2010 01:04 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/04/2010 01:02 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [16/04/2010 23:04 329592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 21:55 133104]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [21/01/2009 22:00 98984]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\documents and settings\Oli\Application Data\Mozilla\Firefox\Profiles\2dyponi4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Oli\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 13:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1214440339-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:d0,6b,8f,63,45,10,89,c3,76,cb,95,56,a3,16,40,96,b8,d5,2e,d3,87,
53,74,42,29,96,be,6c,33,0a,74,81,15,37,f9,ed,87,64,1d,ca,a9,4c,b6,18,7d,67,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Completion time: 2010-04-23 13:09:40
ComboFix-quarantined-files.txt 2010-04-23 12:09
ComboFix2.txt 2010-04-22 16:57

Pre-Run: 49,611,976,704 bytes free
Post-Run: 49,570,676,736 bytes free

- - End Of File - - B84FC360D217D2EC1C196457AA7BD856
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

when will i have to click on 'enable' in defogger
We usually wait until the Clean up to re-enable your CD Emulation Drivers, but you can probably do that now if you like.

No problem with the Kaspersky Scan... I'll be here. Have a good trip.
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
Hi,

Thanks for the wait but, im just sending this message to let you know that im back from the trip and updating kasperky oninescanner as this message is being sent.

will post scan log as soon as its done
 

OliH

Thread Starter
Joined
Apr 17, 2010
Messages
16
Hi,

kaspersky is 43% done scanning right now and a question came to mind about my anti virus, (Norton),
Would i be able to get my money back off them for not protecting my computer twice now, and if so, could you help me do so?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top