| |
02-03-2010, 05:28 PM
| ||||
| ||||
 Win32 HEUR .... Please Help!! This is my second occurrence with this virus. The last time I had the much worse Win32Virut which culminated in a COMPLETE reformat of my hd... this time I'm hoping to nip it in the but before it gets that bad... please help me prevent this!  I have attached all the requested files, except for the Malwarebites Anti-Malware... when I had the Win32 Virut virus and tried to run that scan, every file/folder the scan opened, the Win32Virut infected once it was done! Before the scan was done, my computer was in complete meltdown!! So I'm trying to avoid doing that scan again unless you request it... then I'll trust you and do it! Please help me with this.... I really don't want to have to deal with another critical meltdown.... DDS (Ver_09-12-01.01) - NTFSx86 Run by USER at 15:50:43.25 on Wed 02/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.853 [GMT -5:00] AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\RegCure\RegCure.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox 3.6 Beta 4\firefox.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Documents and Settings\USER\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [<NO NAME>] StartupFolder: c:\docume~1\USER\startm~1\programs\startup\one not~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blu eto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258557983461 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll AppInit_DLLs: WBSYS.DLL c:\progra~1\google\google~1\GOEC62~1.DLL acaptuser32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\USER\applic~1\mozilla\firefox\prof iles\9xo1y9ap.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://ca.my.msn.com/?lang=en-ca FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\USER\application data\mozilla\firefox\profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox 3.6 beta 4\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox 3.6 beta 4\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox 3.6 beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [2009-11-23 161800] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2009-11-18 911680] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-23 333192] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-23 28424] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-23 360584] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-20 486280] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-23 285392] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-11-18 160288] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-24 193840] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-11-18 2480048] S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-18 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2010-2-2 38224] =============== Created Last 30 ================ 2010-02-02 20:45:33 0 d-----w- c:\docume~1\USER\applic~1\Malwarebytes 2010-02-02 20:45:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-02 20:45:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-02 20:45:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-02 20:45:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-02-02 20:24:19 0 d-----w- c:\program files\Trend Micro 2010-02-02 18:59:36 0 d-----w- c:\windows\pss 2010-02-02 15:25:36 0 d-----w- c:\docume~1\USER\applic~1\LimeWire 2010-02-02 15:22:03 0 d-----w- c:\program files\LimeWire 2010-02-01 20:19:58 45392 ----a-r- c:\windows\system32\AdobePDF.dll 2010-02-01 20:19:58 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2010-02-01 17:50:45 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-02-01 17:41:11 0 d-----w- c:\program files\common files\ParetoLogic 2010-02-01 17:41:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic 2010-02-01 17:25:04 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2010-02-01 06:33:38 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-02-01 06:33:34 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-02-01 06:31:05 0 d-----w- c:\windows\Applian Director 2010-02-01 06:31:05 0 d-----w- c:\program files\Applian Director 2010-02-01 06:30:30 0 d-----w- c:\windows\Replay Media Catcher 2010-02-01 06:30:30 0 d-----w- c:\program files\Replay Media Catcher 2010-02-01 03:36:26 14604 ----a-w- c:\windows\system32\drivers\pfc.sys 2010-02-01 03:36:18 344064 ----a-r- c:\windows\system32\msvcr70.dll 2010-01-24 17:56:54 0 d-----w- C:\Downloads 2010-01-24 17:56:38 0 d-----w- c:\docume~1\USER\applic~1\BitComet 2010-01-24 17:55:22 0 d-----w- c:\program files\BitComet 2010-01-23 21:17:02 0 d-----w- c:\windows\system32\VirtualExpander 2010-01-21 00:51:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-01-21 00:51:18 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-01-21 00:51:18 0 d-----w- c:\windows\system32\ZoneLabs 2010-01-21 00:51:15 422437 ----a-w- c:\windows\system32\vsconfig.xml 2010-01-21 00:51:14 0 d-----w- c:\program files\Zone Labs 2010-01-21 00:50:48 0 d-----w- c:\windows\Internet Logs 2010-01-15 20:40:32 283648 ----a-w- c:\windows\uninst.exe 2010-01-15 20:40:22 0 d-----w- c:\documents and settings\USER\WINDOWS 2010-01-15 18:57:14 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-14 23:59:17 0 d-----w- c:\program files\USArmy 2010-01-14 23:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\AA2DeployClient 2010-01-14 21:53:23 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-14 21:53:22 139152 ----a-w- c:\docume~1\USER\applic~1\PnkBstrK.sys 2010-01-14 21:53:05 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-14 21:53:04 794408 ----a-w- c:\windows\system32\pbsvc.exe 2010-01-14 21:53:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-14 21:53:01 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-01-14 21:53:00 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-01-14 21:53:00 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-01-14 20:17:53 0 d-----w- C:\7c5c1ac9c239eb312fd373f5d3 2010-01-14 20:00:51 0 d-----w- c:\windows\system32\XPSViewer 2010-01-14 19:59:36 14048 ------w- c:\windows\system32\spmsg2.dll ==================== Find3M ==================== 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-14 19:43:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-10 21:19:14 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-11-18 14:43:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-14 00:49:00 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-11-14 00:49:00 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll ============= FINISH: 15:52:58.12 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-03 09:10:42 Windows 5.1.2600 Service Pack 3 Running: shbjmvc3.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\kwlyqkoc.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@jaeocglnoapgplihfeki 0x62 0x61 0x61 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@jaeocglnoapgplihfegp 0x62 0x61 0x65 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}@iaepgdjoplkhnlpmff 0x6B 0x61 0x68 0x6D ... ---- EOF - GMER 1.0.15 ----        |
|
02-09-2010, 09:42 AM
| ||||
| ||||
| memphius, Sorry for the delay.  Download TFC to your desktop
=============================  CombofixDownload Combofix to your desktop from one of these locations: Link 1
Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
__________________ __________________ Facebook Fan Page: www.tech-101.com/facebook Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions |
|
02-09-2010, 11:47 AM
| ||||
| ||||
| Blinddragon, thanks for your reply. Below is the requested ComboFix Log. ComboFix 10-02-08.09 - User 02/09/2010 10:09:52.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1109 [GMT -5:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1845945926-9116041-2765801704-1000 c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk c:\windows\system32\lsprst7.dll c:\windows\system32\nsprs.dll c:\windows\system32\serauth1.dll c:\windows\system32\serauth2.dll c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-02-02 20:45 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-02 20:45 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-02 20:24 . 2010-02-02 20:24 -------- d-----w- c:\program files\Trend Micro 2010-02-02 15:25 . 2010-02-02 20:10 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire 2010-02-02 15:22 . 2010-02-02 15:22 -------- d-----w- c:\program files\LimeWire 2010-02-01 20:19 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2010-02-01 20:19 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll 2010-02-01 17:50 . 2010-02-01 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2010-02-01 17:50 . 2010-02-01 18:04 -------- d-----w- c:\program files\RegCure 2010-02-01 17:41 . 2010-02-02 18:36 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-02-01 17:41 . 2010-02-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-02-01 17:40 . 2010-02-01 17:40 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations 2010-02-01 17:25 . 2010-02-01 17:25 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2010-02-01 06:33 . 2010-02-01 17:17 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-02-01 06:33 . 2010-02-01 17:17 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\mdnslib 2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\windows\Applian Director 2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\program files\Applian Director 2010-02-01 06:30 . 2010-02-01 16:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\FLVService 2010-02-01 06:30 . 2010-02-02 18:43 -------- d-----w- c:\program files\Replay Media Catcher 2010-02-01 06:30 . 2010-02-01 06:30 -------- d-----w- c:\windows\Replay Media Catcher 2010-02-01 03:36 . 2003-08-11 15:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys 2010-02-01 03:36 . 2003-08-11 15:13 344064 ----a-r- c:\windows\system32\msvcr70.dll 2010-01-27 18:35 . 2010-01-27 18:35 -------- d-----w- c:\program files\Common Files\Java 2010-01-24 17:56 . 2010-01-28 02:04 -------- d-----w- C:\Downloads 2010-01-24 17:56 . 2010-01-28 02:05 -------- d-----w- c:\documents and settings\User\Application Data\BitComet 2010-01-24 17:55 . 2010-01-24 17:56 -------- d-----w- c:\program files\BitComet 2010-01-23 21:55 . 2010-01-23 21:55 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer 2010-01-23 21:17 . 2010-01-23 21:17 -------- d-----w- c:\windows\system32\VirtualExpander 2010-01-21 00:51 . 2010-01-21 00:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-01-21 00:51 . 2009-11-22 20:42 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-01-21 00:51 . 2009-11-22 20:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-01-21 00:51 . 2010-01-21 00:51 -------- d-----w- c:\windows\system32\ZoneLabs 2010-01-21 00:51 . 2009-11-22 20:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-01-21 00:51 . 2010-01-21 00:51 -------- d-----w- c:\program files\Zone Labs 2010-01-21 00:50 . 2010-02-09 15:18 -------- d-----w- c:\windows\Internet Logs 2010-01-15 20:40 . 1996-01-09 15:38 283648 ----a-w- c:\windows\uninst.exe 2010-01-15 20:40 . 2010-01-15 20:40 -------- d-----w- c:\documents and settings\User\WINDOWS 2010-01-15 18:57 . 2010-01-15 20:24 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-14 23:59 . 2010-01-14 23:59 -------- d-----w- c:\program files\USArmy 2010-01-14 23:08 . 2010-01-19 05:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AA2DeployClient 2010-01-14 23:08 . 2010-01-14 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AA2DeployClient 2010-01-14 23:07 . 2010-01-19 05:49 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment 2010-01-14 21:53 . 2010-01-19 05:22 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-14 21:53 . 2010-01-19 05:22 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-14 21:53 . 2010-01-19 05:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-01-14 21:53 . 2010-01-19 05:22 794408 ----a-w- c:\windows\system32\pbsvc.exe 2010-01-14 21:53 . 2007-07-20 05:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-01-14 21:53 . 2007-07-19 23:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll 2010-01-14 21:53 . 2007-07-19 23:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll 2010-01-14 20:17 . 2010-01-14 20:18 -------- d-----w- C:\7c5c1ac9c239eb312fd373f5d3 2010-01-14 20:00 . 2010-01-14 20:20 -------- d-----w- c:\windows\system32\XPSViewer 2010-01-14 20:00 . 2010-01-14 20:00 -------- d-----w- c:\program files\Reference Assemblies 2010-01-14 20:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll 2010-01-14 19:59 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-02-09 15:21 . 2009-11-19 00:23 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2010-02-09 14:51 . 2009-11-19 00:25 -------- d-----w- c:\documents and settings\User\Application Data\skypePM 2010-02-09 14:50 . 2010-01-23 17:16 3993276 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-02-08 23:28 . 2009-11-23 14:58 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat 2010-02-03 21:06 . 2009-11-19 00:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc 2010-02-02 21:07 . 2010-02-02 21:08 2828288 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2010-02-02 20:28 . 2009-11-19 00:14 -------- d-----w- c:\documents and settings\User\Application Data\Azureus 2010-02-01 21:29 . 2009-11-18 22:41 71184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-01 17:50 . 2010-02-01 17:49 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe 2010-02-01 17:35 . 2009-11-23 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-01 03:41 . 2009-11-18 16:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-01 03:36 . 2009-11-18 15:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-29 00:12 . 2009-11-19 00:21 -------- d-----r- c:\program files\Skype 2010-01-27 18:35 . 2010-01-27 18:35 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\msvcp71.dll 2010-01-27 18:35 . 2010-01-27 18:35 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\jmc.dll 2010-01-27 18:35 . 2010-01-27 18:35 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\msvcr71.dll 2010-01-27 18:35 . 2010-01-27 18:35 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-2a92fc51-n\decora-sse.dll 2010-01-27 18:35 . 2010-01-27 18:35 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-2a92fc51-n\decora-d3d.dll 2010-01-27 18:35 . 2009-11-18 16:25 -------- d-----w- c:\program files\Java 2010-01-25 20:47 . 2009-11-23 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-24 18:06 . 2009-11-19 02:31 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss 2010-01-24 18:04 . 2009-11-19 00:14 -------- d-----w- c:\program files\Vuze 2010-01-23 21:20 . 2009-12-11 00:55 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-01-20 23:37 . 2009-11-19 00:34 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 06:17 . 2009-12-11 00:35 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 4 2010-01-19 05:22 . 2010-01-14 21:53 139152 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys 2010-01-19 05:22 . 2010-01-14 21:53 139152 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys 2010-01-19 04:54 . 2009-12-01 16:55 -------- d-----w- c:\program files\Uninstall Tool 2010-01-19 04:42 . 2009-11-19 00:36 -------- d-----w- c:\program files\Stardock 2010-01-14 20:08 . 2009-12-13 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-01-14 20:01 . 2009-11-23 13:39 -------- d-----w- c:\program files\MSBuild 2010-01-14 18:27 . 2010-01-26 17:16 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-01-14 18:27 . 2009-12-10 18:50 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-01-07 17:14 . 2010-01-07 17:14 -------- d-----w- c:\program files\Adobe Media Player 2010-01-07 17:08 . 2010-01-07 17:08 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-01-06 03:43 . 2009-11-20 05:36 -------- d-----w- c:\documents and settings\User\Application Data\DivX 2010-01-05 20:57 . 2010-01-18 17:59 545280 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\PicLensHelper.ex e 2010-01-05 20:57 . 2010-01-18 17:59 153600 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll 2010-01-05 20:57 . 2010-01-18 17:59 103424 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\pixomatic.dll 2010-01-05 20:57 . 2010-01-18 17:59 344064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\LaunchCooliris.e xe 2010-01-05 20:57 . 2010-01-18 17:59 57856 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll 2010-01-05 20:57 . 2010-01-18 17:59 4725760 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\cooliris192.dll 2009-12-21 19:14 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-20 13:57 . 2009-12-20 13:57 -------- d-----w- c:\documents and settings\User\Application Data\AVG9 2009-12-18 16:02 . 2009-11-23 15:30 -------- d-----w- c:\program files\SPSS Evaluation 2009-12-17 22:14 . 2009-11-18 16:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 19:42 . 2010-01-06 17:59 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 19:42 . 2010-01-06 17:59 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 19:42 . 2010-01-06 17:59 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 19:41 . 2010-01-06 17:59 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-14 19:43 . 2009-11-23 21:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-12-14 19:43 . 2009-11-23 21:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-12-13 21:36 . 2009-12-13 21:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-12-10 21:47 . 2009-12-10 21:31 132 ----a-w- c:\windows\system32\09wutili.sys 2009-12-10 21:19 . 2009-12-10 21:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-11-26 03:33 . 2009-11-26 03:33 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe 2009-11-26 03:32 . 2009-11-26 03:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe 2009-11-26 03:32 . 2009-11-26 03:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe 2009-11-23 21:25 . 2009-11-23 21:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-23 21:25 . 2009-11-23 21:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-23 21:24 . 2009-11-23 21:24 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-11-23 15:32 . 2009-11-23 15:32 1024 ----a-w- c:\windows\system32\clauth2.dll 2009-11-23 15:32 . 2009-11-23 15:32 1024 ----a-w- c:\windows\system32\clauth1.dll 2009-11-23 15:30 . 2009-11-23 15:30 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-11-21 15:51 . 2008-04-14 09:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-19 00:38 . 2009-11-19 00:38 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2009-11-19 00:25 . 2009-11-19 00:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-11-19 00:21 . 2009-11-19 00:21 0 ----a-w- c:\windows\nsreg.dat 2009-11-18 23:29 . 2009-11-18 14:46 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-18 23:10 . 2009-11-18 23:10 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys 2009-11-18 23:10 . 2009-11-18 23:10 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys 2009-11-18 23:10 . 2009-11-18 23:10 581984 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-11-18 23:10 . 2009-11-18 23:10 158272 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-11-18 16:24 . 2009-11-18 16:24 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-18 14:43 . 2009-11-18 14:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-14 00:49 . 2009-11-19 00:19 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-11-14 00:49 . 2009-11-19 00:19 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll . ------- Sigcheck ------- [-] 2008-11-07 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.ex e" [2006-08-14 94208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-18 30192] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-31 5106808] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192] c:\documents and settings\User\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-12-14 19:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2009-12-10 21:32 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup backupExtension=Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2009-10-31 08:49 361568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-11-26 19:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-11-26 19:54 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "24974:TCP"= 24974:TCP:BitComet 24974 TCP "24974:UDP"= 24974:UDP:BitComet 24974 UDP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [11/23/2009 4:24 PM 161800] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [11/18/2009 6:10 PM 911680] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/23/2009 4:25 PM 333192] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/23/2009 4:25 PM 360584] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/23/2009 4:24 PM 285392] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/18/2009 6:10 PM 160288] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/24/2009 12:34 PM 193840] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/18/2009 6:10 PM 2480048] S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2009 5:42 PM 30192] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2/2/2010 3:45 PM 38224] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 17:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-02-01 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] 2010-02-09 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] 2010-02-01 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] 2010-02-09 c:\windows\Tasks\User_Feed_Synchronization-{25A10DCB-AD8C-4A28-ABB3-0C54ACA61C63}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-09 10:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1275210071-838170752-842925246-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jaeocglnoapgplihfeki"=hex:62,61,61,6d,00,00 "jaeocglnoapgplihfegp"=hex:62,61,65,6d,00,00 "iaepgdjoplkhnlpmff"=hex:6b,61,68,6d,6f,70,69,67,6 1,6c,62,69,67,6e,64,6e,62,6a, 6b,66,66,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1084) c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - - - - - - - > 'explorer.exe'(1108) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\AVG\AVG9\avgam.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************** ************************ . Completion time: 2010-02-09 10:24:52 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-09 15:24 Pre-Run: 71,010,258,944 bytes free Post-Run: 70,870,196,224 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut - - End Of File - - A4F575B245702DCF6C49CE2F69C1F50B |
|
02-09-2010, 12:17 PM
| ||||
| ||||
| **P2P programs** Such as Bittorrent and Limewire = Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. see http://spywarewarrior.com/viewtopic.php?t=26216 Worse off, Limewire is set to run every time you boot your computer. At the very least I would disable it from running automatically when you boot your computer. ====================================== Run CFScript Open notepad and copy/paste the text in the code box below into it: NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it. Also .. Pay particular attention to this :- Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it) Quote:
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply =========================== Update Malwarebytes Anti-malware Run another quick scan Post the log here along with combofix.txt
__________________ __________________ Facebook Fan Page: www.tech-101.com/facebook Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions |
|
02-09-2010, 01:28 PM
| ||||
| ||||
| and thanks for your advisory on P2P programs; I am certain that torrents are the cause of this infection and will be making steps to remove torrents and their associated files from my computer following this malware removal. its not worth the trouble! |
|
02-09-2010, 01:40 PM
| ||||
| ||||
| Did you update and rescan with MBAM? Log?
__________________ __________________ Facebook Fan Page: www.tech-101.com/facebook Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions |
 |
| Tags |
| heur, virus, win32, win32heur |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
LinkBacks (?)
LinkBack to this Thread: http://www.tech-101.com/virus-malware-removal/1111-win32-heur-please-help.html | ||||
| Posted By | For | Type | Date | |
| Win32 HEUR .... Please Help!! - Tech-101 Free Computer Support | This thread | Refback | 02-03-2010 05:52 PM | |
Copyright © 2009 Tech-101.com. All rights reserved.
Linear Mode
