Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Help! can't get rid of Trojan Dropper


Rage

Recommended Posts

Look here: C:\Qoobox\ComboFix or C:\Qoobox\LastRun for the logs. Since you've run ComboFix 8 times you will probably find a lot of logs there.

 

P2P - I see you have P2P software installed on your machine (BitTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*********************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

Link to comment
Share on other sites

OK, I think I found the right one...

 

ComboFix 10-09-15.01 - Ragewind 09/15/2010 20:49:23.5.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2684 [GMT -5:00]

Running from: g:\documents and settings\Ragewind\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))

.

 

2010-09-15 18:28 . 2010-09-15 18:28 -------- d-----w- g:\windows\system32\wbem\Repository

2010-09-15 17:04 . 2010-09-15 18:26 -------- d-----w- G:\RECYCLER(2)

2010-09-03 18:35 . 2010-09-03 22:22 -------- d-----w- g:\windows\system32\NtmsData

2010-09-03 18:33 . 2010-09-03 18:33 -------- d-----w- g:\documents and settings\Ragewind\Application Data\Avira

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Enigma Software Group

2010-09-03 17:40 . 2010-09-03 17:59 -------- d-----w- g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard

2010-09-03 17:30 . 2010-09-03 17:30 -------- d-----w- g:\documents and settings\Ragewind\Local Settings\Application Data\Threat Expert

2010-09-03 17:16 . 2010-09-03 17:17 80770088 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe

2010-09-03 17:10 . 2010-09-05 00:07 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP

2010-09-03 17:09 . 2010-09-03 17:09 80767800 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-03 17:09 . 2010-09-05 00:07 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-16 01:47 . 2009-03-23 16:56 -------- d-----w- g:\documents and settings\Ragewind\Application Data\BitTorrent

2010-09-16 01:46 . 2009-03-08 19:28 16608 ----a-w- g:\windows\gdrv.sys

2010-09-15 17:30 . 2009-06-25 14:56 -------- d-----w- g:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-09-04 17:57 . 2009-11-14 14:22 -------- d-----w- g:\program files\BitTorrent

2010-09-04 16:05 . 2010-03-03 13:49 -------- d-----w- g:\documents and settings\All Users\Application Data\IObit

2010-09-04 16:05 . 2009-11-08 22:55 -------- d-----w- g:\program files\IObit

2010-09-03 17:18 . 2010-09-03 17:18 595548 ----a-w- g:\windows\system32\drivers\Cat.DB

2010-09-02 08:00 . 2010-03-18 16:10 -------- d-----w- g:\program files\Microsoft Silverlight

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Common Files\Java

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Java

2010-08-21 07:03 . 2009-10-02 19:49 -------- d-----w- g:\program files\Lexmark X1100 Series

2010-08-15 17:54 . 2009-09-03 17:08 -------- d-----w- g:\documents and settings\Ragewind\Application Data\U3

2010-08-07 17:01 . 2010-08-07 17:01 503808 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcp71.dll

2010-08-07 17:01 . 2010-08-07 17:01 499712 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\jmc.dll

2010-08-07 17:01 . 2010-08-07 17:01 348160 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcr71.dll

2010-08-07 17:01 . 2010-08-07 17:01 61440 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-sse.dll

2010-08-07 17:01 . 2010-08-07 17:01 12800 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-d3d.dll

2010-08-07 16:01 . 2010-08-07 16:01 371256 ----a-w- g:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-17 10:00 . 2010-05-01 01:03 423656 ----a-w- g:\windows\system32\deployJava1.dll

2010-07-16 19:31 . 2009-03-08 21:30 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-07-16 19:31 . 2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

2010-07-16 19:30 . 2009-03-08 21:30 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-07-07 23:09 . 2009-03-03 14:49 192080 -c--a-w- g:\documents and settings\Ragewind\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-09-14_01.52.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-16 01:46 . 2010-09-16 01:46 16384 g:\windows\temp\Perflib_Perfdata_bf4.dat

+ 2010-09-16 01:47 . 2010-09-16 01:47 16384 g:\windows\temp\Perflib_Perfdata_ae8.dat

+ 2009-03-08 15:25 . 2010-09-15 18:28 2265456 g:\windows\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2010-02-23 21:24 2349080 ----a-w- g:\program files\IObitCom\tbIOb1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-31 39408]

"Search Protection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Advanced SystemCare 3"="g:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

"ManyCam"="g:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

"BitTorrent"="g:\program files\BitTorrent\BitTorrent.exe" [2010-09-04 2931568]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="g:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"YMailAdvisor"="g:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"vscvol.exe"="g:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]

"vsc32cnf.exe"="g:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"Lexmark X1100 Series"="g:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"itype"="g:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"IntelliPoint"="g:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]

"AVG9_TRAY"="g:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]

"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="g:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=vscapi.dll

"WAVE2"=vscapi.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"g:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=

"g:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"g:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"g:\\WINDOWS\\system32\\dpvsetup.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"g:\\bb\\bbw.exe"=

"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [3/8/2009 4:30 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [3/8/2009 4:30 PM 243024]

R2 avg9wd;AVG Free WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 2:31 PM 308136]

R2 GEST Service;GEST Service for program management.;g:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/8/2009 2:29 PM 68136]

R2 IS360service;IS360service;g:\program files\IObit\IObit Security 360\is360srv.exe [9/4/2010 11:07 AM 312152]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]

R3 vsc32;Virtual Sound Canvas 3.2;g:\windows\system32\drivers\vsc.sys [3/25/2009 10:55 AM 951284]

S3 DSCVc;Video Capture;g:\windows\system32\drivers\CoachVc.sys [3/24/2010 3:17 AM 44256]

S3 esgiguard;esgiguard;\??\g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [2/12/2010 4:42 PM 36608]

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-13 g:\windows\Tasks\AppleSoftwareUpdate.job

- g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-09-16 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-16 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-11 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-16 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 20:55

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3332)

g:\windows\system32\WININET.dll

g:\progra~1\WINDOW~2\wmpband.dll

g:\windows\system32\ieframe.dll

g:\windows\system32\webcheck.dll

g:\windows\system32\WPDShServiceObj.dll

g:\windows\system32\PortableDeviceTypes.dll

g:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-15 20:56:55

ComboFix-quarantined-files.txt 2010-09-16 01:56

ComboFix2.txt 2010-09-15 16:56

ComboFix3.txt 2010-09-15 16:03

ComboFix4.txt 2010-09-15 13:40

ComboFix5.txt 2010-09-15 21:39

 

Pre-Run: 417,861,771,264 bytes free

Post-Run: 417,849,942,016 bytes free

 

- - End Of File - - 97E8BA62230E8F75B20C20B0FEE1D218

Link to comment
Share on other sites

OK, I had to re-run the script again, but it didn't freeze up this time, so here is the log...

 

ComboFix 10-09-16.05 - Ragewind 09/17/2010 6:19.2.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2527 [GMT -5:00]

Running from: g:\documents and settings\Ragewind\Desktop\ComboFix.exe

Command switches used :: g:\documents and settings\Ragewind\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

"g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP"

.

 

((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))

.

 

2010-09-16 21:14 . 2010-09-16 21:14 -------- d-----w- G:\c0b794a7177f74fbaf

2010-09-16 18:23 . 2010-09-16 18:23 -------- d-----w- g:\windows\system32\wbem\Repository

2010-09-16 02:58 . 2010-09-16 18:55 -------- d-----w- G:\ComboFix(2)

2010-09-15 17:04 . 2010-09-16 18:21 -------- d-----w- G:\RECYCLER(2)

2010-09-03 18:35 . 2010-09-03 22:22 -------- d-----w- g:\windows\system32\NtmsData

2010-09-03 18:33 . 2010-09-03 18:33 -------- d-----w- g:\documents and settings\Ragewind\Application Data\Avira

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Enigma Software Group

2010-09-03 17:40 . 2010-09-03 17:59 -------- d-----w- g:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP

2010-09-03 17:40 . 2010-09-03 17:40 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard

2010-09-03 17:30 . 2010-09-03 17:30 -------- d-----w- g:\documents and settings\Ragewind\Local Settings\Application Data\Threat Expert

2010-09-03 17:16 . 2010-09-03 17:17 80770088 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_dl.exe

2010-09-03 17:10 . 2010-09-05 00:07 -------- d---a-w- g:\documents and settings\All Users\Application Data\TEMP

2010-09-03 17:09 . 2010-09-03 17:09 80767800 ----a-w- g:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-03 17:09 . 2010-09-05 00:07 -------- d-----w- g:\documents and settings\All Users\Application Data\PC Tools

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-17 11:29 . 2009-03-23 16:56 -------- d-----w- g:\documents and settings\Ragewind\Application Data\BitTorrent

2010-09-17 11:27 . 2009-03-08 19:28 16608 ----a-w- g:\windows\gdrv.sys

2010-09-15 17:30 . 2009-06-25 14:56 -------- d-----w- g:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-09-04 17:57 . 2009-11-14 14:22 -------- d-----w- g:\program files\BitTorrent

2010-09-04 16:05 . 2010-03-03 13:49 -------- d-----w- g:\documents and settings\All Users\Application Data\IObit

2010-09-04 16:05 . 2009-11-08 22:55 -------- d-----w- g:\program files\IObit

2010-09-03 17:18 . 2010-09-03 17:18 595548 ----a-w- g:\windows\system32\drivers\Cat.DB

2010-09-02 08:00 . 2010-03-18 16:10 -------- d-----w- g:\program files\Microsoft Silverlight

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Common Files\Java

2010-08-24 05:57 . 2010-04-27 21:56 -------- d-----w- g:\program files\Java

2010-08-21 07:03 . 2009-10-02 19:49 -------- d-----w- g:\program files\Lexmark X1100 Series

2010-08-15 17:54 . 2009-09-03 17:08 -------- d-----w- g:\documents and settings\Ragewind\Application Data\U3

2010-08-07 17:01 . 2010-08-07 17:01 503808 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcp71.dll

2010-08-07 17:01 . 2010-08-07 17:01 499712 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\jmc.dll

2010-08-07 17:01 . 2010-08-07 17:01 348160 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2c3cee3d-n\msvcr71.dll

2010-08-07 17:01 . 2010-08-07 17:01 61440 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-sse.dll

2010-08-07 17:01 . 2010-08-07 17:01 12800 ----a-w- g:\documents and settings\Ragewind\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-496a4d87-n\decora-d3d.dll

2010-08-07 16:01 . 2010-08-07 16:01 371256 ----a-w- g:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-17 10:00 . 2010-05-01 01:03 423656 ----a-w- g:\windows\system32\deployJava1.dll

2010-07-16 19:31 . 2009-03-08 21:30 243024 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-07-16 19:31 . 2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

2010-07-16 19:30 . 2009-03-08 21:30 216400 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-07-07 23:09 . 2009-03-03 14:49 192080 -c--a-w- g:\documents and settings\Ragewind\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll

2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys

2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of G:\20db017056119b138b ----

 

2006-10-09 02:51 . 2006-10-09 02:51 742192 ----a-w- g:\20db017056119b138b\update\update.exe

 

---- Directory of g:\windows\system32\NtmsData ----

 

2010-09-03 18:35 . 2010-09-03 18:35 816 ----a-w- g:\windows\system32\NtmsData\NTMSREG

2010-09-03 18:35 . 2010-09-03 22:22 92552 ----a-w- g:\windows\system32\NtmsData\NTMSIDX

2010-09-03 18:35 . 2010-09-03 22:22 151552 ----a-w- g:\windows\system32\NtmsData\NTMSDATA

2010-09-03 18:35 . 2010-09-03 22:22 151552 ----a-w- g:\windows\system32\NtmsData\NTMSDATA.BAK

 

 

((((((((((((((((((((((((((((( SnapShot@2010-09-14_01.52.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-17 11:27 . 2010-09-17 11:27 40960 g:\windows\temp\rtdrvmon.exe

+ 2010-09-17 11:27 . 2010-09-17 11:27 16384 g:\windows\temp\Perflib_Perfdata_7b0.dat

+ 2010-09-16 22:58 . 2010-09-16 22:58 16384 g:\windows\temp\Perflib_Perfdata_480.dat

+ 2010-09-17 11:27 . 2010-09-17 11:27 16384 g:\windows\temp\Perflib_Perfdata_430.dat

+ 2010-09-17 11:27 . 2010-09-17 11:27 16384 g:\windows\temp\Perflib_Perfdata_274.dat

+ 2009-03-08 15:25 . 2010-09-16 22:55 422060 g:\windows\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2010-02-23 21:24 2349080 ----a-w- g:\program files\IObitCom\tbIOb1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "g:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "g:\program files\IObitCom\tbIOb1.dll" [2010-02-23 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-31 39408]

"Search Protection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"Messenger (Yahoo!)"="g:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

"Advanced SystemCare 3"="g:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

"ManyCam"="g:\program files\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]

"BitTorrent"="g:\program files\BitTorrent\BitTorrent.exe" [2010-09-04 2931568]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="g:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"YMailAdvisor"="g:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"vscvol.exe"="g:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]

"vsc32cnf.exe"="g:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"QuickTime Task"="g:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"nwiz"="nwiz.exe" [2009-03-28 1657376]

"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2009-03-28 86016]

"Lexmark X1100 Series"="g:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"itype"="g:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"IntelliPoint"="g:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]

"AVG9_TRAY"="g:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Adobe Acrobat Speed Launcher"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]

"Acrobat Assistant 8.0"="g:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-11 202256]

"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IObit Security 360"="g:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 19:31 12536 ----a-w- g:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=vscapi.dll

"WAVE2"=vscapi.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"g:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=

"g:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"g:\\Program Files\\iTunes\\iTunes.exe"=

"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"g:\\WINDOWS\\system32\\dpvsetup.exe"=

"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

"g:\\bb\\bbw.exe"=

"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [3/8/2009 4:30 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;g:\windows\system32\drivers\avgtdix.sys [3/8/2009 4:30 PM 243024]

R2 avg9wd;AVG Free WatchDog;g:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 2:31 PM 308136]

R2 GEST Service;GEST Service for program management.;g:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/8/2009 2:29 PM 68136]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]

R3 vsc32;Virtual Sound Canvas 3.2;g:\windows\system32\drivers\vsc.sys [3/25/2009 10:55 AM 951284]

S2 IS360service;IS360service;g:\program files\IObit\IObit Security 360\is360srv.exe [9/4/2010 11:07 AM 312152]

S3 DSCVc;Video Capture;g:\windows\system32\drivers\CoachVc.sys [3/24/2010 3:17 AM 44256]

S3 esgiguard;esgiguard;\??\g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> g:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [2/12/2010 4:42 PM 36608]

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-13 g:\windows\Tasks\AppleSoftwareUpdate.job

- g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-09-17 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-17 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-11 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

 

2010-09-17 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1580436667-1801674531-1004.job

- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - g:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-17 06:27

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,e4,a6,25,d5,02,b1,40,a7,06,53,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="g:\\windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3480)

g:\windows\system32\WININET.dll

g:\windows\system32\ieframe.dll

g:\windows\system32\webcheck.dll

g:\windows\system32\WPDShServiceObj.dll

g:\windows\system32\PortableDeviceTypes.dll

g:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

g:\program files\AVG\AVG9\avgchsvx.exe

g:\program files\AVG\AVG9\avgrsx.exe

g:\windows\system32\LEXBCES.EXE

g:\program files\AVG\AVG9\avgcsrvx.exe

g:\windows\system32\LEXPPS.EXE

g:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

g:\program files\Bonjour\mDNSResponder.exe

g:\program files\Java\jre6\bin\jqs.exe

g:\windows\system32\nvsvc32.exe

g:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

g:\windows\system32\SearchIndexer.exe

g:\windows\system32\wscntfy.exe

g:\program files\AVG\AVG9\avgnsx.exe

g:\windows\SOUNDMAN.EXE

g:\windows\RTHDCPL.EXE

g:\windows\system32\RUNDLL32.EXE

g:\program files\Lexmark X1100 Series\lxbkbmon.exe

g:\windows\Mixer.exe

g:\program files\Microsoft IntelliPoint\dpupdchk.exe

g:\program files\iPod\bin\iPodService.exe

g:\windows\system32\SearchProtocolHost.exe

g:\program files\Yahoo!\Messenger\ymsgr_tray.exe

g:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2010-09-17 06:32:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-17 11:32

ComboFix2.txt 2010-09-16 01:56

 

Pre-Run: 417,145,794,560 bytes free

Post-Run: 417,152,188,416 bytes free

 

- - End Of File - - CD25ED4F9E748B30A9272A8CA7468A53

Link to comment
Share on other sites

And here is the new rootrepeal log...

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/17 06:54

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -

Status: -

 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: afd.sys

Image Path: G:\windows\System32\drivers\afd.sys

Address: 0xB4CE7000 Size: 138496 File Visible: - Signed: -

Status: -

 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xB9F31000 Size: 96512 File Visible: - Signed: -

Status: -

 

Name: ATMFD.DLL

Image Path: G:\windows\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

 

Name: audstub.sys

Image Path: G:\windows\system32\DRIVERS\audstub.sys

Address: 0xBA717000 Size: 3072 File Visible: - Signed: -

Status: -

 

Name: avgldx86.sys

Image Path: G:\windows\System32\Drivers\avgldx86.sys

Address: 0xB4C18000 Size: 209664 File Visible: - Signed: -

Status: -

 

Name: avgmfx86.sys

Image Path: G:\windows\System32\Drivers\avgmfx86.sys

Address: 0xBA3E0000 Size: 22848 File Visible: - Signed: -

Status: -

 

Name: avgtdix.sys

Image Path: G:\windows\System32\Drivers\avgtdix.sys

Address: 0xB4D31000 Size: 236288 File Visible: - Signed: -

Status: -

 

Name: Beep.SYS

Image Path: G:\windows\System32\Drivers\Beep.SYS

Address: 0xBA5EC000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: BOOTVID.dll

Image Path: G:\windows\system32\BOOTVID.dll

Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: catchme.sys

Image Path: G:\ComboFix\catchme.sys

Address: 0xB4BE0000 Size: 31744 File Visible: No Signed: -

Status: -

 

Name: Cdfs.SYS

Image Path: G:\windows\System32\Drivers\Cdfs.SYS

Address: 0xBA2D8000 Size: 63744 File Visible: - Signed: -

Status: -

 

Name: cdrom.sys

Image Path: G:\windows\system32\DRIVERS\cdrom.sys

Address: 0xB95FA000 Size: 62976 File Visible: - Signed: -

Status: -

 

Name: CLASSPNP.SYS

Image Path: G:\windows\system32\DRIVERS\CLASSPNP.SYS

Address: 0xBA0F8000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: cmudax3.sys

Image Path: G:\windows\system32\drivers\cmudax3.sys

Address: 0xB8D9D000 Size: 1512960 File Visible: - Signed: -

Status: -

 

Name: Combo-Fix.sys

Image Path: Combo-Fix.sys

Address: 0xBA108000 Size: 60416 File Visible: No Signed: -

Status: -

 

Name: disk.sys

Image Path: disk.sys

Address: 0xBA0E8000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: drmk.sys

Image Path: G:\windows\system32\drivers\drmk.sys

Address: 0xB95DA000 Size: 61440 File Visible: - Signed: -

Status: -

 

Name: Dxapi.sys

Image Path: G:\windows\System32\drivers\Dxapi.sys

Address: 0xBA598000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: dxg.sys

Image Path: G:\windows\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

 

Name: dxgthk.sys

Image Path: G:\windows\System32\drivers\dxgthk.sys

Address: 0xBA7B3000 Size: 4096 File Visible: - Signed: -

Status: -

 

Name: Fastfat.SYS

Image Path: G:\windows\System32\Drivers\Fastfat.SYS

Address: 0xB4B7C000 Size: 143744 File Visible: - Signed: -

Status: -

 

Name: fdc.sys

Image Path: G:\windows\system32\DRIVERS\fdc.sys

Address: 0xBA478000 Size: 27392 File Visible: - Signed: -

Status: -

 

Name: Fips.SYS

Image Path: G:\windows\System32\Drivers\Fips.SYS

Address: 0xBA288000 Size: 44544 File Visible: - Signed: -

Status: -

 

Name: flpydisk.sys

Image Path: G:\windows\system32\DRIVERS\flpydisk.sys

Address: 0xBA350000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xB9EF9000 Size: 129792 File Visible: - Signed: -

Status: -

 

Name: Fs_Rec.SYS

Image Path: G:\windows\System32\Drivers\Fs_Rec.SYS

Address: 0xBA5EA000 Size: 7936 File Visible: - Signed: -

Status: -

 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -

Status: -

 

Name: gdrv.sys

Image Path: G:\WINDOWS\gdrv.sys

Address: 0xB3932000 Size: 9184 File Visible: - Signed: -

Status: -

 

Name: GEARAspiWDM.sys

Image Path: G:\windows\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xBA470000 Size: 21120 File Visible: - Signed: -

Status: -

 

Name: hal.dll

Image Path: G:\windows\system32\hal.dll

Address: 0x806E4000 Size: 134400 File Visible: - Signed: -

Status: -

 

Name: HDAudBus.sys

Image Path: G:\windows\system32\DRIVERS\HDAudBus.sys

Address: 0xB8F4C000 Size: 163840 File Visible: - Signed: -

Status: -

 

Name: HIDCLASS.SYS

Image Path: G:\windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0xBA2B8000 Size: 36864 File Visible: - Signed: -

Status: -

 

Name: HIDPARSE.SYS

Image Path: G:\windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0xBA3C0000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: hidusb.sys

Image Path: G:\windows\system32\DRIVERS\hidusb.sys

Address: 0xB6290000 Size: 10368 File Visible: - Signed: -

Status: -

 

Name: HTTP.sys

Image Path: G:\windows\System32\Drivers\HTTP.sys

Address: 0xB38BD000 Size: 265728 File Visible: - Signed: -

Status: -

 

Name: imapi.sys

Image Path: G:\windows\system32\DRIVERS\imapi.sys

Address: 0xB960A000 Size: 42112 File Visible: - Signed: -

Status: -

 

Name: intelppm.sys

Image Path: G:\windows\system32\DRIVERS\intelppm.sys

Address: 0xB961A000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: ipnat.sys

Image Path: G:\windows\system32\DRIVERS\ipnat.sys

Address: 0xB4D6B000 Size: 152832 File Visible: - Signed: -

Status: -

 

Name: ipsec.sys

Image Path: G:\windows\system32\DRIVERS\ipsec.sys

Address: 0xB4DEA000 Size: 75264 File Visible: - Signed: -

Status: -

 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -

Status: -

 

Name: kbdclass.sys

Image Path: G:\windows\system32\DRIVERS\kbdclass.sys

Address: 0xBA4A0000 Size: 24576 File Visible: - Signed: -

Status: -

 

Name: kbdhid.sys

Image Path: G:\windows\system32\DRIVERS\kbdhid.sys

Address: 0xB6288000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: KDCOM.DLL

Image Path: G:\windows\system32\KDCOM.DLL

Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: kmixer.sys

Image Path: G:\windows\system32\drivers\kmixer.sys

Address: 0xB28A9000 Size: 172416 File Visible: - Signed: -

Status: -

 

Name: ks.sys

Image Path: G:\windows\system32\DRIVERS\ks.sys

Address: 0xB8F29000 Size: 143360 File Visible: - Signed: -

Status: -

 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xB9ED0000 Size: 92928 File Visible: - Signed: -

Status: -

 

Name: ManyCam.sys

Image Path: G:\windows\system32\DRIVERS\ManyCam.sys

Address: 0xBA480000 Size: 21632 File Visible: - Signed: -

Status: -

 

Name: mbr.sys

Image Path: G:\DOCUME~1\Ragewind\LOCALS~1\Temp\mbr.sys

Address: 0xBA438000 Size: 20864 File Visible: No Signed: -

Status: -

 

Name: mnmdd.SYS

Image Path: G:\windows\System32\Drivers\mnmdd.SYS

Address: 0xBA5EE000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: mouclass.sys

Image Path: G:\windows\system32\DRIVERS\mouclass.sys

Address: 0xBA4A8000 Size: 23040 File Visible: - Signed: -

Status: -

 

Name: mouhid.sys

Image Path: G:\windows\system32\DRIVERS\mouhid.sys

Address: 0xB6270000 Size: 12160 File Visible: - Signed: -

Status: -

 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -

Status: -

 

Name: mrxdav.sys

Image Path: G:\windows\system32\DRIVERS\mrxdav.sys

Address: 0xB413C000 Size: 180608 File Visible: - Signed: -

Status: -

 

Name: mrxsmb.sys

Image Path: G:\windows\system32\DRIVERS\mrxsmb.sys

Address: 0xB4C4C000 Size: 455680 File Visible: - Signed: -

Status: -

 

Name: Msfs.SYS

Image Path: G:\windows\System32\Drivers\Msfs.SYS

Address: 0xBA3D0000 Size: 19072 File Visible: - Signed: -

Status: -

 

Name: msgpc.sys

Image Path: G:\windows\system32\DRIVERS\msgpc.sys

Address: 0xBA168000 Size: 35072 File Visible: - Signed: -

Status: -

 

Name: mssmbios.sys

Image Path: G:\windows\system32\DRIVERS\mssmbios.sys

Address: 0xB9DC8000 Size: 15488 File Visible: - Signed: -

Status: -

 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xB9DFC000 Size: 105344 File Visible: - Signed: -

Status: -

 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xB9E16000 Size: 182656 File Visible: - Signed: -

Status: -

 

Name: ndistapi.sys

Image Path: G:\windows\system32\DRIVERS\ndistapi.sys

Address: 0xB9DD4000 Size: 10112 File Visible: - Signed: -

Status: -

 

Name: ndisuio.sys

Image Path: G:\windows\system32\DRIVERS\ndisuio.sys

Address: 0xB4864000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: ndiswan.sys

Image Path: G:\windows\system32\DRIVERS\ndiswan.sys

Address: 0xB8C6C000 Size: 91520 File Visible: - Signed: -

Status: -

 

Name: NDProxy.SYS

Image Path: G:\windows\System32\Drivers\NDProxy.SYS

Address: 0xBA1D8000 Size: 40576 File Visible: - Signed: -

Status: -

 

Name: netbios.sys

Image Path: G:\windows\system32\DRIVERS\netbios.sys

Address: 0xBA278000 Size: 34688 File Visible: - Signed: -

Status: -

 

Name: netbt.sys

Image Path: G:\windows\system32\DRIVERS\netbt.sys

Address: 0xB4D09000 Size: 162816 File Visible: - Signed: -

Status: -

 

Name: Npfs.SYS

Image Path: G:\windows\System32\Drivers\Npfs.SYS

Address: 0xBA3D8000 Size: 30848 File Visible: - Signed: -

Status: -

 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9E43000 Size: 574976 File Visible: - Signed: -

Status: -

 

Name: ntkrnlpa.exe

Image Path: G:\windows\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: Null.SYS

Image Path: G:\windows\System32\Drivers\Null.SYS

Address: 0xBA756000 Size: 2944 File Visible: - Signed: -

Status: -

 

Name: nv4_disp.dll

Image Path: G:\windows\System32\nv4_disp.dll

Address: 0xBF012000 Size: 6189056 File Visible: - Signed: -

Status: -

 

Name: nv4_mini.sys

Image Path: G:\windows\system32\DRIVERS\nv4_mini.sys

Address: 0xB8FAC000 Size: 6280416 File Visible: - Signed: -

Status: -

 

Name: parport.sys

Image Path: G:\windows\system32\DRIVERS\parport.sys

Address: 0xB8D65000 Size: 80128 File Visible: - Signed: -

Status: -

 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xBA330000 Size: 19712 File Visible: - Signed: -

Status: -

 

Name: ParVdm.SYS

Image Path: G:\windows\System32\Drivers\ParVdm.SYS

Address: 0xBA60E000 Size: 6784 File Visible: - Signed: -

Status: -

 

Name: pci.sys

Image Path: pci.sys

Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -

Status: -

 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xBA670000 Size: 3328 File Visible: - Signed: -

Status: -

 

Name: PCIIDEX.SYS

Image Path: G:\windows\system32\DRIVERS\PCIIDEX.SYS

Address: 0xBA328000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: point32.sys

Image Path: G:\windows\system32\DRIVERS\point32.sys

Address: 0xBA408000 Size: 21760 File Visible: - Signed: -

Status: -

 

Name: portcls.sys

Image Path: G:\windows\system32\drivers\portcls.sys

Address: 0xB8D79000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: PROCEXP113.SYS

Image Path: G:\windows\system32\Drivers\PROCEXP113.SYS

Address: 0xBA620000 Size: 7872 File Visible: No Signed: -

Status: -

 

Name: psched.sys

Image Path: G:\windows\system32\DRIVERS\psched.sys

Address: 0xB8C5B000 Size: 69120 File Visible: - Signed: -

Status: -

 

Name: ptilink.sys

Image Path: G:\windows\system32\DRIVERS\ptilink.sys

Address: 0xBA490000 Size: 17792 File Visible: - Signed: -

Status: -

 

Name: rasacd.sys

Image Path: G:\windows\system32\DRIVERS\rasacd.sys

Address: 0xB8ABC000 Size: 8832 File Visible: - Signed: -

Status: -

 

Name: rasl2tp.sys

Image Path: G:\windows\system32\DRIVERS\rasl2tp.sys

Address: 0xB95AA000 Size: 51328 File Visible: - Signed: -

Status: -

 

Name: raspppoe.sys

Image Path: G:\windows\system32\DRIVERS\raspppoe.sys

Address: 0xBA148000 Size: 41472 File Visible: - Signed: -

Status: -

 

Name: raspptp.sys

Image Path: G:\windows\system32\DRIVERS\raspptp.sys

Address: 0xBA158000 Size: 48384 File Visible: - Signed: -

Status: -

 

Name: raspti.sys

Image Path: G:\windows\system32\DRIVERS\raspti.sys

Address: 0xBA498000 Size: 16512 File Visible: - Signed: -

Status: -

 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

 

Name: rdbss.sys

Image Path: G:\windows\system32\DRIVERS\rdbss.sys

Address: 0xB4CBC000 Size: 175744 File Visible: - Signed: -

Status: -

 

Name: RDPCDD.sys

Image Path: G:\windows\System32\DRIVERS\RDPCDD.sys

Address: 0xBA5F0000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: redbook.sys

Image Path: G:\windows\system32\DRIVERS\redbook.sys

Address: 0xB95EA000 Size: 57600 File Visible: - Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: G:\windows\system32\drivers\rootrepeal.sys

Address: 0xB375D000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: Rtenicxp.sys

Image Path: G:\windows\system32\DRIVERS\Rtenicxp.sys

Address: 0xB8F0F000 Size: 105088 File Visible: - Signed: -

Status: -

 

Name: RtkHDAud.sys

Image Path: G:\windows\system32\drivers\RtkHDAud.sys

Address: 0xB62B4000 Size: 4919296 File Visible: - Signed: -

Status: -

 

Name: RVIEg01.sys

Image Path: G:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys

Address: 0xB3FFC000 Size: 160448 File Visible: - Signed: -

Status: -

 

Name: SCSIPORT.SYS

Image Path: G:\windows\system32\DRIVERS\SCSIPORT.SYS

Address: 0xB9F19000 Size: 98304 File Visible: - Signed: -

Status: -

 

Name: serenum.sys

Image Path: G:\windows\system32\DRIVERS\serenum.sys

Address: 0xB9DD8000 Size: 15744 File Visible: - Signed: -

Status: -

 

Name: serial.sys

Image Path: G:\windows\system32\DRIVERS\serial.sys

Address: 0xB95CA000 Size: 64512 File Visible: - Signed: -

Status: -

 

Name: sr.sys

Image Path: sr.sys

Address: 0xB9EE7000 Size: 73472 File Visible: - Signed: -

Status: -

 

Name: srv.sys

Image Path: G:\windows\system32\DRIVERS\srv.sys

Address: 0xB3FA5000 Size: 354304 File Visible: - Signed: -

Status: -

 

Name: STREAM.SYS

Image Path: G:\windows\system32\DRIVERS\STREAM.SYS

Address: 0xB95BA000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: swenum.sys

Image Path: G:\windows\system32\DRIVERS\swenum.sys

Address: 0xBA5CE000 Size: 4352 File Visible: - Signed: -

Status: -

 

Name: sysaudio.sys

Image Path: G:\windows\system32\drivers\sysaudio.sys

Address: 0xBA298000 Size: 60800 File Visible: - Signed: -

Status: -

 

Name: tcpip.sys

Image Path: G:\windows\system32\DRIVERS\tcpip.sys

Address: 0xB4D91000 Size: 361600 File Visible: - Signed: -

Status: -

 

Name: TDI.SYS

Image Path: G:\windows\system32\DRIVERS\TDI.SYS

Address: 0xBA488000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: termdd.sys

Image Path: G:\windows\system32\DRIVERS\termdd.sys

Address: 0xBA178000 Size: 40704 File Visible: - Signed: -

Status: -

 

Name: ultra.sys

Image Path: ultra.sys

Address: 0xBA0D8000 Size: 36736 File Visible: - Signed: -

Status: -

 

Name: update.sys

Image Path: G:\windows\system32\DRIVERS\update.sys

Address: 0xB8BFD000 Size: 384768 File Visible: - Signed: -

Status: -

 

Name: usbaudio.sys

Image Path: G:\windows\system32\drivers\usbaudio.sys

Address: 0xBA2A8000 Size: 60032 File Visible: - Signed: -

Status: -

 

Name: usbccgp.sys

Image Path: G:\windows\system32\DRIVERS\usbccgp.sys

Address: 0xBA3E8000 Size: 32128 File Visible: - Signed: -

Status: -

 

Name: USBD.SYS

Image Path: G:\windows\system32\DRIVERS\USBD.SYS

Address: 0xBA5D6000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: usbehci.sys

Image Path: G:\windows\system32\DRIVERS\usbehci.sys

Address: 0xBA468000 Size: 30208 File Visible: - Signed: -

Status: -

 

Name: usbhub.sys

Image Path: G:\windows\system32\DRIVERS\usbhub.sys

Address: 0xBA218000 Size: 59520 File Visible: - Signed: -

Status: -

 

Name: USBPORT.SYS

Image Path: G:\windows\system32\DRIVERS\USBPORT.SYS

Address: 0xB8F74000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: usbprint.sys

Image Path: G:\windows\system32\DRIVERS\usbprint.sys

Address: 0xBA400000 Size: 25856 File Visible: - Signed: -

Status: -

 

Name: usbscan.sys

Image Path: G:\windows\system32\DRIVERS\usbscan.sys

Address: 0xB6294000 Size: 15104 File Visible: - Signed: -

Status: -

 

Name: USBSTOR.SYS

Image Path: G:\windows\system32\DRIVERS\USBSTOR.SYS

Address: 0xBA3F8000 Size: 26368 File Visible: - Signed: -

Status: -

 

Name: usbuhci.sys

Image Path: G:\windows\system32\DRIVERS\usbuhci.sys

Address: 0xBA460000 Size: 20608 File Visible: - Signed: -

Status: -

 

Name: vga.sys

Image Path: G:\windows\System32\drivers\vga.sys

Address: 0xBA3C8000 Size: 20992 File Visible: - Signed: -

Status: -

 

Name: VIDEOPRT.SYS

Image Path: G:\windows\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB8F98000 Size: 81920 File Visible: - Signed: -

Status: -

 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -

Status: -

 

Name: vsc.sys

Image Path: G:\windows\system32\DRIVERS\vsc.sys

Address: 0xB8C83000 Size: 924320 File Visible: - Signed: -

Status: -

 

Name: wanarp.sys

Image Path: G:\windows\system32\DRIVERS\wanarp.sys

Address: 0xBA268000 Size: 34560 File Visible: - Signed: -

Status: -

 

Name: watchdog.sys

Image Path: G:\windows\System32\watchdog.sys

Address: 0xBA418000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: wdmaud.sys

Image Path: G:\windows\system32\drivers\wdmaud.sys

Address: 0xB443F000 Size: 83072 File Visible: - Signed: -

Status: -

 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -

Status: -

 

Name: win32k.sys

Image Path: G:\windows\System32\win32k.sys

Address: 0xBF800000 Size: 1855488 File Visible: - Signed: -

Status: -

 

Name: WMILIB.SYS

Image Path: G:\windows\system32\DRIVERS\WMILIB.SYS

Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -

Status: -

Link to comment
Share on other sites

And here is the security check results...

 

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

AVG Free 9.0

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

````````````````````````````````

DNS Vulnerability Check:

nslookup.exe missing!

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

OK, here is the ESET scan results...

 

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

G:\Documents and Settings\Ragewind\Desktop\Old Hardrive\Tom's PC HD C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

G:\System Volume Information\_restore{7C788FC8-4B67-4D09-B863-FB6FA3525B75}\RP748\A0162381.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\System Volume Information\_restore{7C788FC8-4B67-4D09-B863-FB6FA3525B75}\RP748\A0162382.DLL a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

G:\System Volume Information\_restore{7C788FC8-4B67-4D09-B863-FB6FA3525B75}\RP748\A0162383.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\System Volume Information\_restore{7C788FC8-4B67-4D09-B863-FB6FA3525B75}\RP748\A0162384.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined

G:\System Volume Information\_restore{7C788FC8-4B67-4D09-B863-FB6FA3525B75}\RP748\A0162385.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Link to comment
Share on other sites

Everything looks good. If there are no further issues, it's time for some cleanup.

 

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type Combofix /uninstall in the runbox

* Make sure there's a space between Combofix and /Uninstall

* Then hit Enter

 

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

 

*********************************

Download OTC by OldTimer and save it to your desktop.

 

1. Double-click OTC to run it.

2. Click the CleanUp! button.

3. Select Yes when the "Begin cleanup Process?" prompt appears.

4. If you are prompted to Reboot during the cleanup, select Yes

5. OTC should delete itself once it finishes, if not delete it yourself.

 

************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

****************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

*************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Please run IOBit 360 again and post the log here for administration to check.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...