how-to block ads
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to Gemstone
Re: HJT Log: Virtumonde.prx??
Good job, that was a lot of infected entries and files.
I see you have Viewpoint installed...
Viewpoint Manager is considered to be foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change though, please read this article:
»www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/remove Programs and remove the following programs if present:
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
Reboot afterwards. -- Important!
If you chose to uninstall Viewpoint, after rebooting, using Windows Explorer delete the following folder if still there:
E:\Program Files\Viewpoint
Please run Notepad and paste the following text in the Code box into a new file:
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. A window will open and quickly close.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options remove found threats and the option Scan unwanted applications is checked
- Click Scan
Wait for the scan to finish
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
Please post a new HijackThis log, the log from ESET's online scan, and note any errors encountered.
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| OK... Thanks... You are awesome...
The only Viewpoint entry in my Add/remove programs was "Viewpoint Media Player"... So I did an uninstall on that... I then re-booted and opened Windows Explorer and found a Viewpoint folder... I right-clicked and clicked delete but I get a message saying the following: "Cannot delete Viewpointservice.exe: Access is denied"...
What's up with that?
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Please run Notepad and copy the following text into a new file:
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.
Restart your system. You should now be able to delete the folder.
Please post a new HijackThis log, and note any errors encountered.
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| OK... I was able to remove the Viewpoint folder after running your batch file program... I also ran your "fix.reg" program... Please tell me what 'fix.reg' did??... I rebooted and encountered no errors... I have not yet run the online ESET scanner... When I ran that yesterday it took 8 hours... Here is a fresh HijackThis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:57 AM, on 1/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
E:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Lexmark X6100 Series] "E:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = E:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - »machinedesign.partcommunity.com/···eb3d.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - »pointa.autodesk.com/portal/lang/···rChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\Autodesk\MDT6\AcDcToday.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - »www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\Autodesk\MDT6\InstBanr.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - »https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - »pointa.autodesk.com/portal/lang/···Fred.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\Autodesk\MDT6\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - E:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - E:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 8462 bytes
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Fix.red removed a possible malware loading point, and remove.bat stopped and removed the Viewpoint service that was preventing removing the associated file and folder.
Everything looks good. I would run the scanner a second time after the amount of items that were previously removed to be certain that it's clean this time. Try starting it at night, and letting it run overnight.
Create a Restore Point
•Go to Start > Programs > Accessories > System Tools > System Restore
•Select Create a Restore Point and then Next.
•In the box for "Restore point description", enter a descriptive name and press Create
•When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
•Go to Start > Run and type the below line:
cleanmgr
•Click OK
•If you have more than one drive, select the drive Windows is installed on
•Click OK
•When Disk Cleanup opens, select the More Options tab
•In the System Restore section (bottom of window), click Cleanup
•In the confirmation window that opens, click Yes[
Now click on the Disk Cleanup tab and select the following items:
•Downloaded Program Files
•Temporary Internet Files
•Recycle Bin
•Temporary Files
Click OK
in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955
Does your problem appear resolved?
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| Restore point created...
Disk Cleanup done...
My normal virus/malware protection has been AVG updating and scanning every night and on a weekly basis running Spybot... As of this morning I downloaded SpywareBlaster and enabled all protection... Yes, my problems seem resolved... Thanks sooooo much!!!
One more question, if I may... I use a USB memory stick to hold CAD files from my work PC to my home PC... I use it everyday... Could something bad be on the memory stick??... Can it be selectively scanned??... (I have posted this same question in the security forum...)
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Yes, USB flash drives can be a major source of infection for viruses/worms that use that mechanism to spread.
The fastest spreading virus/worm at the moment uses that as one of the methods it spreads. See this URL:
»www.pcworld.com/article/157876/p···orm.html
Some workplaces (like mine) have a policy in place that all USB ports are turned off to prevent their use, and prohibits the use of outside media to protect their systems.
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| said by TheJoker  :Yes, USB flash drives can be a major source of infection for viruses/worms that use that mechanism to spread. The fastest spreading virus/worm at the moment uses that as one of the methods it spreads. See this URL: » www.pcworld.com/article/157876/p···orm.htmlSome workplaces (like mine) have a policy in place that all USB ports are turned off to prevent their use, and prohibits the use of outside media to protect their systems. Makes sense... I plugged in my USB drive and right-clicked it in Windows Explorer... There is an option to scan it using the MalwareBytes program... I scanned it and MalwareBytes found it to be clean...
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| The problem is that with an infected USB device is that if Autorun is enabled on your system, the infected file can execute as soon as the device is inserted, and it then infects your system if your antivirus does not detect and prevent the infected file from running.
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| said by TheJoker :The problem is that with an infected USB device is that if Autorun is enabled on your system, the infected file can execute as soon as the device is inserted, and it then infects your system if your antivirus does not detect and prevent the infected file from running. Apparently as part of the procedures you walked me thru yesterday "autorun" was disabled... I say that because when I plug in the USB drive today the U3 SanDisk junk does not launch...
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| That's correct. It's one of the biggest infection vectors that people simply do not know about, and as a security measure, when your system was scanned that insecure feature was turned off. It doesn't prevent anything run running, you simply need to intentionally start it, such as from Windows Explorer, rather than having any program (or possibly a virus) autorun when inserting the device. Imagine if software on a floppy drive were to execute each time the disc was inserted. When floppy drives were more common, they were one of the big infection vectors; by leaving a disc with an infected boot sector in the drive and turning the system off, when the system was powered back on, it would infect the hard drive because code in the infected floppy boot sector would execute, even if the floppy was not bootable.
--
Proud ASAP member since 2005 | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA | reply to Gemstone
You may want to read this article:
»en.wikipedia.org/wiki/Autorun#Al···ehaviour
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY | reply to TheJoker
Excellent... I'm a control freak engineer so having to launch stuff manually works well for me!...
--
Go Mark Martin! | |
Gemstone
join:2000-12-20
Babylon, NY
| reply to TheJoker
Is this Vundo trojan back again?!?!... Last evening the AVG scan was clean (Saturday night)... My wife was on the "Facebook" website on Sunday... And now during the Sunday night scan I see this... What do you think??
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Facebook is one of the easier places to get infected as it's targeted relentlessly. All you have to do is click on a link someone has left, a video, an ad, or even a notice that says you need to update a program (such as Flash) to view something. If that happens, don't believe it, don't click there, and instead go to the author's site so see if the program needs an update. Many of the ads take advantage of exploits hat Microsoft may have patched, so if you don't have all the Windows updates installed, you are vulnerable. To make yourself less vulnerable, browse with Firefox instead of Internet Explorer, and if at Facebook, I would only go there if I was running the add-on NoScript. Somethings won't run, but yo will be safer.
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Download ComboFix© by sUBs from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Familiarize yourself with ComboFix before running it:
»www.bleepingcomputer.com/combofi···combofix
- Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
- Double click on ComboFix.exe & follow the prompts. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.
Please post a new HijackThis log, the log from MBAM, the log from ComboFix (combofix.txt), and note any errors encountered.
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| OK... I am at work now so I will run those scans again this afternoon and post back... I am aware of the problems on those social networking sites and I am up-to-date on all Windows updates... I have Mozilla Firefox installed and I must get my wife to start using Firefox instead of IE... Can you elaborate a little more on the NoScript "add-on"... Once again, I do appreciate your excellent help and I hope others are getting educated by reading thru this whole thread...
--
Go Mark Martin! | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| You can find FireFox Add-ons here:
»https://addons.mozilla.org/en-US/firefox
NoScript is under the Privacy and Security category. It prevents JavaScript, Java and other executable content from running on a site unless you approve it for that site (for instance, if a site you trust doesn't appear correctly, or something isn't working properly, such as ordering something. Facebook (or any social networking site) is a site that I would not allow scripts to run on. Adblock Plus might be another ad-on to consider, as many infections are the result of the ads on some sites (sites sometimes contract out banner ads to a service, and the service porvides the ads with the site having very little if any control over what ads show up).
--
Proud ASAP member since 2005 | |
Gemstone
join:2000-12-20
Babylon, NY
| OK, scans run again and here they are:
1. HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:45 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
E:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\imapi.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Lexmark X6100 Series] "E:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = E:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - »machinedesign.partcommunity.com/···eb3d.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - »pointa.autodesk.com/portal/lang/···rChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\Program Files\Autodesk\MDT6\AcDcToday.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - »www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\Program Files\Autodesk\MDT6\InstBanr.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - »https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - »pointa.autodesk.com/portal/lang/···Fred.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\Program Files\Autodesk\MDT6\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - E:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - E:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - E:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 8477 bytes
2.MBAM log:
Malwarebytes' Anti-Malware 1.33
Database version: 1668
Windows 5.1.2600 Service Pack 2
1/19/2009 5:43:42 PM
mbam-log-2009-01-19 (17-43-42).txt
Scan type: Quick Scan
Objects scanned: 63017
Time elapsed: 6 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3. ComboFix log:
ComboFix 09-01-19.03 - Robert Diamond 2009-01-19 17:48:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.611 [GMT -5:00]
Running from: e:\documents and settings\Robert Diamond\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-17 20:58 . 2009-01-17 20:58 d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:58 . 2009-01-17 20:58 d-------- e:\documents and settings\Robert Diamond\Application Data\Malwarebytes
2009-01-17 20:58 . 2009-01-17 20:58 d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 20:58 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 20:58 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-17 20:51 . 2009-01-17 20:52 d-------- E:\FixPolicies
2009-01-17 12:05 . 2009-01-17 20:30 d-------- e:\program files\EsetOnlineScanner
2009-01-17 11:41 . 2009-01-17 11:41 d-------- E:\VundoFix Backups
2009-01-17 11:33 . 2009-01-17 11:33 410,984 --a------ e:\windows\system32\deploytk.dll
2009-01-17 11:33 . 2009-01-17 11:33 73,728 --a------ e:\windows\system32\javacpl.cpl
2009-01-16 19:13 . 2009-01-18 12:10 d-------- e:\program files\SpywareBlaster
2008-12-26 10:48 . 2009-01-18 16:38 d-------- e:\program files\DNA
2008-12-26 10:48 . 2008-12-26 10:48 d-------- e:\program files\BitTorrent
2008-12-26 10:48 . 2009-01-19 17:51 d-------- e:\documents and settings\Robert Diamond\Application Data\DNA
2008-12-26 10:48 . 2008-12-26 12:28 d-------- e:\documents and settings\Robert Diamond\Application Data\BitTorrent
2008-12-25 13:19 . 2008-12-25 13:19 d-------- e:\program files\Lavasoft
2008-12-25 13:18 . 2008-12-25 13:18 d-------- e:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 22:46 --------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-01-19 16:27 --------- d-----w e:\documents and settings\All Users\Application Data\avg7
2009-01-19 12:58 --------- d-----w e:\documents and settings\All Users\Application Data\Google Updater
2009-01-18 21:33 --------- d-----w e:\program files\Creative
2009-01-18 02:37 --------- d-----w e:\program files\Common
2009-01-17 16:32 --------- d-----w e:\program files\Java
2009-01-17 00:12 --------- d-----w e:\documents and settings\Robert Diamond\Application Data\U3
2009-01-11 23:37 --------- d-----w e:\documents and settings\All Users\Application Data\pdf995
2009-01-04 01:38 --------- d-----w e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 22:41 --------- d-----w e:\documents and settings\Robert Diamond\Application Data\AdobeUM
2009-01-02 02:54 --------- d-----w e:\program files\CCleaner
2008-12-11 11:57 333,184 ----a-w e:\windows\system32\drivers\srv.sys
2008-12-11 01:11 --------- d-----w e:\program files\CWShredder
2008-12-10 23:58 --------- d-----w e:\program files\Trend Micro
2008-12-10 23:56 --------- d-----w e:\program files\Hijack This
2008-12-10 23:16 --------- d-----w e:\program files\Google
2008-10-23 13:01 283,648 ----a-w e:\windows\system32\gdi32.dll
2008-04-05 19:48 32 ----a-w e:\documents and settings\All Users\Application Data\ezsid.dat
2006-09-25 18:43 6,253,518 ----a-w e:\program files\COM_SE~1.cab
2006-09-25 18:43 584 ----a-w e:\program files\Solid Edge 2D Drafting V19.pdf
2006-09-25 18:43 2,188,992 ----a-w e:\program files\Solid Edge 2D Drafting V19.msi
2006-09-25 18:43 2,092 ----a-w e:\program files\Setup.ini
2006-09-25 18:42 83 ----a-w e:\program files\PROGRA~1.cab
2006-09-25 18:42 80,083 ----a-w e:\program files\Schema~1.cab
2006-09-25 18:42 7,282,232 ----a-w e:\program files\ResDLLs.cab
2006-09-25 18:42 4,974,915 ----a-w e:\program files\ADDINS.cab
2006-09-25 18:42 4,776 ----a-w e:\program files\ReadmeSE.cab
2006-09-25 18:42 3,905,516 ----a-w e:\program files\System~1.cab
2006-09-25 18:42 152,528,661 ----a-w e:\program files\DLLS.cab
2006-09-25 18:42 147 ----a-w e:\program files\English.cab
2006-09-25 18:42 145 ----a-w e:\program files\Metric.cab
2006-09-25 18:42 117,777 ----a-w e:\program files\Tutor.cab
2006-09-25 18:42 11,512 ----a-w e:\program files\EXECUT~2.cab
2006-09-25 18:39 748,382 ----a-w e:\program files\Fonts.cab
2006-09-25 18:39 613,827 ----a-w e:\program files\TYPELIBS.cab
2006-09-25 18:39 6,868 ----a-w e:\program files\EXECUT~1.cab
2006-09-25 18:39 34,415,541 ----a-w e:\program files\HelpFi~1.cab
2006-09-25 18:39 187,725 ----a-w e:\program files\Tutori~1.cab
2006-09-25 18:39 1,425,502 ----a-w e:\program files\Templa~1.cab
2006-09-25 18:37 12,922 ----a-w e:\program files\Readme.htm
2006-08-23 12:52 813,568 ----a-w e:\program files\Sentinel System Driver 5.41.1 (32-bit).msi
2006-08-23 12:52 421,350 ----a-w e:\program files\Data1.cab
2005-11-14 07:26 1,001,472 ----a-w e:\program files\ISScript1150.Msi
2005-11-14 03:49 5,693 ----a-w e:\program files\[u]0[/u]x0409.ini
2005-11-14 03:44 1,822,520 ----a-w e:\program files\instmsiw.exe
2005-11-14 03:44 1,708,856 ----a-w e:\program files\instmsia.exe
2004-10-01 20:00 40,960 ----a-w e:\program files\Uninstall_CDS.exe
2008-11-15 02:58 67,696 ----a-w e:\program files\mozilla firefox\components\jar50.dll
2008-11-15 02:58 54,376 ----a-w e:\program files\mozilla firefox\components\jsd3250.dll
2008-11-15 02:58 34,952 ----a-w e:\program files\mozilla firefox\components\myspell.dll
2008-11-15 02:58 46,720 ----a-w e:\program files\mozilla firefox\components\spellchk.dll
2008-11-15 02:58 172,144 ----a-w e:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 09:06 163,328 --sh--r e:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r e:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r e:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-17_21.49.29.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-09 22:35:30 20,853,704 ----a-w e:\windows\system32\MRT.exe
+ 2009-01-18 21:39:11 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_4a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="e:\program files\DNA\btdna.exe" [2008-12-26 342848]
"updateMgr"="e:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"AVG7_CC"="e:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-16 590848]
"LVCOMSX"="e:\windows\System32\LVCOMSX.EXE" [2005-07-19 221184]
"Lexmark X6100 Series"="e:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"SoundMan"="SOUNDMAN.EXE" [2005-04-14 e:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="e:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
e:\documents and settings\Robert Diamond\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - e:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\WINDOWS\\system32\\fxsclnt.exe"=
"e:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"e:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\VPN\\zebedee.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\TightVNC\\vncviewer.exe"=
R4 osaio;osaio;e:\windows\system32\drivers\osaio.sys [2006-02-11 7296]
S0 viasraid;viasraid;e:\windows\system32\DRIVERS\viasraid.sys --> e:\windows\system32\DRIVERS\viasraid.sys [?]
S3 aliroothub;USB 2.0 Root Hub;e:\windows\system32\drivers\AliRtHub.sys [2006-02-11 5337]
S4 ALIEHCD;ALi PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\AliEhci.sys [2006-02-11 104088]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://machinedesign.partcommunity.com/PARTcommunity/cnsViewer3D/cnsweb3d.cab
FF - ProfilePath - e:\documents and settings\Robert Diamond\Application Data\Mozilla\Firefox\Profiles\kxxu304u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: e:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19);user_pref(general.useragent.extra.zencast, .
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-01-19 17:52:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-19 17:55:21
ComboFix-quarantined-files.txt 2009-01-19 22:54:25
ComboFix2.txt 2009-01-18 02:51:22
Pre-Run: 83,869,392,896 bytes free
Post-Run: 83,923,701,760 bytes free
168 --- E O F --- 2009-01-18 20:15:30
How does it look???
--
Go Mark Martin! | |
-
|
