Jump to content
Sign in to follow this  
WillM

Help with TDSServ infection

Recommended Posts

WillM,

 

If you would please, download a fresh copy of ComboFix from here, saving the file to your desktop.

 

 

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by Owner at 2008-11-15 17:12:12

Microsoft® Windows Vista™ Home Premium

System drive C: has 45 GB (64%) free of 71 GB

Total RAM: 2038 MB (59% free)

 

HijackThis download failed

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

{DE9C389F-3316-41A7-809B-AA305ED9D922}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-28 4390912]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-22 815104]

"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-08-16 1655552]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56031d16-705f-11dc-8938-0016d4dddd7e}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 1 months======

 

2008-11-15 17:12:12 ----D---- C:\rsit

2008-11-15 17:08:10 ----D---- C:\Windows\temp

2008-11-15 17:08:09 ----A---- C:\ComboFix.txt

2008-11-15 17:01:27 ----A---- C:\Windows\zip.exe

2008-11-15 17:01:27 ----A---- C:\Windows\VFIND.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWXCACLS.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWSC.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWREG.exe

2008-11-15 17:01:27 ----A---- C:\Windows\sed.exe

2008-11-15 17:01:27 ----A---- C:\Windows\NIRCMD.exe

2008-11-15 17:01:27 ----A---- C:\Windows\grep.exe

2008-11-15 17:01:27 ----A---- C:\Windows\fdsv.exe

2008-11-15 00:30:34 ----A---- C:\avenger.txt

2008-11-15 00:14:24 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes

2008-11-15 00:14:18 ----D---- C:\ProgramData\Malwarebytes

2008-11-15 00:14:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-12 23:02:38 ----D---- C:\Windows\ERDNT

2008-11-12 23:02:38 ----D---- C:\Qoobox

2008-11-12 23:02:38 ----D---- C:\Combo-Fix

2008-11-12 22:22:46 ----A---- C:\Users\Owner\AppData\Roaming\SetValue.bat

2008-11-12 22:22:45 ----A---- C:\Windows\system32\tmp.txt

2008-11-12 22:22:45 ----A---- C:\Users\Owner\AppData\Roaming\GetValue.vbs

2008-11-12 22:21:53 ----A---- C:\rapport.txt

2008-11-12 09:20:26 ----D---- C:\Program Files\trend micro

2008-11-12 09:08:06 ----A---- C:\Windows\ntbtlog.txt

2008-11-11 11:49:44 ----A---- C:\Windows\gmer.ini

2008-11-11 11:49:25 ----A---- C:\Windows\gmer_uninstall.cmd

2008-11-11 11:49:25 ----A---- C:\Windows\gmer.dll

2008-11-11 11:49:24 ----A---- C:\Windows\gmer.exe

2008-11-10 21:23:06 ----D---- C:\HiJackThis

2008-11-06 23:01:41 ----D---- C:\Users\Owner\AppData\Roaming\Real

2008-10-17 21:35:54 ----A---- C:\Windows\system32\winipsec.dll

2008-10-17 21:35:54 ----A---- C:\Windows\system32\polstore.dll

2008-10-17 21:35:54 ----A---- C:\Windows\system32\IPSECSVC.DLL

2008-10-17 21:35:54 ----A---- C:\Windows\system32\FwRemoteSvr.dll

2008-10-17 21:33:55 ----A---- C:\Windows\system32\shell32.dll

2008-10-17 21:32:49 ----A---- C:\Windows\system32\tzres.dll

2008-10-17 21:31:46 ----A---- C:\Windows\system32\es.dll

2008-10-17 21:31:18 ----A---- C:\Windows\system32\wmpeffects.dll

2008-10-17 21:29:40 ----A---- C:\Windows\system32\NlsLexicons0046.dll

2008-10-17 21:29:40 ----A---- C:\Windows\system32\NlsLexicons0045.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0049.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0047.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0020.dll

2008-10-17 21:29:38 ----A---- C:\Windows\system32\NlsLexicons0039.dll

2008-10-17 21:29:38 ----A---- C:\Windows\system32\NlsLexicons0021.dll

2008-10-17 21:29:37 ----A---- C:\Windows\system32\NlsLexicons0022.dll

2008-10-17 21:29:36 ----A---- C:\Windows\system32\NlsLexicons0024.dll

2008-10-17 21:29:34 ----A---- C:\Windows\system32\NlsLexicons0026.dll

2008-10-17 21:29:33 ----A---- C:\Windows\system32\NlsLexicons0027.dll

2008-10-17 21:29:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll

2008-10-17 21:29:32 ----A---- C:\Windows\system32\NlsLexicons0011.dll

2008-10-17 21:29:31 ----A---- C:\Windows\system32\NlsLexicons0013.dll

2008-10-17 21:29:30 ----A---- C:\Windows\system32\NlsLexicons0018.dll

2008-10-17 21:29:29 ----A---- C:\Windows\system32\NlsLexicons0019.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0003.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0002.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0001.dll

2008-10-17 21:29:26 ----A---- C:\Windows\system32\NlsLexicons0007.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons004b.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons004a.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons0009.dll

2008-10-17 21:29:24 ----A---- C:\Windows\system32\NlsLexicons004c.dll

2008-10-17 21:29:23 ----A---- C:\Windows\system32\NlsLexicons004e.dll

2008-10-17 21:29:22 ----A---- C:\Windows\system32\NlsLexicons003e.dll

2008-10-17 21:29:22 ----A---- C:\Windows\system32\NlsLexicons002a.dll

2008-10-17 21:29:21 ----A---- C:\Windows\system32\NlsLexicons001a.dll

2008-10-17 21:29:20 ----A---- C:\Windows\system32\NlsLexicons001b.dll

2008-10-17 21:29:18 ----A---- C:\Windows\system32\NlsLexicons001d.dll

2008-10-17 21:29:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll

2008-10-17 21:29:16 ----A---- C:\Windows\system32\NlsLexicons000c.dll

2008-10-17 21:29:15 ----A---- C:\Windows\system32\NlsLexicons000d.dll

2008-10-17 21:29:14 ----A---- C:\Windows\system32\NlsLexicons000f.dll

2008-10-17 21:29:13 ----A---- C:\Windows\system32\NlsLexicons0414.dll

2008-10-17 21:29:12 ----A---- C:\Windows\system32\NlsLexicons0816.dll

2008-10-17 21:29:12 ----A---- C:\Windows\system32\NlsLexicons0416.dll

2008-10-17 21:29:10 ----A---- C:\Windows\system32\NlsLexicons081a.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsModels0011.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsData0046.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsData0045.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0049.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0047.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0039.dll

2008-10-17 21:29:07 ----A---- C:\Windows\system32\NlsData0021.dll

2008-10-17 21:29:07 ----A---- C:\Windows\system32\NlsData0020.dll

2008-10-17 21:29:06 ----A---- C:\Windows\system32\NlsData0024.dll

2008-10-17 21:29:06 ----A---- C:\Windows\system32\NlsData0022.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0027.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0026.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0011.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0010.dll

2008-10-17 21:29:04 ----A---- C:\Windows\system32\NlsData0018.dll

2008-10-17 21:29:04 ----A---- C:\Windows\system32\NlsData0013.dll

2008-10-17 21:29:03 ----A---- C:\Windows\system32\NlsData0000.dll

2008-10-17 21:29:02 ----A---- C:\Windows\system32\NlsData0019.dll

2008-10-17 21:29:02 ----A---- C:\Windows\system32\NlsData0001.dll

2008-10-17 21:29:01 ----A---- C:\Windows\system32\NlsData0003.dll

2008-10-17 21:29:01 ----A---- C:\Windows\system32\NlsData0002.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData004a.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData0009.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData0007.dll

2008-10-17 21:28:59 ----A---- C:\Windows\system32\NlsData004c.dll

2008-10-17 21:28:59 ----A---- C:\Windows\system32\NlsData004b.dll

2008-10-17 21:28:58 ----A---- C:\Windows\system32\NlsData004e.dll

2008-10-17 21:28:58 ----A---- C:\Windows\system32\NlsData003e.dll

2008-10-17 21:28:57 ----A---- C:\Windows\system32\NlsData002a.dll

2008-10-17 21:28:57 ----A---- C:\Windows\system32\NlsData001a.dll

2008-10-17 21:28:56 ----A---- C:\Windows\system32\NlsData001b.dll

2008-10-17 21:28:55 ----A---- C:\Windows\system32\NlsData001d.dll

2008-10-17 21:28:54 ----A---- C:\Windows\system32\NlsData000a.dll

2008-10-17 21:28:53 ----A---- C:\Windows\system32\NlsData000d.dll

2008-10-17 21:28:53 ----A---- C:\Windows\system32\NlsData000c.dll

2008-10-17 21:28:52 ----A---- C:\Windows\system32\NlsData000f.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NlsData0416.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NlsData0414.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NaturalLanguage6.dll

2008-10-17 21:28:50 ----A---- C:\Windows\system32\NlsData081a.dll

2008-10-17 21:28:50 ----A---- C:\Windows\system32\NlsData0816.dll

2008-10-17 21:28:49 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll

2008-10-17 21:28:49 ----A---- C:\Windows\system32\NlsData0c1a.dll

2008-10-17 21:24:09 ----A---- C:\Windows\system32\srclient.dll

2008-10-17 21:24:09 ----A---- C:\Windows\system32\rstrui.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\winload.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\srdelayed.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\srcore.dll

2008-10-17 21:24:08 ----A---- C:\Windows\system32\kd1394.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\kbd106n.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\f3ahvoas.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\ci.dll

2008-10-17 21:21:44 ----A---- C:\Windows\system32\gdi32.dll

2008-10-17 21:21:18 ----A---- C:\Windows\system32\wshrm.dll

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnsrslvr.dll

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnscacheugc.exe

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnsapi.dll

2008-10-17 21:20:27 ----A---- C:\Windows\system32\INETRES.dll

2008-10-17 21:20:27 ----A---- C:\Windows\system32\inetcomm.dll

2008-10-17 21:20:02 ----A---- C:\Windows\system32\quartz.dll

2008-10-17 21:19:40 ----A---- C:\Windows\system32\poqexec.exe

2008-10-17 21:19:18 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-10-17 21:19:18 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-10-17 21:17:05 ----A---- C:\Windows\system32\ieapfltr.dll

2008-10-17 21:17:05 ----A---- C:\Windows\system32\advpack.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\wininet.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\jsproxy.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\dxtrans.dll

2008-10-17 21:17:03 ----A---- C:\Windows\system32\dxtmsft.dll

2008-10-17 21:17:02 ----A---- C:\Windows\system32\ieui.dll

2008-10-17 21:17:02 ----A---- C:\Windows\system32\ieframe.dll

2008-10-17 21:17:00 ----A---- C:\Windows\system32\mshtmled.dll

2008-10-17 21:16:59 ----A---- C:\Windows\system32\mshtml.dll

2008-10-17 21:16:57 ----A---- C:\Windows\system32\mstime.dll

2008-10-17 21:16:57 ----A---- C:\Windows\system32\icardie.dll

2008-10-17 21:16:53 ----A---- C:\Windows\system32\ieUnatt.exe

2008-10-17 21:16:52 ----A---- C:\Windows\system32\urlmon.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\pngfilt.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iesetup.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iertutil.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iernonce.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe

 

======List of files/folders modified in the last 1 months======

 

2008-11-15 17:08:13 ----D---- C:\Windows\System32

2008-11-15 17:08:10 ----D---- C:\Windows

2008-11-15 17:05:35 ----A---- C:\Windows\system.ini

2008-11-15 17:04:04 ----D---- C:\Windows\system32\drivers

2008-11-15 17:04:04 ----D---- C:\Program Files\Common Files

2008-11-15 17:04:03 ----D---- C:\Windows\AppPatch

2008-11-15 17:01:21 ----D---- C:\Windows\system32\en-US

2008-11-15 16:56:39 ----A---- C:\Windows\win.ini

2008-11-15 16:56:36 ----SHD---- C:\Windows\Installer

2008-11-15 16:56:36 ----HD---- C:\Config.Msi

2008-11-15 16:54:48 ----D---- C:\Windows\inf

2008-11-15 16:54:48 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-15 16:51:31 ----D---- C:\Program Files\Mozilla Firefox

2008-11-15 00:14:18 ----RD---- C:\Program Files

2008-11-15 00:14:18 ----HD---- C:\ProgramData

2008-11-14 09:26:02 ----D---- C:\Windows\system32\config

2008-11-12 19:24:28 ----D---- C:\Windows\system32\catroot2

2008-11-12 09:04:13 ----D---- C:\Windows\pss

2008-11-10 21:45:12 ----D---- C:\Windows\Prefetch

2008-11-06 23:01:25 ----D---- C:\Program Files\JetAudio

2008-10-22 16:01:18 ----D---- C:\Windows\system32\LogFiles

2008-10-17 22:02:20 ----D---- C:\Windows\system32\catroot

2008-10-17 22:02:00 ----D---- C:\Windows\winsxs

2008-10-17 22:01:43 ----ASH---- C:\Program Files\desktop.ini

2008-10-17 22:01:38 ----D---- C:\Windows\rescache

2008-10-17 21:56:37 ----D---- C:\Windows\system32\migration

2008-10-17 21:56:37 ----D---- C:\Program Files\Internet Explorer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2008-08-16 85008]

R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2008-08-16 25104]

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]

R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]

R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]

R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2006-12-26 817968]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]

R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-24 62208]

R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-24 42240]

R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-24 76928]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]

R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-08-16 73232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]

R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-10 6144]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-09 82432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-22 179896]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2006-11-02 11264]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-18 534016]

S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-18 534016]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-11 85969]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]

R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-08-16 519936]

R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]

R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]

R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 24576]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]

R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

 

------------------------------------------------------------------------

 

 

info.txt logfile of random's system information tool 1.04 2008-11-15 17:12:18

 

======Uninstall list======

 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall

Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe

Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL

Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly

Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly

Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly

Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly

Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly

Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly

Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI

Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly

Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x0009 -removeonly

Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv

Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe

Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

AIM 6-->C:\Program Files\AIM6\uninst.exe

Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u

COWON Media Center - jetAudio Plus VX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly

Creative Element Power Tools-->C:\Program Files\Creative Element Power Tools\uninstall.exe

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

ESET NOD32 Antivirus-->MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}

ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\ffdshow\unins000.exe"

GTK+ Runtime 2.10.13 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf

HijackThis 2.0.2-->"G:\HijackThis.exe" /uninstall

HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat

HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}

Java 2 Runtime Environment, SE v1.4.1_07-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\setup.exe" Anytext

Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"

Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MATLAB R2008a-->C:\Program Files\MATLAB\R2008a\uninstall\uninstall.exe C:\Program Files\MATLAB\R2008a\

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall

QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\

QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

SimCity 4-->C:\Program Files\Maxis\SimCity 4\EAUninstall.exe

SMSC Fast Infrared Driver-->C:\Program Files\InstallShield Installation Information\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\setup.exe -runfromtemp -l0x0009 -removeonly

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

 

======Security center information======

 

FW: COMODO Firewall Pro

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0f02

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

ComboFix 08-11-13.02 - Owner 2008-11-15 17:02:16.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1348 [GMT -8:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\x64

 

.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))

.

 

2008-11-15 00:14 . 2008-11-15 00:14 <DIR> d-------- c:\users\Owner\AppData\Roaming\Malwarebytes

2008-11-15 00:14 . 2008-11-15 00:14 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-15 00:14 . 2008-11-15 00:14 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-15 00:14 . 2008-11-15 00:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-15 00:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-15 00:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-14 21:16 . 2008-11-14 21:16 870,706 --------- C:\Qoobox.zip

2008-11-12 23:02 . 2008-11-12 23:02 <DIR> d-------- C:\Combo-Fix

2008-11-12 22:22 . 2008-11-12 22:22 1,466 --a------ c:\windows\System32\tmp.reg

2008-11-12 22:22 . 2008-11-12 22:22 691 --a------ c:\users\Owner\AppData\Roaming\GetValue.vbs

2008-11-12 22:22 . 2008-11-12 22:22 35 --a------ c:\users\Owner\AppData\Roaming\SetValue.bat

2008-11-12 09:20 . 2008-11-12 09:21 <DIR> d-------- C:\rsit

2008-11-12 09:20 . 2008-11-12 09:20 <DIR> d-------- c:\program files\trend micro

2008-11-11 11:49 . 2008-11-12 18:40 250 --a------ c:\windows\gmer.ini

2008-11-10 21:23 . 2008-11-11 11:41 <DIR> d-------- C:\HiJackThis

2008-11-09 16:07 . 2008-11-10 10:23 527 --a------ c:\windows\System32\TDSSxdxd.dat

2008-10-17 21:35 . 2008-10-17 21:35 361,984 --a------ c:\windows\System32\IPSECSVC.DLL

2008-10-17 21:35 . 2008-10-17 21:35 272,896 --a------ c:\windows\System32\polstore.dll

2008-10-17 21:35 . 2008-10-17 21:35 61,440 --a------ c:\windows\System32\winipsec.dll

2008-10-17 21:35 . 2008-10-17 21:35 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll

2008-10-17 21:32 . 2008-10-17 21:32 2,048 --a------ c:\windows\System32\tzres.dll

2008-10-17 21:31 . 2008-10-17 21:31 303,616 --a------ c:\windows\System32\wmpeffects.dll

2008-10-17 21:31 . 2008-10-17 21:31 268,800 --a------ c:\windows\System32\es.dll

2008-10-17 21:30 . 2008-10-17 21:30 2,027,520 --a------ c:\windows\System32\win32k.sys

2008-10-17 21:28 . 2008-10-17 21:28 9,845,248 --a------ c:\windows\System32\NlsData000a.dll

2008-10-17 21:24 . 2008-10-17 21:24 944,184 --a------ c:\windows\System32\winload.exe

2008-10-17 21:24 . 2008-10-17 21:24 620,088 --a------ c:\windows\System32\ci.dll

2008-10-17 21:24 . 2008-10-17 21:24 371,712 --a------ c:\windows\System32\srcore.dll

2008-10-17 21:24 . 2008-10-17 21:24 313,856 --a------ c:\windows\System32\rstrui.exe

2008-10-17 21:24 . 2008-10-17 21:24 40,960 --a------ c:\windows\System32\srclient.dll

2008-10-17 21:24 . 2008-10-17 21:24 19,000 --a------ c:\windows\System32\kd1394.dll

2008-10-17 21:24 . 2008-10-17 21:24 16,384 --a------ c:\windows\System32\srdelayed.exe

2008-10-17 21:24 . 2008-10-17 21:24 7,168 --a------ c:\windows\System32\f3ahvoas.dll

2008-10-17 21:24 . 2008-10-17 21:24 6,656 --a------ c:\windows\System32\kbd106n.dll

2008-10-17 21:22 . 2008-10-17 21:22 290,304 --a------ c:\windows\System32\drivers\srv.sys

2008-10-17 21:21 . 2008-10-17 21:21 296,448 --a------ c:\windows\System32\gdi32.dll

2008-10-17 21:21 . 2008-10-17 21:21 113,664 --a------ c:\windows\System32\drivers\rmcast.sys

2008-10-17 21:21 . 2008-10-17 21:21 14,848 --a------ c:\windows\System32\wshrm.dll

2008-10-17 21:20 . 2008-10-17 21:20 1,327,104 --a------ c:\windows\System32\quartz.dll

2008-10-17 21:20 . 2008-10-17 21:20 737,792 --a------ c:\windows\System32\inetcomm.dll

2008-10-17 21:20 . 2008-10-17 21:20 84,480 --a------ c:\windows\System32\INETRES.dll

2008-10-17 21:20 . 2008-10-17 21:20 83,968 --a------ c:\windows\System32\dnsrslvr.dll

2008-10-17 21:20 . 2008-10-17 21:20 24,576 --a------ c:\windows\System32\dnscacheugc.exe

2008-10-17 21:19 . 2008-10-17 21:19 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-17 21:19 . 2008-10-17 21:19 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-17 21:19 . 2008-10-17 21:19 99,840 --a------ c:\windows\System32\poqexec.exe

2008-10-17 21:17 . 2008-10-17 21:17 826,368 --a------ c:\windows\System32\wininet.dll

2008-10-17 21:16 . 2008-10-17 21:16 1,831,424 --a------ c:\windows\System32\inetcpl.cpl

2008-10-17 21:16 . 2008-10-17 21:16 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-10-17 21:16 . 2008-10-17 21:16 56,320 --a------ c:\windows\System32\iesetup.dll

2008-10-17 21:16 . 2008-10-17 21:16 26,624 --a------ c:\windows\System32\ieUnatt.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 07:01 --------- d-----w c:\program files\JetAudio

2008-10-18 06:01 174 --sha-w c:\program files\desktop.ini

2008-10-18 05:28 797,696 ----a-w c:\windows\System32\NaturalLanguage6.dll

2008-10-18 05:17 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-10-15 05:42 --------- d-----w c:\programdata\Spybot - Search & Destroy

2008-10-06 19:10 --------- d-----w c:\users\Owner\AppData\Roaming\MathWorks

2008-10-06 18:41 --------- d-----w c:\program files\MATLAB

2008-10-06 08:13 --------- d-----w c:\program files\QuickSFV

2008-10-03 13:49 --------- d-----w c:\users\Owner\AppData\Roaming\uTorrent

2008-08-21 23:23 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-08-21 23:23 563,912 ----a-w c:\windows\System32\wuapi.dll

2008-08-21 23:23 53,448 ----a-w c:\windows\System32\wuauclt.exe

2008-08-21 23:23 45,768 ----a-w c:\windows\System32\wups2.dll

2008-08-21 23:23 36,552 ----a-w c:\windows\System32\wups.dll

2008-08-21 23:23 1,811,656 ----a-w c:\windows\System32\wuaueng.dll

2008-08-21 23:23 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-08-21 23:22 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-08-21 23:22 163,904 ----a-w c:\windows\System32\wuwebv.dll

2008-08-16 17:24 143,104 ----a-w c:\windows\System32\guard32.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-22 815104]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-08-16 1655552]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-28 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Aim6"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe

"ALaunch"=c:\acer\ALaunch\AlaunchClient.exe

"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

"eDSMSNfix"=c:\acer\Empowering Technology\eDSMSNfix.exe

"eRecoveryService"=

"Acer Tour"=

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" /startup

"Acer Assist Launcher"=c:\program files\Acer Assist\launcher.exe

"Persistence"=c:\windows\system32\igfxpers.exe

"AAWTray"=c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2556660246-935877568-3177510636-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{61D6F5A3-DAD3-4E8C-9CE5-63523CC49926}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{F92F3B7D-937B-4CE2-AE67-C63A3EC4BEBC}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{2564132A-89FC-4665-A9A2-1559BF33012E}"= c:\program files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector

"{D7234E07-012D-42D4-AF05-A6748696508A}"= c:\program files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV

"{B32FB416-F2C5-490D-BF3B-4EA057CB81A9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{48BE5C22-3929-43AB-95F6-C78ACF967AC5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{18BFA3AE-B1A6-426B-B5D4-3F6D17B65C91}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{B323F48E-AC36-442E-A528-30417974AAD7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5980FF2A-D4F6-42CE-ABB1-F2DFAD32B078}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{71B69BBF-7292-4E2D-8978-1DF745899931}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{64071462-7F14-4BBF-A713-CB4D80771773}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{883B637C-9919-40B8-88FB-36EFF175B58E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{2E1210AA-DFEB-4313-ADED-AED0F44D1323}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{58DC1136-3BB7-4F25-A520-9B9AFE47B3FD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{E59A912C-22BD-4F5D-9705-2F24555AFDCD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{314F3CD1-1ABB-4C7B-BE50-C81732CFDBD1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{BA84C1F2-4266-4CB5-9035-D5B06530F811}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-16 85008]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-16 25104]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-04-10 50688]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56031d16-705f-11dc-8938-0016d4dddd7e}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p4waa3hz.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPJava11.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPJava12.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPJava13.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPJava32.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPJPI141_07.dll

FF -: plugin - c:\program files\Java\j2re1.4.1_07\bin\NPOJI610.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava13.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI141_07.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 17:05:37

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-11-15 17:08:08

ComboFix-quarantined-files.txt 2008-11-16 01:06:58

 

Pre-Run: 47,641,706,496 bytes free

Post-Run: 47,647,465,472 bytes free

 

199 --- E O F --- 2008-10-18 05:36:17

Share this post


Link to post
Share on other sites

Please search for and remove the following file:

C:\Windows\System32\TDSSxdxd.dat

 

~~~~

Also, Java is out of date...

 

Please download JavaRa

Posted Image

 

Unzip it to the Desktop.

 

This program checks if your computer has the latest version of Java Runtime Environment (JRE). If the version installed is superseded by a newer version, the program downloads and installs the newer version by running Java's update program.

 

JavaRa then allows you to remove all possible older versions of the JRE program. This ensures the security of your computer is enhanced and also creates some extra space on your hard disk

 

Double-click on JavaRa.exe to start the program.

  • In the prompt that appears, select: Search for Updates
  • Next select: Update using Sun Java’s website Update Using jucheck.exe

  • Click: Search
  • In Sun Java’s website, download: Java Runtime Environment (JRE) 6 Update 10
Note: Currently, as part of its update, Java also provides for the installation of the Google Toolbar. You can decline its installation of by unchecking "Google Toolbar for Internet Explorer", then click Next to continue.

  • Back to JavaRa, click on Remove Older Versions
  • Click Yes when prompted.
  • When JavaRa is done, a notice appears that a logfile was produced.
  • If you wish to see the log, click OK, for it to show. (The log is also saved as C:\JavaRa.log)
  • Use the X on the upper right side to close JavaRa
  • Next, restart the computer to complete the changes.
~~~~

Please run HijackThis once again, and post a new log.

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:00:23 PM, on 11/16/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\javaws.exe

C:\Program Files\Java\jre6\bin\javaw.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6159 bytes

Share this post


Link to post
Share on other sites

The following entry can go (AOL related):

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

Check, and then select: Fix checked

 

RSIT normally produces a HijackThis log in its log.txt report. When you ran RSIT, did your firewall (Comodo) give you an alert on it and you opted not to run it?

 

Please run RSIT again, and if you get any prompts to run HJT, allow the program to do so. Then post the new log.txt in your reply.

 

Also, are you still having any malware problems?

Share this post


Link to post
Share on other sites

The other times I ran RSIT I was disconnected from the Internet, so it wasn't able to download and run HJT. And no, I'm not having anymore malware problems.

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Owner at 2008-11-16 19:01:37

Microsoft® Windows Vista™ Home Premium

System drive C: has 45 GB (64%) free of 71 GB

Total RAM: 2038 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:01:48 PM, on 11/16/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Users\Owner\Desktop\RSIT.exe

C:\HiJackThis\Owner.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6080 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-16 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-16 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-28 4390912]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-22 815104]

"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-08-16 1655552]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-16 136600]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56031d16-705f-11dc-8938-0016d4dddd7e}]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 1 months======

 

2008-11-16 17:58:48 ----A---- C:\Windows\system32\deploytk.dll

2008-11-16 17:58:47 ----A---- C:\Windows\system32\javaws.exe

2008-11-16 17:58:47 ----A---- C:\Windows\system32\javaw.exe

2008-11-16 17:58:47 ----A---- C:\Windows\system32\java.exe

2008-11-15 17:12:12 ----D---- C:\rsit

2008-11-15 17:08:10 ----D---- C:\Windows\temp

2008-11-15 17:08:09 ----A---- C:\ComboFix.txt

2008-11-15 17:01:27 ----A---- C:\Windows\zip.exe

2008-11-15 17:01:27 ----A---- C:\Windows\VFIND.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWXCACLS.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWSC.exe

2008-11-15 17:01:27 ----A---- C:\Windows\SWREG.exe

2008-11-15 17:01:27 ----A---- C:\Windows\sed.exe

2008-11-15 17:01:27 ----A---- C:\Windows\NIRCMD.exe

2008-11-15 17:01:27 ----A---- C:\Windows\grep.exe

2008-11-15 17:01:27 ----A---- C:\Windows\fdsv.exe

2008-11-15 00:30:34 ----A---- C:\avenger.txt

2008-11-15 00:14:24 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes

2008-11-15 00:14:18 ----D---- C:\ProgramData\Malwarebytes

2008-11-15 00:14:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-12 23:02:38 ----D---- C:\Windows\ERDNT

2008-11-12 23:02:38 ----D---- C:\Qoobox

2008-11-12 23:02:38 ----D---- C:\Combo-Fix

2008-11-12 22:22:46 ----A---- C:\Users\Owner\AppData\Roaming\SetValue.bat

2008-11-12 22:22:45 ----A---- C:\Windows\system32\tmp.txt

2008-11-12 22:22:45 ----A---- C:\Users\Owner\AppData\Roaming\GetValue.vbs

2008-11-12 22:21:53 ----A---- C:\rapport.txt

2008-11-12 09:20:26 ----D---- C:\Program Files\trend micro

2008-11-12 09:08:06 ----A---- C:\Windows\ntbtlog.txt

2008-11-11 11:49:44 ----A---- C:\Windows\gmer.ini

2008-11-11 11:49:25 ----A---- C:\Windows\gmer_uninstall.cmd

2008-11-11 11:49:25 ----A---- C:\Windows\gmer.dll

2008-11-11 11:49:24 ----A---- C:\Windows\gmer.exe

2008-11-10 21:23:06 ----D---- C:\HiJackThis

2008-11-06 23:01:41 ----D---- C:\Users\Owner\AppData\Roaming\Real

2008-10-17 21:35:54 ----A---- C:\Windows\system32\winipsec.dll

2008-10-17 21:35:54 ----A---- C:\Windows\system32\polstore.dll

2008-10-17 21:35:54 ----A---- C:\Windows\system32\IPSECSVC.DLL

2008-10-17 21:35:54 ----A---- C:\Windows\system32\FwRemoteSvr.dll

2008-10-17 21:33:55 ----A---- C:\Windows\system32\shell32.dll

2008-10-17 21:32:49 ----A---- C:\Windows\system32\tzres.dll

2008-10-17 21:31:46 ----A---- C:\Windows\system32\es.dll

2008-10-17 21:31:18 ----A---- C:\Windows\system32\wmpeffects.dll

2008-10-17 21:29:40 ----A---- C:\Windows\system32\NlsLexicons0046.dll

2008-10-17 21:29:40 ----A---- C:\Windows\system32\NlsLexicons0045.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0049.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0047.dll

2008-10-17 21:29:39 ----A---- C:\Windows\system32\NlsLexicons0020.dll

2008-10-17 21:29:38 ----A---- C:\Windows\system32\NlsLexicons0039.dll

2008-10-17 21:29:38 ----A---- C:\Windows\system32\NlsLexicons0021.dll

2008-10-17 21:29:37 ----A---- C:\Windows\system32\NlsLexicons0022.dll

2008-10-17 21:29:36 ----A---- C:\Windows\system32\NlsLexicons0024.dll

2008-10-17 21:29:34 ----A---- C:\Windows\system32\NlsLexicons0026.dll

2008-10-17 21:29:33 ----A---- C:\Windows\system32\NlsLexicons0027.dll

2008-10-17 21:29:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll

2008-10-17 21:29:32 ----A---- C:\Windows\system32\NlsLexicons0011.dll

2008-10-17 21:29:31 ----A---- C:\Windows\system32\NlsLexicons0013.dll

2008-10-17 21:29:30 ----A---- C:\Windows\system32\NlsLexicons0018.dll

2008-10-17 21:29:29 ----A---- C:\Windows\system32\NlsLexicons0019.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0003.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0002.dll

2008-10-17 21:29:27 ----A---- C:\Windows\system32\NlsLexicons0001.dll

2008-10-17 21:29:26 ----A---- C:\Windows\system32\NlsLexicons0007.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons004b.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons004a.dll

2008-10-17 21:29:25 ----A---- C:\Windows\system32\NlsLexicons0009.dll

2008-10-17 21:29:24 ----A---- C:\Windows\system32\NlsLexicons004c.dll

2008-10-17 21:29:23 ----A---- C:\Windows\system32\NlsLexicons004e.dll

2008-10-17 21:29:22 ----A---- C:\Windows\system32\NlsLexicons003e.dll

2008-10-17 21:29:22 ----A---- C:\Windows\system32\NlsLexicons002a.dll

2008-10-17 21:29:21 ----A---- C:\Windows\system32\NlsLexicons001a.dll

2008-10-17 21:29:20 ----A---- C:\Windows\system32\NlsLexicons001b.dll

2008-10-17 21:29:18 ----A---- C:\Windows\system32\NlsLexicons001d.dll

2008-10-17 21:29:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll

2008-10-17 21:29:16 ----A---- C:\Windows\system32\NlsLexicons000c.dll

2008-10-17 21:29:15 ----A---- C:\Windows\system32\NlsLexicons000d.dll

2008-10-17 21:29:14 ----A---- C:\Windows\system32\NlsLexicons000f.dll

2008-10-17 21:29:13 ----A---- C:\Windows\system32\NlsLexicons0414.dll

2008-10-17 21:29:12 ----A---- C:\Windows\system32\NlsLexicons0816.dll

2008-10-17 21:29:12 ----A---- C:\Windows\system32\NlsLexicons0416.dll

2008-10-17 21:29:10 ----A---- C:\Windows\system32\NlsLexicons081a.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsModels0011.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsData0046.dll

2008-10-17 21:29:09 ----A---- C:\Windows\system32\NlsData0045.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0049.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0047.dll

2008-10-17 21:29:08 ----A---- C:\Windows\system32\NlsData0039.dll

2008-10-17 21:29:07 ----A---- C:\Windows\system32\NlsData0021.dll

2008-10-17 21:29:07 ----A---- C:\Windows\system32\NlsData0020.dll

2008-10-17 21:29:06 ----A---- C:\Windows\system32\NlsData0024.dll

2008-10-17 21:29:06 ----A---- C:\Windows\system32\NlsData0022.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0027.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0026.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0011.dll

2008-10-17 21:29:05 ----A---- C:\Windows\system32\NlsData0010.dll

2008-10-17 21:29:04 ----A---- C:\Windows\system32\NlsData0018.dll

2008-10-17 21:29:04 ----A---- C:\Windows\system32\NlsData0013.dll

2008-10-17 21:29:03 ----A---- C:\Windows\system32\NlsData0000.dll

2008-10-17 21:29:02 ----A---- C:\Windows\system32\NlsData0019.dll

2008-10-17 21:29:02 ----A---- C:\Windows\system32\NlsData0001.dll

2008-10-17 21:29:01 ----A---- C:\Windows\system32\NlsData0003.dll

2008-10-17 21:29:01 ----A---- C:\Windows\system32\NlsData0002.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData004a.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData0009.dll

2008-10-17 21:29:00 ----A---- C:\Windows\system32\NlsData0007.dll

2008-10-17 21:28:59 ----A---- C:\Windows\system32\NlsData004c.dll

2008-10-17 21:28:59 ----A---- C:\Windows\system32\NlsData004b.dll

2008-10-17 21:28:58 ----A---- C:\Windows\system32\NlsData004e.dll

2008-10-17 21:28:58 ----A---- C:\Windows\system32\NlsData003e.dll

2008-10-17 21:28:57 ----A---- C:\Windows\system32\NlsData002a.dll

2008-10-17 21:28:57 ----A---- C:\Windows\system32\NlsData001a.dll

2008-10-17 21:28:56 ----A---- C:\Windows\system32\NlsData001b.dll

2008-10-17 21:28:55 ----A---- C:\Windows\system32\NlsData001d.dll

2008-10-17 21:28:54 ----A---- C:\Windows\system32\NlsData000a.dll

2008-10-17 21:28:53 ----A---- C:\Windows\system32\NlsData000d.dll

2008-10-17 21:28:53 ----A---- C:\Windows\system32\NlsData000c.dll

2008-10-17 21:28:52 ----A---- C:\Windows\system32\NlsData000f.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NlsData0416.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NlsData0414.dll

2008-10-17 21:28:51 ----A---- C:\Windows\system32\NaturalLanguage6.dll

2008-10-17 21:28:50 ----A---- C:\Windows\system32\NlsData081a.dll

2008-10-17 21:28:50 ----A---- C:\Windows\system32\NlsData0816.dll

2008-10-17 21:28:49 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll

2008-10-17 21:28:49 ----A---- C:\Windows\system32\NlsData0c1a.dll

2008-10-17 21:24:09 ----A---- C:\Windows\system32\srclient.dll

2008-10-17 21:24:09 ----A---- C:\Windows\system32\rstrui.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\winload.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\srdelayed.exe

2008-10-17 21:24:08 ----A---- C:\Windows\system32\srcore.dll

2008-10-17 21:24:08 ----A---- C:\Windows\system32\kd1394.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\kbd106n.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\f3ahvoas.dll

2008-10-17 21:24:07 ----A---- C:\Windows\system32\ci.dll

2008-10-17 21:21:44 ----A---- C:\Windows\system32\gdi32.dll

2008-10-17 21:21:18 ----A---- C:\Windows\system32\wshrm.dll

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnsrslvr.dll

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnscacheugc.exe

2008-10-17 21:20:47 ----A---- C:\Windows\system32\dnsapi.dll

2008-10-17 21:20:27 ----A---- C:\Windows\system32\INETRES.dll

2008-10-17 21:20:27 ----A---- C:\Windows\system32\inetcomm.dll

2008-10-17 21:20:02 ----A---- C:\Windows\system32\quartz.dll

2008-10-17 21:19:40 ----A---- C:\Windows\system32\poqexec.exe

2008-10-17 21:19:18 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-10-17 21:19:18 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-10-17 21:17:05 ----A---- C:\Windows\system32\ieapfltr.dll

2008-10-17 21:17:05 ----A---- C:\Windows\system32\advpack.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\wininet.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\jsproxy.dll

2008-10-17 21:17:04 ----A---- C:\Windows\system32\dxtrans.dll

2008-10-17 21:17:03 ----A---- C:\Windows\system32\dxtmsft.dll

2008-10-17 21:17:02 ----A---- C:\Windows\system32\ieui.dll

2008-10-17 21:17:02 ----A---- C:\Windows\system32\ieframe.dll

2008-10-17 21:17:00 ----A---- C:\Windows\system32\mshtmled.dll

2008-10-17 21:16:59 ----A---- C:\Windows\system32\mshtml.dll

2008-10-17 21:16:57 ----A---- C:\Windows\system32\mstime.dll

2008-10-17 21:16:57 ----A---- C:\Windows\system32\icardie.dll

2008-10-17 21:16:53 ----A---- C:\Windows\system32\ieUnatt.exe

2008-10-17 21:16:52 ----A---- C:\Windows\system32\urlmon.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\pngfilt.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iesetup.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iertutil.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\iernonce.dll

2008-10-17 21:16:51 ----A---- C:\Windows\system32\ie4uinit.exe

 

======List of files/folders modified in the last 1 months======

 

2008-11-16 19:01:48 ----D---- C:\Windows\Prefetch

2008-11-16 17:59:40 ----RD---- C:\Program Files

2008-11-16 17:59:40 ----D---- C:\Program Files\Java

2008-11-16 17:58:55 ----SHD---- C:\Windows\Installer

2008-11-16 17:58:55 ----HD---- C:\Config.Msi

2008-11-16 17:58:48 ----D---- C:\Windows\System32

2008-11-16 17:43:11 ----A---- C:\Windows\win.ini

2008-11-16 14:33:19 ----D---- C:\Windows\inf

2008-11-16 14:33:19 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-16 14:28:07 ----D---- C:\Program Files\Mozilla Firefox

2008-11-15 18:00:55 ----D---- C:\Windows

2008-11-15 17:05:35 ----A---- C:\Windows\system.ini

2008-11-15 17:04:04 ----D---- C:\Windows\system32\drivers

2008-11-15 17:04:04 ----D---- C:\Program Files\Common Files

2008-11-15 17:04:03 ----D---- C:\Windows\AppPatch

2008-11-15 17:01:21 ----D---- C:\Windows\system32\en-US

2008-11-15 00:14:18 ----HD---- C:\ProgramData

2008-11-14 09:26:02 ----D---- C:\Windows\system32\config

2008-11-12 19:24:28 ----D---- C:\Windows\system32\catroot2

2008-11-12 09:04:13 ----D---- C:\Windows\pss

2008-11-06 23:01:25 ----D---- C:\Program Files\JetAudio

2008-10-22 16:01:18 ----D---- C:\Windows\system32\LogFiles

2008-10-17 22:02:20 ----D---- C:\Windows\system32\catroot

2008-10-17 22:02:00 ----D---- C:\Windows\winsxs

2008-10-17 22:01:43 ----ASH---- C:\Program Files\desktop.ini

2008-10-17 22:01:38 ----D---- C:\Windows\rescache

2008-10-17 21:56:37 ----D---- C:\Windows\system32\migration

2008-10-17 21:56:37 ----D---- C:\Program Files\Internet Explorer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2008-08-16 85008]

R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2008-08-16 25104]

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]

R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]

R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-01 45056]

R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2006-12-26 817968]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]

R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-24 62208]

R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-24 42240]

R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-24 76928]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]

R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-08-16 73232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]

R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-10 6144]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-09 82432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-22 179896]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2006-11-02 11264]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-18 534016]

S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-18 534016]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-11 85969]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]

R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-08-16 519936]

R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]

R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]

R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 24576]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]

R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

Edited by WillM

Share this post


Link to post
Share on other sites

Posted Image

 

If you are not having malware problems, you are good to go!

 

Please do the following to wrap up:

 

Also, do a search for, and remove: C:\RSIT

 

Now, let’s create a new Restore Point, and get rid of the old ones.

  • Go to Start, select Control Panel, and then click System
  • In the left pane, click System Protection
  • When User Account Control prompts to confirm the action, click on "Continue"
  • On the System Properties dialogue, make sure the C:\ drive is checked, and select Create
  • Enter a name like: Clean Restore Point
  • Click Create
Now, with a clean Restore Point, lets get rid of the old ones:
  • Go to Start, and now select: Backup and Restore Center (left side column)
  • In the left pane, click Create a Restore Point or change settings.
  • When User Account Control prompts to confirm the action, click on "Continue"
  • In the System Properties dialogue box, clear the check box next to the C:\ disk, and then click OK. (Turns off System Protection and clears old Restore Points.)
  • Next, check the box next to the C:\disk (Turns on System Protection.)
  • Click OK
~~~~

It is also a very good practice to perform an online virus scan on a regular basis.

Scanners do not have identical malware definitions, and what one misses, another one can catch.

Some Vista compatible scanners are:

~~~~

Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:

How Did I Get Infected In The First Place

Note: Some programs may not be Vista compatible.

 

~~~~

If you have any questions or comments, post back. Otherwise...

 

Good luck, and safe journey through the Internet!! :adios:

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...