lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

WHY Cant I Get Google - and What is Search.iMesh ?? !!!

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 26th Aug 2009, 10:02
Member Group
  
Thanks Evil

I have 2 user names to go in on -

Administrator
Magic6

The Magic6 account is used all the time. However, I have tried a search under both. Under both I have done this;

Start
Search
Clicked on All Files & Folders
Typed in iexplore -extoff
Clicked on My Computer
Search...............................and no results are displayed.

Thanks,
Paul
  #12  
Old 26th Aug 2009, 10:08
Moderator Group
  
OK I think there is some confusion.

Add the iexplore -extoff where I have the arrow pointing and then click where I have the circle.

Click the image to enlarge it.
Attached Thumbnails
WHY Cant I Get Google - and What is Search.iMesh ?? !!!-untitled.jpg  
__________________
  #13  
Old 26th Aug 2009, 11:40
Member Group
  
I'm very sorry Evil. I've completely and stupidly led you up the garden path with the understanding that the problem exists with a Vista system.
It doesn't!
The problem is on a desktop pc running XP.

My apologies.
Needless to say once you've stopped cursing my stupidity, any help would be gratefully received!

Paul
  #14  
Old 26th Aug 2009, 12:18
Moderator Group
  
Let's try this.

Put ComboFix on your flash drive and transfer it over to the infected computers desktop and then run it.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
  #15  
Old 27th Aug 2009, 01:45
Member Group
  
As instructed-
Transferred ComboFix by flash pen to problem pc Desktop (normal mode)
AV etc turned off

Message shows up.
"This machine does not have the Microsoft Windows recovery console installed. Without it, ComboFix shall not attempt the fixing of some serious infections. Click "Yes" to have ComboFix download/install it. NOTE: this requires an active internet connection."

Unfortunately I can't download anything!

The ComboFix autoscan completes all the stages then that's it. After running the second link you mentioned, I end up with quite a log.

This system is legal by the way, having been bought from a local shop.

Paul
  #16  
Old 27th Aug 2009, 09:26
Moderator Group
  
I need the log from ComboFix. Can you transfer it with the pen drive and post it here?
__________________
  #17  
Old 27th Aug 2009, 10:39
Member Group
  
Thanks Evil

Please find find log below.
Paul

ComboFix 09-08-26.05 - My Computer 27/08/2009 18:04.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.703.358 [GMT 1:00]
Running from: c:\documents and settings\My Computer\Desktop\ComboFix2.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 08:06 . 2009-08-27 08:16 -------- d-s---w- C:\ComboFix1
2009-08-26 19:56 . 2009-08-27 08:05 -------- d-s---w- C:\ComboFix
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\documents and settings\My Computer\Application Data\Windows Live Writer
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\documents and settings\My Computer\Local Settings\Application Data\Windows Live Writer
2009-08-20 12:59 . 2009-08-18 19:11 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-20 09:54 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVENG.SYS
2009-08-20 09:54 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVEX15.SYS
2009-08-20 09:54 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\ECMSVR32.DLL
2009-08-20 09:54 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVENG32.DLL
2009-08-20 09:54 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVEX32A.DLL
2009-08-20 09:54 . 2009-02-26 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\EECTRL.SYS
2009-08-20 09:54 . 2009-02-26 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\CCERASER.DLL
2009-08-20 09:54 . 2009-02-26 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\ERASER.SYS
2009-08-15 20:05 . 2009-08-15 20:05 -------- d-----w- c:\documents and settings\My Computer\Application Data\ArcSoft
2009-08-13 10:57 . 2009-08-13 10:57 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 02:18 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSXpx86.sys
2009-08-12 02:18 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\Scxpx86.dll
2009-08-12 02:18 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSxpx86.dll
2009-08-12 02:18 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSvix86.sys
2009-08-12 02:18 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSviA64.sys
2009-08-10 11:06 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 06:13 . 2009-08-08 06:13 -------- d-----w- c:\documents and settings\My Computer\Local Settings\Application Data\PCHealth
2009-08-07 22:39 . 2009-08-07 22:39 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 22:38 . 2009-08-07 22:38 -------- d-----w- c:\program files\MSBuild
2009-08-07 22:37 . 2009-08-07 22:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 22:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-08-07 22:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 22:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-08-07 22:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 22:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 22:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 22:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 22:34 . 2009-08-07 22:36 -------- d-----w- C:\e887c4398b981e77a8
2009-08-07 12:04 . 2009-08-07 12:04 -------- d-----w- c:\program files\MSXML 6.0
2009-08-07 12:02 . 2009-08-07 12:02 -------- d-----w- C:\9e60dba6ea4235a301efeb89c916d9
2009-08-07 12:01 . 2009-08-07 12:02 -------- d-----w- C:\c984e8fab946b7d9a23a
2009-07-31 16:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSXpx86.sys
2009-07-31 16:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\Scxpx86.dll
2009-07-31 16:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSxpx86.dll
2009-07-31 16:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSvix86.sys
2009-07-31 16:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-24 07:26 . 2009-03-25 16:36 -------- d-----w- c:\documents and settings\My Computer\Application Data\SUPERAntiSpyware.com
2009-08-24 07:26 . 2009-03-25 16:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 09:53 . 2008-10-17 21:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-20 09:53 . 2008-10-17 21:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-20 09:53 . 2008-10-17 21:28 -------- d-----w- c:\program files\Symantec
2009-08-20 09:53 . 2006-11-18 17:33 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-20 09:53 . 2006-11-18 17:33 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-08 06:09 . 2008-04-13 08:54 16800 ----a-w- c:\documents and settings\My Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:11 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:21 . 2009-03-23 18:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 20:04 . 2009-07-27 20:04 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-07-27 20:04 . 2009-07-27 20:04 2117632 ----a-w- c:\windows\system32\python25.dll
2009-07-27 20:04 . 2009-07-27 20:04 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-07-27 20:03 . 2008-09-16 19:05 -------- d-----w- c:\program files\AGI
2009-07-27 20:02 . 2009-07-27 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AGI
2009-07-22 10:19 . 2009-07-22 10:18 -------- d-----w- c:\program files\Philips
2009-07-22 10:19 . 2005-11-15 15:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 10:17 . 2009-07-22 10:17 -------- d-----w- c:\documents and settings\My Computer\Application Data\InstallShield
2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 16:53 . 2008-12-29 23:50 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-13 22:43 . 2004-08-03 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-06-29 16:12 . 2004-08-03 23:56 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-03-19 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2004-08-03 23:56 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 23:56 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 23:56 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 23:56 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 23:56 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2004-08-03 21:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-08-29 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-03 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-03 23:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2005-11-15 15:15 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-03 23:56 1290752 ----a-w- c:\windows\system32\quartz.dll
.
------- Sigcheck -------
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-03 23:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-03 23:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-03 23:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-03 23:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-03 23:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-03 23:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-03 23:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-03 23:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-03 23:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-03 23:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-03 23:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-03 23:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-03 23:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-03 23:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-03 23:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-03 23:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-03 23:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-03 23:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-03 21:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-03 23:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-03 23:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-03 23:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-03 23:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll
[-] 2002-08-29 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2002-08-29 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2002-08-29 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2002-08-29 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-03 23:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-03 23:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll
[-] 2002-08-29 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-03 23:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-03 23:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll
[7] 2009-02-06 18:46 408064 6C476D33D82F1054849790181E8F7772 c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-03 23:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-03 23:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-03 23:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-03 23:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\qmgr.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-03 23:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll
[-] 2004-08-03 23:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\dllcache\scecli.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-03 23:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\eventlog.dll
[-] 2004-08-03 23:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-03 22:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 22:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-03 23:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\xmlprov.dll
[-] 2004-08-03 23:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\dllcache\xmlprov.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-03 23:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 23:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\dllcache\cryptsvc.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-03 23:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\browser.dll
[-] 2004-08-03 23:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-03 23:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 23:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\dllcache\ssdpsrv.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-03 23:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll
[-] 2004-08-03 23:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\dllcache\srsvc.dll
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-03 23:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
[-] 2004-08-03 23:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\dllcache\wscntfy.exe
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-03 23:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\dllcache\ntmssvc.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\rasauto.dll
[-] 2004-08-03 23:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll
[-] 2004-08-03 23:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\dllcache\rasauto.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-03 23:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 23:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-03 23:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\schedsvc.dll
[-] 2004-08-03 23:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\dllcache\schedsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-03 23:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\regsvc.dll
[-] 2004-08-03 23:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\dllcache\regsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-26_20.08.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-27 16:49 . 2009-08-27 16:49 16384 c:\windows\temp\Perflib_Perfdata_494.dat
+ 2009-03-26 07:41 . 2009-08-27 12:50 5160 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-06 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 129536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2005-01-24 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\MOUSE32A.EXE" [2002-05-24 357376]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 30192]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"Motive SmartBridge"="c:\progra~1\BTTOTA~1\Help\SMARTB~1\B THelpNotifier.exe" [2006-02-06 462935]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-09 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BT Broadband Desktop Help.lnk - c:\program files\BT Total Broadband 220V\Help\bin\matcli.exe [2007-6-21 217088]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-6 67128]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-9-6 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020 .00A\SymEFA.sys [20/08/2009 10:53 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00A \BHDrvx86.sys [20/08/2009 10:53 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.0 0A\cchpx86.sys [20/08/2009 10:52 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSXpx86.sys [12/08/2009 03:18 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [27/03/2009 19:20 55152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [20/08/2009 10:52 117640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/05/2009 20:43 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/09/2008 19:25 30192]
.
Contents of the 'Scheduled Tasks' folder
2009-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-08-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-08-27 c:\windows\Tasks\User_Feed_Synchronization-{2C8F8B15-06CE-4D7D-92E9-CA8E6EDC7F76}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: {9256938D-1349-4C23-971F-E227FF55F5C5} = 192.168.1.1,4.2.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.82.144.82/activex/AMC.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 18:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\bho.bho\Clsid]
@DACL=(02 0000)
@="{A4FDF7B4-EAD1-4872-A3F7-20FD86D6E798}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E18 C3DAF-9841-4340-AFE9-27AB400650AB}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E18 C3DAF-9841-4340-AFE9-27AB400650AB}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E18 C3DAF-9841-4340-AFE9-27AB400650AB}\TypeLib]
@DACL=(02 0000)
@="{E48C3DAF-9841-4345-AFE9-27AB400650AB}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E48C3 DAF-9841-4345-AFE9-27AB400650AB}\1.0]
@DACL=(02 0000)
@="IE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\WININET.dll
c:\progra~1\BTTOTA~1\Help\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\iWare\iWare Mouse\3.2\MOUDL32A.DLL
.
Completion time: 2009-08-27 18:17
ComboFix-quarantined-files.txt 2009-08-27 17:17
ComboFix2.txt 2009-08-27 08:37
Pre-Run: 11,673,829,376 bytes free
Post-Run: 11,637,276,672 bytes free
337 --- E O F --- 2009-08-24 07:20
  #18  
Old 27th Aug 2009, 11:56
Moderator Group
  
You will need to transfer over this text file and run it with ComboFix.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

FixCSet::

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\bho.bho\Clsid]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E18C3DAF-9841-4340-AFE9-27AB400650AB}]

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E48C3DAF-9841-4345-AFE9-27AB400650AB}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #19  
Old 28th Aug 2009, 07:31
Member Group
  
Many thanks Evil

Please find requested log below.

Paul

ComboFix 09-08-26.05 - My Computer 28/08/2009 14:53.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.703.334 [GMT 1:00]
Running from: c:\documents and settings\My Computer\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\My Computer\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-27 08:06 . 2009-08-27 08:16 -------- d-s---w- C:\ComboFix1
2009-08-26 19:56 . 2009-08-27 08:05 -------- d-s---w- C:\ComboFix
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\documents and settings\My Computer\Application Data\Windows Live Writer
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\documents and settings\My Computer\Local Settings\Application Data\Windows Live Writer
2009-08-20 12:59 . 2009-08-18 19:11 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-20 09:54 . 2009-08-19 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVENG.SYS
2009-08-20 09:54 . 2009-08-19 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVEX15.SYS
2009-08-20 09:54 . 2009-08-19 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\ECMSVR32.DLL
2009-08-20 09:54 . 2009-08-19 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVENG32.DLL
2009-08-20 09:54 . 2009-08-19 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\NAVEX32A.DLL
2009-08-20 09:54 . 2009-02-26 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\EECTRL.SYS
2009-08-20 09:54 . 2009-02-26 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\CCERASER.DLL
2009-08-20 09:54 . 2009-02-26 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009081 9.050\ERASER.SYS
2009-08-15 20:05 . 2009-08-15 20:05 -------- d-----w- c:\documents and settings\My Computer\Application Data\ArcSoft
2009-08-13 10:57 . 2009-08-13 10:57 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 02:18 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSXpx86.sys
2009-08-12 02:18 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\Scxpx86.dll
2009-08-12 02:18 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSxpx86.dll
2009-08-12 02:18 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSvix86.sys
2009-08-12 02:18 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSviA64.sys
2009-08-10 11:06 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 06:13 . 2009-08-08 06:13 -------- d-----w- c:\documents and settings\My Computer\Local Settings\Application Data\PCHealth
2009-08-07 22:39 . 2009-08-07 22:39 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 22:38 . 2009-08-07 22:38 -------- d-----w- c:\program files\MSBuild
2009-08-07 22:37 . 2009-08-07 22:37 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 22:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-08-07 22:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 22:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-08-07 22:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 22:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 22:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 22:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 22:34 . 2009-08-07 22:36 -------- d-----w- C:\e887c4398b981e77a8
2009-08-07 12:04 . 2009-08-07 12:04 -------- d-----w- c:\program files\MSXML 6.0
2009-08-07 12:02 . 2009-08-07 12:02 -------- d-----w- C:\9e60dba6ea4235a301efeb89c916d9
2009-08-07 12:01 . 2009-08-07 12:02 -------- d-----w- C:\c984e8fab946b7d9a23a
2009-07-31 16:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSXpx86.sys
2009-07-31 16:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\Scxpx86.dll
2009-07-31 16:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSxpx86.dll
2009-07-31 16:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSvix86.sys
2009-07-31 16:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730. 003\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-24 07:26 . 2009-03-25 16:36 -------- d-----w- c:\documents and settings\My Computer\Application Data\SUPERAntiSpyware.com
2009-08-24 07:26 . 2009-03-25 16:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-20 09:53 . 2008-10-17 21:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-20 09:53 . 2008-10-17 21:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-20 09:53 . 2008-10-17 21:28 -------- d-----w- c:\program files\Symantec
2009-08-20 09:53 . 2006-11-18 17:33 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-20 09:53 . 2006-11-18 17:33 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-08 06:09 . 2008-04-13 08:54 16800 ----a-w- c:\documents and settings\My Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:11 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:21 . 2009-03-23 18:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 20:04 . 2009-07-27 20:04 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-07-27 20:04 . 2009-07-27 20:04 2117632 ----a-w- c:\windows\system32\python25.dll
2009-07-27 20:04 . 2009-07-27 20:04 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-07-27 20:03 . 2008-09-16 19:05 -------- d-----w- c:\program files\AGI
2009-07-27 20:02 . 2009-07-27 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AGI
2009-07-22 10:19 . 2009-07-22 10:18 -------- d-----w- c:\program files\Philips
2009-07-22 10:19 . 2005-11-15 15:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 10:17 . 2009-07-22 10:17 -------- d-----w- c:\documents and settings\My Computer\Application Data\InstallShield
2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 16:53 . 2008-12-29 23:50 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-13 22:43 . 2004-08-03 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-06-29 16:12 . 2004-08-03 23:56 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-03-19 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2004-08-03 23:56 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 23:56 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 23:56 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 23:56 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 23:56 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2004-08-03 21:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-08-29 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-08-03 23:56 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-03 23:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2005-11-15 15:15 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-03 23:56 1290752 ----a-w- c:\windows\system32\quartz.dll
.
------- Sigcheck -------
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-03 23:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-03 23:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-03 23:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-03 23:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-03 23:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-03 23:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-03 23:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-03 23:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-03 23:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-03 23:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-03 23:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-03 23:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-03 23:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-03 23:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-03 23:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-03 23:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-03 23:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-03 23:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-03 21:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-03 23:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-03 23:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-03 23:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-03 23:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll
[-] 2002-08-29 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2002-08-29 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2002-08-29 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2002-08-29 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-03 23:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-03 23:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll
[-] 2002-08-29 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-03 23:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-03 23:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll
[7] 2009-02-06 18:46 408064 6C476D33D82F1054849790181E8F7772 c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-03 23:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-03 23:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-03 23:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-03 23:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\qmgr.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-03 23:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll
[-] 2004-08-03 23:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\dllcache\scecli.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-03 23:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\eventlog.dll
[-] 2004-08-03 23:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-03 22:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 22:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-03 23:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\xmlprov.dll
[-] 2004-08-03 23:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\dllcache\xmlprov.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-03 23:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 23:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\dllcache\cryptsvc.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-03 23:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\browser.dll
[-] 2004-08-03 23:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\dllcache\browser.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-03 23:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 23:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\dllcache\ssdpsrv.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-03 23:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll
[-] 2004-08-03 23:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\dllcache\srsvc.dll
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-03 23:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
[-] 2004-08-03 23:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\dllcache\wscntfy.exe
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-03 23:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\dllcache\ntmssvc.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\rasauto.dll
[-] 2004-08-03 23:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll
[-] 2004-08-03 23:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\dllcache\rasauto.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-03 23:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 23:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-03 23:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\schedsvc.dll
[-] 2004-08-03 23:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\dllcache\schedsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-03 23:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\regsvc.dll
[-] 2004-08-03 23:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\dllcache\regsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-26_20.08.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 14:02 . 2009-08-28 14:02 16384 c:\windows\temp\Perflib_Perfdata_47c.dat
+ 2009-03-26 07:41 . 2009-08-27 12:50 5160 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-06 67128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 129536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2005-01-24 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"LWBMOUSE"="c:\program files\iWare\iWare Mouse\3.2\MOUSE32A.EXE" [2002-05-24 357376]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 30192]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"Motive SmartBridge"="c:\progra~1\BTTOTA~1\Help\SMARTB~1\B THelpNotifier.exe" [2006-02-06 462935]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-09 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BT Broadband Desktop Help.lnk - c:\program files\BT Total Broadband 220V\Help\bin\matcli.exe [2007-6-21 217088]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-6 67128]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-9-6 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020 .00A\SymEFA.sys [20/08/2009 10:53 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00A \BHDrvx86.sys [20/08/2009 10:53 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.0 0A\cchpx86.sys [20/08/2009 10:52 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSXpx86.sys [12/08/2009 03:18 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [27/03/2009 19:20 55152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [20/08/2009 10:52 117640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/05/2009 20:43 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/09/2008 19:25 30192]
.
Contents of the 'Scheduled Tasks' folder
2009-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-08-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{2C8F8B15-06CE-4D7D-92E9-CA8E6EDC7F76}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: {9256938D-1349-4C23-971F-E227FF55F5C5} = 192.168.1.1,4.2.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.82.144.82/activex/AMC.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 15:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\progra~1\BTTOTA~1\Help\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\iWare\iWare Mouse\3.2\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2009-08-28 15:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 14:13
ComboFix2.txt 2009-08-27 17:17
ComboFix3.txt 2009-08-27 08:37
Pre-Run: 11,652,648,960 bytes free
Post-Run: 11,617,419,264 bytes free
335 --- E O F --- 2009-08-24 07:20
  #20  
Old 28th Aug 2009, 08:45
Moderator Group
  
OK how is the computer acting now? Still the same?
__________________
Reply
Page 2 of 3 1 2 3

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.