DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL
Run by ****** at 20:29:04.50 on Fri 06/11/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.65.1033.18.3062.2667 [GMT 8:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\******\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: D: {344410c8-d36e-30bc-9c9e-cb115cfef2f8} - c:\windows\system32\xwr69330.dll
BHO: IEMenuObject Class: {35948964-1ba1-4636-a99d-aaf62ab97268} - c:\program files\lenovo\anycomm\ACIEContextMenu.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\s wg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\program files\free download manager\iefdm2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [fsm]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Free Download Manager] d:\program files\free download manager\fdm.exe -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] c:\windows\test.bat
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [EzButton] c:\progra~1\ezbutton\EzButton.EXE
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LenovoTheme] c:\program files\lenovo\lenovothemefactory\LenovoThemeVista.e xe
mRun: [<NO NAME>]
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ALUAlert] "c:\program files\symantec\liveupdate\ALuNotify.exe" "/LOWDISKSPACE C"
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\******~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\magicd~1.lnk - d:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\ea_res~1.lnk - c:\users\******\appdata\local\temp\AutoRun.exe
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020 .00b\SymEFA.sys [2009-9-9 310320]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2007-2-6 5120]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-3-2 11776]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b \BHDrvx86.sys [2009-9-9 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.0 0b\cchpx86.sys [2009-9-9 482432]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091102. 002\IDSvix86.sys [2009-10-29 343088]
S2 AnyComm.DirectRouter;AnyComm.DirectRouter;c:\windo ws\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
S2 IGRS;IGRS;c:\program files\lenovo\anycomm\common\IGRS.exe [2007-4-13 31744]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-9 117640]
S2 SheSvc;AnyComm Software Update;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-9 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
S3 IncSvc;AnyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2 kfNT.sys [2009-6-18 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2 Nadr.sys [2009-6-18 79104]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PS_MDP;AnyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 SHE.WEB;AnyComm Software Update Mini Web Server;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007020.00b \symndisv.sys [2009-9-9 48688]
S3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMi rror.sys [2007-2-3 5120]
=============== Created Last 30 ================
2009-11-05 00:49:18 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-31 14:31:49 0 d-----w- c:\programdata\DAEMON Tools Lite
2009-10-31 14:31:46 0 d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-31 14:15:16 0 d-----w- c:\users\******~1\appdata\roaming\DAEMON Tools Lite
2009-10-28 00:26:26 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 00:26:23 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 00:26:23 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-28 00:26:23 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 00:26:21 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:24:46 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-16 19:04:09 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-16 09:46:12 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-16 09:46:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-14 05:01:37 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 04:59:18 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 04:59:17 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 04:57:57 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 04:57:56 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 04:57:56 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-14 04:57:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-14 04:57:46 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2009-10-14 04:57:46 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-14 04:57:44 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2009-10-14 04:57:44 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-14 04:57:26 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 04:57:15 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 04:57:06 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
==================== Find3M ====================
2009-10-31 14:32:45 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 14:32:41 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-31 14:15:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-05 11:54:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 14:02:34 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:42:08 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:23:53 22016 ----a-w- c:\windows\system32\netiougc.exe
2008-12-14 07:02:53 174 --sha-w- c:\program files\desktop.ini
2008-09-21 06:37:19 0 ----a-w- c:\program files\codecpack.v.1.0.2021.exe
2008-09-21 06:36:38 0 ----a-w- c:\program files\codecpack.v.1.0.202.exe
2008-06-12 01:10:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-03-02 11:23:28 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 20:31:19.21 ===============
Results of screen317's Security Check version 0.99.0
Windows Vista (UAC is enabled)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.
`````````End of Log```````````
Comments: The rest except for the RootRepeal step ran really smooth. Very user friendly for the average PC user. The protect user information guide with the Ctrl+A Ctrl+H thing was very helpful. But I think my previous Norton logs already have my personal information but I don't they're just names so I don't think it really matters.
Attached: Attach.txt
![]() |
|
|||||||
| [Fixed] Hijackthis! Logs - Broken links time and again posted in the Security & Safety forums; DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL Run by ****** at 20:29:04.50 on Fri 06/11/2009 Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_05 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.65.1033.18.3062.2667 [GMT 8:00] AV: Norton Internet Security ... |
|
|
|
#15 |
|
Bronze Member
![]() Join Date: Nov 2009
Posts: 14 PC Experience: Some Experience
|
Last edited by alqx; 2 Weeks Ago at 12:55 PM. |
|
|
|
| Advertisement - Register to Remove | |
|
|
|
#16 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862 PC Experience: Elite PC Guru
|
You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop It is important that it is saved and renamed following this process directly to your desktop** Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click on ComFx.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. ![]() Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: ![]() Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
__________________
My real name is Eddy
|
|
|
|
|
|
#17 |
|
Bronze Member
![]() Join Date: Nov 2009
Posts: 14 PC Experience: Some Experience
|
Attached: ComboFix.txt (Originally named log.txt but renamed to ComboFix.txt)
ComboFix 09-11-05.05 - ****** 07/11/2009 9:14.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.65.1033.18.3062.1894 [GMT 8:00] Running from: c:\users\******\Desktop\ComFx.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-4106996838-825450678-1481988376-1000 c:\$recycle.bin\S-1-5-21-4106996838-825450678-1481988376-500 c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1004 c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1005 c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1007 c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-500 . ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\******\AppData\Local\temp 2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Wai Mey\AppData\Local\temp 2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\temp 2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-07 00:14 . 2009-10-16 03:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVENG.SYS 2009-11-07 00:14 . 2009-10-16 03:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVENG32.DLL 2009-11-07 00:14 . 2009-10-16 03:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVEX32A.DLL 2009-11-07 00:14 . 2009-10-16 03:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVEX15.SYS 2009-11-07 00:14 . 2009-10-16 03:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\EECTRL.SYS 2009-11-07 00:14 . 2009-10-16 03:30 2747952 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\CCERASER.DLL 2009-11-07 00:14 . 2009-10-16 03:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\ECMSVR32.DLL 2009-11-07 00:14 . 2009-10-16 03:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\ERASER.SYS 2009-11-07 00:14 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSvix86.sys 2009-11-07 00:14 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSXpx86.sys 2009-11-07 00:14 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\Scxpx86.dll 2009-11-07 00:14 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSxpx86.dll 2009-11-07 00:14 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSviA64.sys 2009-10-31 14:31 . 2009-10-31 14:31 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-10-31 14:31 . 2009-10-31 14:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-10-31 14:15 . 2009-10-31 14:33 -------- d-----w- c:\users\******\AppData\Roaming\DAEMON Tools Lite 2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys 2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSvix86.sys 2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys 2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSXpx86.sys 2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\Scxpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSxpx86.dll 2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys 2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSviA64.sys 2009-10-28 00:26 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 00:26 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-10-28 00:26 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-10-28 00:26 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-27 05:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-27 05:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-27 05:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-27 05:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 06:18 . 2009-10-20 06:18 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\Google 2009-10-20 06:18 . 2009-10-20 06:18 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\Winamp Toolbar 2009-10-20 05:59 . 2009-10-20 06:00 114360 ----a-w- c:\users\Wai Mey.******-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-20 05:59 . 2009-10-20 06:00 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\PowerCinema 2009-10-16 19:04 . 2009-10-16 19:04 8192 d-----w- c:\windows\SQL9_KB970892_ENU 2009-10-16 09:46 . 2009-08-27 13:57 56320 ----a-w- c:\windows\system32\iesetup.dll 2009-10-16 09:46 . 2009-08-27 11:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-14 05:01 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 04:59 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 04:59 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 04:57 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll 2009-10-14 04:57 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-10-14 04:57 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll 2009-10-14 04:57 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 04:57 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 04:57 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-11-07 01:12 . 2009-03-22 13:10 4096 d-----w- c:\users\******\AppData\Roaming\Free Download Manager 2009-11-07 01:09 . 2008-12-02 07:30 -------- d-----w- c:\users\******\AppData\Roaming\gtk-2.0 2009-11-07 00:49 . 2008-07-24 14:02 49152 d-----w- c:\users\******\AppData\Roaming\uTorrent 2009-11-07 00:46 . 2008-03-02 07:55 12 ----a-w- c:\windows\bthservsdp.dat 2009-11-06 12:14 . 2008-05-18 05:07 5972 ----a-w- c:\users\******\AppData\Local\d3d9caps.dat 2009-10-31 14:33 . 2008-10-16 14:05 -------- d-----w- c:\users\******\AppData\Roaming\DAEMON Tools 2009-10-31 14:15 . 2008-10-16 14:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-16 23:14 . 2008-05-04 13:41 4096 d-----w- c:\program files\Ahead 2009-10-16 19:09 . 2008-03-02 08:16 12288 d-----w- c:\programdata\Microsoft Help 2009-10-16 19:04 . 2008-03-02 08:31 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-15 19:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-10-12 10:51 . 2008-03-02 07:54 12288 d--h--w- c:\program files\InstallShield Installation Information 2009-09-30 07:36 . 2008-12-12 12:40 4096 d-----w- c:\users\Wai Mey\AppData\Roaming\Free Download Manager 2009-09-24 04:27 . 2008-04-03 00:13 5972 ----a-w- c:\users\Wai Mey\AppData\Local\d3d9caps.dat 2009-09-10 16:12 . 2008-07-04 06:18 4096 d-----w- c:\program files\Microsoft Silverlight 2009-08-29 03:41 . 2009-09-03 05:50 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-08-29 03:40 . 2009-09-03 05:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 23:31 . 2009-09-03 05:50 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 14:02 . 2009-10-16 09:45 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 13:57 . 2009-10-16 09:45 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-27 13:56 . 2009-10-16 09:45 72704 ----a-w- c:\windows\system32\admparse.dll 2009-08-27 09:51 . 2009-10-16 09:45 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-08-26 13:07 . 2009-08-26 13:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC5D0.tmp.exe 2009-08-21 14:12 . 2009-04-11 11:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-08-18 19:11 . 2009-08-22 02:02 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 17:16 . 2009-09-09 12:31 213592 ----a-w- c:\windows\system32\drivers\netio.sys 2009-08-14 16:42 . 2009-09-09 12:31 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2009-08-14 16:40 . 2009-09-09 12:31 103936 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:40 . 2009-09-09 12:31 15360 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 14:25 . 2009-09-09 12:31 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:25 . 2009-09-09 12:31 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:25 . 2009-09-09 12:31 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:25 . 2009-09-09 12:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:25 . 2009-09-09 12:31 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:25 . 2009-09-09 12:31 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:25 . 2009-09-09 12:31 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 14:24 . 2009-09-09 12:31 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 14:23 . 2009-09-09 12:31 22016 ----a-w- c:\windows\system32\netiougc.exe 2008-09-21 06:37 . 2008-09-21 06:37 0 ----a-w- c:\program files\codecpack.v.1.0.2021.exe 2008-09-21 06:36 . 2008-09-21 06:36 0 ----a-w- c:\program files\codecpack.v.1.0.202.exe 2008-03-02 11:23 . 2008-03-02 11:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-09 1232896] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-10 39408] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-09 270128] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "Free Download Manager"="d:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-23 1006264] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-04-14 502544] "EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056] "EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "LenovoTheme"="c:\program files\Lenovo\LenovoThemeFactory\LenovoThemeVista.e xe" [2007-04-25 424960] "PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-05-25 417792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-01-02 133656] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784] "NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-10-12 413696] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-05 4710400] c:\users\******\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\ MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2009-6-17 576000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-4 113664] Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-3-30 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] SetupExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\rootrepeal.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020 .00B\SymEFA.sys [9/9/2009 8:21 PM 310320] R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\System32\drivers\Wdkbdmou.sys [6/2/2007 3:00 AM 5120] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B \BHDrvx86.sys [9/9/2009 8:21 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.0 0B\cchpx86.sys [9/9/2009 8:20 PM 482432] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSvix86.sys [7/11/2009 8:14 AM 343088] R2 AnyComm.DirectRouter;AnyComm.DirectRouter;c:\windo ws\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] R2 IGRS;IGRS;c:\program files\Lenovo\AnyComm\common\IGRS.exe [13/4/2007 12:29 AM 31744] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/9/2009 8:20 PM 117640] R2 SheSvc;AnyComm Software Update;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys [2/3/2008 4:11 PM 11776] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [9/2/2007 4:03 AM 179712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/8/2009 11:57 AM 102448] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B \symndisv.sys [9/9/2009 8:21 PM 48688] R3 wdmirror;wdmirror;c:\windows\System32\drivers\WDMi rror.sys [3/2/2007 3:14 AM 5120] S3 IncSvc;AnyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2 kfNT.sys [18/6/2009 7:02 PM 131072] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2 Nadr.sys [18/6/2009 7:02 PM 79104] S3 PS_MDP;AnyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 SHE.WEB;AnyComm Software Update Mini Web Server;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ IgrsSvcs REG_MULTI_SZ AnyComm.DirectRouter SHE.WEB SheSvc IncSvc PS_MDP <NO NAME> REG_SZ . Contents of the 'Scheduled Tasks' folder 2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.lenovo.com IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm . . ------- File Associations ------- . regedit=regedit.exe "%1" . - - - - ORPHANS REMOVED - - - - BHO-{344410C8-D36E-30BC-9C9E-CB115CFEF2F8} - c:\windows\system32\xwr69330.dll HKCU-Run-fsm - (no file) HKLM-Run-Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790} - c:\windows\test.bat HKLM-Run-VeriFacePassManager - c:\program files\Lenovo\VeriFace\PManage.exe HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe HKLM-Run-<NO NAME> - (no file) AddRemove-AudibleManager - c:\program files\Audible\Bin\Upgrade.exe AddRemove-Business Contact Manager - c:\program files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-Little Fighter 2 - c:\program files\LittleFighter2\LF2_v1.9c\uninst.exe AddRemove-Matroska Pack - c:\program files\Matroska Pack\uninstall.exe AddRemove-Winamp Toolbar for Firefox - c:\users\******\AppData\Roaming\Mozilla\Firefox\Pr ofiles\sgrnyxd8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint2K\Uninstap.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 09:23 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x85B231F8]<< kernel: MBR read successfully user & kernel MBR OK ************************************************** ************************ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\G arenaPEngine] "ImagePath"="\??\c:\users\******\AppData\Local\Tem p\CAQE658.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m siserver] "ImagePath"="%systemroot%\system32\msiexec /V" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-690173381-2085086516-3594547541-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2960) c:\windows\system32\btmmhook.dll . Completion time: 2009-11-07 9:26 ComboFix-quarantined-files.txt 2009-11-07 01:26 Pre-Run: 1,181,655,040 bytes free Post-Run: 2,934,829,056 bytes free - - End Of File - - 239886614304C6C38A3852FC568D9B7C Last edited by Pancake; 2 Weeks Ago at 09:41 AM. Reason: Copied and pasted for better viewing.... |
|
|
|
|
|
#18 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862 PC Experience: Elite PC Guru
|
That looks fine.I see no more malware.
__________________
My real name is Eddy
|
|
|
|
|
|
#19 |
|
Bronze Member
![]() Join Date: Nov 2009
Posts: 14 PC Experience: Some Experience
|
Okay, thanks for analysing all of that anyway. I guess I got paranoid and lost my trust in my Norton Internet Security. Or maybe it got resolved after a while or something. It was originally an internet connection problem, not a malware problem. But my internet is working fine now so well, I guess this is resolved. Thanks for the trouble really.
|
|
|
|
|
|
#20 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862 PC Experience: Elite PC Guru
|
Ok.Good.
__________________
My real name is Eddy
|
|
|
|
![]() |
| Bookmarks |
| Tags |
| broken, links, time |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pending: links | macca | Windows XP/2000 | 1 | 08-14-2009 04:59 AM |
| Links Redirect - Certain page time out | scrabble | [Pending] HJT Logs | 2 | 04-03-2009 07:08 AM |
| Pending: its broken but why? | mr p | Hard Drives | 4 | 11-27-2008 01:36 PM |
| Links | Starlite | Internet Help | 6 | 11-28-2007 07:33 PM |
| Hi Guys - I may need IT help from time to time | landofshadows | Introduce Yourself | 4 | 07-06-2005 12:10 AM |
| Thread Tools | |
| Display Modes | |
|
|































Linear Mode

