donjohan

My WoW account has been hacked twice now so I really need your help looking through these logs.
Thanks in advance :)



DDS (Ver_09-07-30.01) - NTFSx86
Run by L4DYKILL3R at 18:17:00.59 on Wed 09/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1310 [GMT 2:00]

AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\WINDOWS\system32\spoolsv.exe
svchost.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
I:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\MSI\Live Update 3\LMonitor.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\Java\jre6\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Java\jre6\bin\java.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Documents and Settings\L4DYKILL3R\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - i:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - i:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - i:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AnalogClock] c:\program files\windows7\analog clock\AnalogClock.exe
uRun: [TopDesk] c:\program files\windows7\topdesk\topdesk.exe
uRun: [TransBar] c:\program files\windows7\transbar\TransBar.exe /s
uRun: [UberIcon] "c:\program files\windows7\ubericon\UberIcon Manager.exe"
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [swg] i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "i:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "i:\program files\steam\Steam.exe" -silent
uRun: [MSMSGS] "i:\program files\messenger\msmsgs.exe" /background
uRun: [CurseClient] i:\program files\curse\CurseClient.exe -silent
uRun: [EA Core] "i:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "i:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RGSC] i:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [KRun] c:\program files\windows7\runme\RunMe.exe
mRun: [Viena Explorer] "c:\program files\windows7\vienna explorer\Vienna Explorer.exe"
mRun: [Visual Task Tips] "c:\program files\windows7\visualtasktips\VisualTaskTips.exe"
mRun: [Pie Dock] "c:\program files\windows7\windows 7 pie dock\Windows 7 Pie Dock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "i:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [LiveMonitor] i:\program files\msi\live update 3\LMonitor.exe
mRun: [TkBellExe] "i:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "i:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] i:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE i:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE i:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Malware (reboot)] "i:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - i:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\corece~1.lnk - i:\program files\msi\core center\CoreCenter.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - i:\program files\msi\digicell\DigiCell.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
AppInit_DLLs: i:\windows\temp\441030sys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\l4dyki~1\applic~1\mozilla\firefox\profiles\9lut7l59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: i:\documents and settings\l4dykill3r\application data\mozilla\firefox\profiles\9lut7l59.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: i:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: i:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
i:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
i:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
i:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
i:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
i:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
i:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
i:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
i:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2009-9-15 64160]
R0 SymEFA;Symantec Extended File Attributes;i:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-9-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;i:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-9-13 258608]
R1 ccHP;Symantec Hash Provider;i:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-9-13 482352]
R1 IDSxpx86;IDSxpx86;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090910.003\IDSXpx86.sys [2009-9-14 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 Norton AntiVirus;Norton AntiVirus;i:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-9-13 115560]
R2 wmcmgc;Windows Management Configuration;i:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090913.019\NAVENG.SYS [2009-9-14 84912]
R3 NAVEX15;NAVEX15;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090913.019\NAVEX15.SYS [2009-9-14 1323568]
S2 gupdate1c9c5c1214887b2;Google Update Service (gupdate1c9c5c1214887b2);i:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);i:\windows\system32\drivers\sea1bus.sys [2009-4-7 61536]

=============== Created Last 30 ================


==================== Find3M ====================

2009-09-11 02:37 14,740 a------- i:\program files\TSClient.log
2009-08-25 17:22 722,416 a------- i:\windows\system32\drivers\sptd.sys
2009-08-17 03:04 2,173,472 a------- i:\windows\system32\nvcplui.exe
2009-08-17 03:04 81,920 a------- i:\windows\system32\nvwddi.dll
2009-08-17 03:03 3,170,304 a------- i:\windows\system32\nvwss.dll
2009-08-17 03:03 4,026,368 a------- i:\windows\system32\nvvitvs.dll
2009-08-17 03:03 1,286,144 a------- i:\windows\system32\nvmobls.dll
2009-08-17 03:03 188,416 a------- i:\windows\system32\nvmccss.dll
2009-08-17 03:03 3,547,136 a------- i:\windows\system32\nvgames.dll
2009-08-17 03:03 4,923,392 a------- i:\windows\system32\nvdisps.dll
2009-08-17 03:03 13,877,248 a------- i:\windows\system32\nvcpl.dll
2009-08-17 03:03 168,004 a------- i:\windows\system32\nvsvc32.exe
2009-08-17 03:03 143,360 a------- i:\windows\system32\nvcolor.exe
2009-08-17 03:03 86,016 a------- i:\windows\system32\nvmctray.dll
2009-08-17 03:02 229,376 a------- i:\windows\system32\nvmccs.dll
2009-08-17 00:57 10,457,088 a------- i:\windows\system32\nvoglnt.dll
2009-08-17 00:57 7,729,568 a------- i:\windows\system32\drivers\nv4_mini.sys
2009-08-17 00:57 5,845,760 a------- i:\windows\system32\nv4_disp.dll
2009-08-17 00:57 2,189,856 a------- i:\windows\system32\nvcuvid.dll
2009-08-17 00:57 2,002,944 a------- i:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- i:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,597,690 a------- i:\windows\system32\nvdata.bin
2009-08-17 00:57 868,352 a------- i:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- i:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- i:\windows\system32\nvcodins.dll
2009-08-17 00:57 155,648 a------- i:\windows\system32\nvcod.dll
2009-08-11 12:35 485,920 a------- i:\windows\system32\NVUNINST.EXE
2009-08-07 19:51 15,308,424 a------- i:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- i:\windows\system32\xlivefnt.dll
2009-08-05 11:01 204,800 a------- i:\windows\system32\mswebdvd.dll
2009-08-04 08:41 138,464 a------- i:\windows\system32\drivers\PnkBstrK.sys
2009-08-04 08:41 111,928 a------- i:\windows\system32\PnkBstrB.exe
2009-08-04 08:07 139,152 a------- i:\docume~1\l4dyki~1\applic~1\PnkBstrK.sys
2009-08-04 08:06 794,408 a------- i:\windows\system32\pbsvc.exe
2009-07-25 05:23 411,368 a------- i:\windows\system32\deploytk.dll
2009-07-19 00:51 107,888 a------- i:\windows\system32\CmdLineExt.dll
2009-07-19 00:03 25,280 a------- i:\windows\system32\drivers\hamachi.sys
2009-07-17 21:01 58,880 a------- i:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- i:\windows\system32\wmpdxm.dll
2009-06-29 18:12 827,392 a------- i:\windows\system32\wininet.dll
2009-06-29 18:12 78,336 a------- i:\windows\system32\ieencode.dll
2009-06-29 18:12 17,408 a------- i:\windows\system32\corpol.dll
2009-06-25 10:25 730,112 a------- i:\windows\system32\lsasrv.dll
2009-06-25 10:25 301,568 a------- i:\windows\system32\kerberos.dll
2009-06-25 10:25 147,456 a------- i:\windows\system32\schannel.dll
2009-06-25 10:25 136,192 a------- i:\windows\system32\msv1_0.dll
2009-06-25 10:25 56,832 a------- i:\windows\system32\secur32.dll
2009-06-25 10:25 54,272 a------- i:\windows\system32\wdigest.dll
2009-04-01 22:36 67,262 a------- i:\program files\Uninstal.exe
2008-08-24 19:12 13,622 a------- i:\documents and settings\l4dykill3r\STARTUP.reg
2005-08-01 18:53 5,632 a--sh--- i:\program files\Thumbs.db
2005-07-23 18:33 266,240 a------- i:\program files\VentriloMIX.exe
2005-07-23 17:55 24,542 a------- i:\program files\icon.ico
2005-07-14 12:47 933,888 a------- i:\program files\Ventrilo 2.3.0.exe
2005-05-02 12:36 602 a------- i:\program files\Ventrilo.exe.manifest
2004-03-16 17:17 630,784 a------- i:\program files\Ventrilo 2.2.0.exe
2003-12-22 17:36 581,632 a------- i:\program files\Ventrilo 2.1.4.exe
2003-08-29 17:13 1,436,160 a------- i:\program files\TeamSpeakRC2 2.0.32.60.exe
2003-02-03 19:47 20,378 a------- i:\program files\SwitchBindings.wav
2003-01-31 16:05 23,446 a------- i:\program files\ChannelLeave.wav
2003-01-31 16:04 19,444 a------- i:\program files\ChannelJoin.wav
2002-07-22 20:28 25,678 a------- i:\program files\Binds.wav
2002-07-04 22:08 62,626 a------- i:\program files\disconnect.wav
2002-07-04 22:08 83,896 a------- i:\program files\connect.wav
2002-07-04 22:05 55,794 a------- i:\program files\UserComment.wav
2002-06-05 00:04 1,174 a------- i:\program files\MicKeyUp.wav
2002-06-05 00:04 1,174 a------- i:\program files\MicKeyDown.wav
2002-06-04 23:25 26,254 a------- i:\program files\MuteSound.wav
2002-06-04 23:23 21,742 a------- i:\program files\MuteMic.wav
2002-06-04 23:13 5,554 a------- i:\program files\Channel.wav
1999-09-02 00:44 57,202 a------- i:\program files\missing.wav
1999-08-29 13:31 106,646 a------- i:\program files\UserConnect.wav
1999-08-29 13:12 66,266 a------- i:\program files\UserDisconnect.wav
2009-04-01 13:35 16,384 a--sh--- i:\windows\system32\config\systemprofile\cookies\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 18:17:26.50 ===============

Attached Files

Attach.zip (6.0 KB, 4 views)

donjohan

bump! 3 days now

donjohan

bump again! Please help me :)

Ried

Hello donjohan,

Please run a new scan with dds.scr, post the fresh dds.txt and we'll get started.

donjohan

You don't need the new attach-file then?

Here's the dds anyways:


DDS (Ver_09-07-30.01) - NTFSx86
Run by L4DYKILL3R at 13:44:48.76 on Tue 09/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1092 [GMT 2:00]

AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\WINDOWS\system32\spoolsv.exe
svchost.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
I:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\MSI\Live Update 3\LMonitor.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\Java\jre6\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Curse\CurseClient.exe
I:\Program Files\DAEMON Tools Lite\daemon.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Java\jre6\bin\java.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
I:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
I:\Documents and Settings\L4DYKILL3R\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - i:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - i:\program files\norton antivirus\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - i:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AnalogClock] c:\program files\windows7\analog clock\AnalogClock.exe
uRun: [TopDesk] c:\program files\windows7\topdesk\topdesk.exe
uRun: [TransBar] c:\program files\windows7\transbar\TransBar.exe /s
uRun: [UberIcon] "c:\program files\windows7\ubericon\UberIcon Manager.exe"
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [swg] i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "i:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "i:\program files\steam\Steam.exe" -silent
uRun: [MSMSGS] "i:\program files\messenger\msmsgs.exe" /background
uRun: [CurseClient] i:\program files\curse\CurseClient.exe -silent
uRun: [EA Core] "i:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "i:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RGSC] i:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [KRun] c:\program files\windows7\runme\RunMe.exe
mRun: [Viena Explorer] "c:\program files\windows7\vienna explorer\Vienna Explorer.exe"
mRun: [Visual Task Tips] "c:\program files\windows7\visualtasktips\VisualTaskTips.exe"
mRun: [Pie Dock] "c:\program files\windows7\windows 7 pie dock\Windows 7 Pie Dock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "i:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [LiveMonitor] i:\program files\msi\live update 3\LMonitor.exe
mRun: [TkBellExe] "i:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "i:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] i:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE i:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE i:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Malware (reboot)] "i:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - i:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\corece~1.lnk - i:\program files\msi\core center\CoreCenter.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - i:\program files\msi\digicell\DigiCell.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
AppInit_DLLs: i:\windows\temp\241831sys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\l4dyki~1\applic~1\mozilla\firefox\profiles\9lut7l59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - component: i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: i:\documents and settings\l4dykill3r\application data\mozilla\firefox\profiles\9lut7l59.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: i:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: i:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
i:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
i:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
i:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
i:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
i:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
i:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
i:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
i:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
i:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
i:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
i:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
i:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [2009-9-15 64160]
R0 SymEFA;Symantec Extended File Attributes;i:\windows\system32\drivers\nav\1007020.00b\SymEFA.sys [2009-9-19 310320]
R1 BHDrvx86;Symantec Heuristics Driver;i:\windows\system32\drivers\nav\1007020.00b\BHDrvx86.sys [2009-9-19 259632]
R1 ccHP;Symantec Hash Provider;i:\windows\system32\drivers\nav\1007020.00b\cchpx86.sys [2009-9-19 482432]
R1 IDSxpx86;IDSxpx86;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-19 329080]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 Norton AntiVirus;Norton AntiVirus;i:\program files\norton antivirus\engine\16.7.2.11\ccSvcHst.exe [2009-9-19 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-14 102448]
R3 NAVENG;NAVENG;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090918.038\NAVENG.SYS [2009-9-19 84912]
R3 NAVEX15;NAVEX15;i:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090918.038\NAVEX15.SYS [2009-9-19 1323568]
S2 gupdate1c9c5c1214887b2;Google Update Service (gupdate1c9c5c1214887b2);i:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);i:\windows\system32\drivers\sea1bus.sys [2009-4-7 61536]

=============== Created Last 30 ================

2009-09-19 15:23 36,400 a----r-- i:\windows\system32\drivers\SymIM.sys
2009-09-16 17:55 <DIR> --d----- i:\program files\Trend Micro
2009-09-15 21:24 <DIR> --d----- i:\docume~1\l4dyki~1\applic~1\Malwarebytes
2009-09-15 21:24 38,224 a------- i:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 21:24 19,160 a------- i:\windows\system32\drivers\mbam.sys
2009-09-15 21:24 <DIR> --d----- i:\program files\Malwarebytes' Anti-Malware
2009-09-15 21:24 <DIR> --d----- i:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-15 13:55 <DIR> --d----- i:\program files\Spybot - Search & Destroy
2009-09-15 13:55 <DIR> --d----- i:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-15 13:52 15,688 a------- i:\windows\system32\lsdelete.exe
2009-09-15 12:38 64,160 a------- i:\windows\system32\drivers\Lbd.sys
2009-09-15 12:35 <DIR> -cd-h--- i:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 12:35 <DIR> --d----- i:\program files\Lavasoft
2009-09-15 00:32 8 a------- i:\windows\system32\nvModes.dat
2009-09-15 00:26 <DIR> --d----- i:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-09-15 00:21 <DIR> --d----- i:\program files\Microsoft Games for Windows - LIVE
2009-09-15 00:18 <DIR> --d----- i:\program files\SystemRequirementsLab
2009-09-14 23:33 <DIR> --d----- i:\program files\Rockstar Games
2009-09-13 22:24 124,976 a------- i:\windows\system32\drivers\SYMEVENT.SYS
2009-09-13 22:24 60,808 a------- i:\windows\system32\S32EVNT1.DLL
2009-09-13 22:24 7,456 a------- i:\windows\system32\drivers\SYMEVENT.CAT
2009-09-13 22:24 806 a------- i:\windows\system32\drivers\SYMEVENT.INF
2009-09-13 22:24 <DIR> --d----- i:\program files\Symantec
2009-09-13 22:24 <DIR> --d----- i:\program files\common files\Symantec Shared
2009-09-13 22:23 <DIR> --d----- i:\windows\system32\drivers\NAV
2009-09-13 22:23 <DIR> --d----- i:\program files\Norton AntiVirus
2009-09-13 22:23 <DIR> --d----- i:\docume~1\alluse~1\applic~1\Symantec
2009-09-13 22:23 <DIR> --d----- i:\docume~1\alluse~1\applic~1\Norton
2009-09-13 22:16 <DIR> --d----- i:\program files\NortonInstaller
2009-09-13 22:16 <DIR> --d----- i:\docume~1\alluse~1\applic~1\NortonInstaller
2009-08-25 17:38 <DIR> --d----- i:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-08-25 17:38 <DIR> --d----- i:\program files\DAEMON Tools Toolbar
2009-08-25 17:38 <DIR> --d----- i:\program files\DAEMON Tools Lite
2009-08-25 17:37 <DIR> --d----- i:\docume~1\l4dyki~1\applic~1\DAEMON Tools Lite
2009-08-23 14:34 <DIR> --d----- i:\docume~1\alluse~1\applic~1\Blizzard Entertainment

==================== Find3M ====================

2009-09-11 02:37 14,740 a------- i:\program files\TSClient.log
2009-08-25 17:22 722,416 a------- i:\windows\system32\drivers\sptd.sys
2009-08-17 03:04 2,173,472 a------- i:\windows\system32\nvcplui.exe
2009-08-17 03:04 81,920 a------- i:\windows\system32\nvwddi.dll
2009-08-17 03:03 3,170,304 a------- i:\windows\system32\nvwss.dll
2009-08-17 03:03 4,026,368 a------- i:\windows\system32\nvvitvs.dll
2009-08-17 03:03 1,286,144 a------- i:\windows\system32\nvmobls.dll
2009-08-17 03:03 188,416 a------- i:\windows\system32\nvmccss.dll
2009-08-17 03:03 3,547,136 a------- i:\windows\system32\nvgames.dll
2009-08-17 03:03 4,923,392 a------- i:\windows\system32\nvdisps.dll
2009-08-17 03:03 13,877,248 a------- i:\windows\system32\nvcpl.dll
2009-08-17 03:03 168,004 a------- i:\windows\system32\nvsvc32.exe
2009-08-17 03:03 143,360 a------- i:\windows\system32\nvcolor.exe
2009-08-17 03:03 86,016 a------- i:\windows\system32\nvmctray.dll
2009-08-17 03:02 229,376 a------- i:\windows\system32\nvmccs.dll
2009-08-17 00:57 10,457,088 a------- i:\windows\system32\nvoglnt.dll
2009-08-17 00:57 7,729,568 a------- i:\windows\system32\drivers\nv4_mini.sys
2009-08-17 00:57 5,845,760 a------- i:\windows\system32\nv4_disp.dll
2009-08-17 00:57 2,189,856 a------- i:\windows\system32\nvcuvid.dll
2009-08-17 00:57 2,002,944 a------- i:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- i:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,597,690 a------- i:\windows\system32\nvdata.bin
2009-08-17 00:57 868,352 a------- i:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- i:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- i:\windows\system32\nvcodins.dll
2009-08-17 00:57 155,648 a------- i:\windows\system32\nvcod.dll
2009-08-11 12:35 485,920 a------- i:\windows\system32\NVUNINST.EXE
2009-08-07 19:51 15,308,424 a------- i:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- i:\windows\system32\xlivefnt.dll
2009-08-05 11:01 204,800 a------- i:\windows\system32\mswebdvd.dll
2009-08-04 08:41 138,464 a------- i:\windows\system32\drivers\PnkBstrK.sys
2009-08-04 08:41 111,928 a------- i:\windows\system32\PnkBstrB.exe
2009-08-04 08:07 139,152 a------- i:\docume~1\l4dyki~1\applic~1\PnkBstrK.sys
2009-08-04 08:06 794,408 a------- i:\windows\system32\pbsvc.exe
2009-07-25 05:23 411,368 a------- i:\windows\system32\deploytk.dll
2009-07-19 00:51 107,888 a------- i:\windows\system32\CmdLineExt.dll
2009-07-17 21:01 58,880 a------- i:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- i:\windows\system32\wmpdxm.dll
2009-06-29 18:12 827,392 a------- i:\windows\system32\wininet.dll
2009-06-29 18:12 78,336 a------- i:\windows\system32\ieencode.dll
2009-06-29 18:12 17,408 a------- i:\windows\system32\corpol.dll
2009-06-25 10:25 730,112 a------- i:\windows\system32\lsasrv.dll
2009-06-25 10:25 301,568 a------- i:\windows\system32\kerberos.dll
2009-06-25 10:25 147,456 a------- i:\windows\system32\schannel.dll
2009-06-25 10:25 136,192 a------- i:\windows\system32\msv1_0.dll
2009-06-25 10:25 56,832 a------- i:\windows\system32\secur32.dll
2009-06-25 10:25 54,272 a------- i:\windows\system32\wdigest.dll
2009-04-01 22:36 67,262 a------- i:\program files\Uninstal.exe
2008-08-24 19:12 13,622 a------- i:\documents and settings\l4dykill3r\STARTUP.reg
2005-08-01 18:53 5,632 a--sh--- i:\program files\Thumbs.db
2005-07-23 18:33 266,240 a------- i:\program files\VentriloMIX.exe
2005-07-23 17:55 24,542 a------- i:\program files\icon.ico
2005-07-14 12:47 933,888 a------- i:\program files\Ventrilo 2.3.0.exe
2005-05-02 12:36 602 a------- i:\program files\Ventrilo.exe.manifest
2004-03-16 17:17 630,784 a------- i:\program files\Ventrilo 2.2.0.exe
2003-12-22 17:36 581,632 a------- i:\program files\Ventrilo 2.1.4.exe
2003-08-29 17:13 1,436,160 a------- i:\program files\TeamSpeakRC2 2.0.32.60.exe
2003-02-03 19:47 20,378 a------- i:\program files\SwitchBindings.wav
2003-01-31 16:05 23,446 a------- i:\program files\ChannelLeave.wav
2003-01-31 16:04 19,444 a------- i:\program files\ChannelJoin.wav
2002-07-22 20:28 25,678 a------- i:\program files\Binds.wav
2002-07-04 22:08 62,626 a------- i:\program files\disconnect.wav
2002-07-04 22:08 83,896 a------- i:\program files\connect.wav
2002-07-04 22:05 55,794 a------- i:\program files\UserComment.wav
2002-06-05 00:04 1,174 a------- i:\program files\MicKeyUp.wav
2002-06-05 00:04 1,174 a------- i:\program files\MicKeyDown.wav
2002-06-04 23:25 26,254 a------- i:\program files\MuteSound.wav
2002-06-04 23:23 21,742 a------- i:\program files\MuteMic.wav
2002-06-04 23:13 5,554 a------- i:\program files\Channel.wav
1999-09-02 00:44 57,202 a------- i:\program files\missing.wav
1999-08-29 13:31 106,646 a------- i:\program files\UserConnect.wav
1999-08-29 13:12 66,266 a------- i:\program files\UserDisconnect.wav
2009-04-01 13:35 16,384 a--sh--- i:\windows\system32\config\systemprofile\cookies\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat
2009-04-01 13:35 32,768 a--sh--- i:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:45:23.82 ===============

Ried

No, I did not need another attach.txt.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as it will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

donjohan

Here's the combofix log:

ComboFix 09-09-21.03 - L4DYKILL3R 09/22/2009 16:19.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1076 [GMT 2:00]
Running from: i:\documents and settings\L4DYKILL3R\Desktop\ComboFix.exe
AV: Norton AntiVirus Gaming Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\windows\Alcmtr.exe
i:\windows\system32\wl.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-19 13:23 . 2009-08-22 06:32 36400 ----a-r- i:\windows\system32\drivers\SymIM.sys
2009-09-16 15:55 . 2009-09-16 15:55 -------- d-----w- i:\program files\Trend Micro
2009-09-15 19:24 . 2009-09-15 19:24 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\Malwarebytes
2009-09-15 19:24 . 2009-09-10 12:54 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 19:24 . 2009-09-15 19:24 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2009-09-15 19:24 . 2009-09-15 19:24 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-15 19:24 . 2009-09-10 12:53 19160 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-09-15 11:55 . 2009-09-15 19:20 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-15 11:55 . 2009-09-15 11:57 -------- d-----w- i:\program files\Spybot - Search & Destroy
2009-09-15 11:52 . 2009-07-03 14:49 15688 ----a-w- i:\windows\system32\lsdelete.exe
2009-09-15 10:38 . 2009-09-15 10:38 -------- dc----w- i:\windows\system32\DRVSTORE
2009-09-15 10:38 . 2009-07-03 14:49 64160 ----a-w- i:\windows\system32\drivers\Lbd.sys
2009-09-15 10:35 . 2009-09-15 10:35 -------- dc-h--w- i:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 10:35 . 2009-09-15 10:38 -------- d-----w- i:\documents and settings\All Users\Application Data\Lavasoft
2009-09-15 10:35 . 2009-09-15 10:35 -------- d-----w- i:\program files\Lavasoft
2009-09-14 22:33 . 2009-09-14 22:47 -------- d-----w- i:\documents and settings\L4DYKILL3R\Local Settings\Application Data\Rockstar Games
2009-09-14 22:32 . 2009-09-14 22:32 8 ----a-w- i:\windows\system32\nvModes.dat
2009-09-14 22:26 . 2009-09-14 22:26 -------- d-----w- i:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-14 22:21 . 2009-09-14 22:50 -------- d-----w- i:\program files\Microsoft Games for Windows - LIVE
2009-09-14 22:18 . 2009-09-16 17:33 -------- d-----w- i:\program files\SystemRequirementsLab
2009-09-14 22:18 . 2009-09-16 17:33 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\SystemRequirementsLab
2009-09-14 21:33 . 2009-09-14 21:43 -------- d-----w- i:\program files\Rockstar Games
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- i:\documents and settings\L4DYKILL3R\Local Settings\Application Data\Symantec
2009-09-13 20:24 . 2009-09-19 11:44 -------- d-----w- i:\program files\Symantec
2009-09-13 20:24 . 2009-09-19 11:44 60808 ----a-w- i:\windows\system32\S32EVNT1.DLL
2009-09-13 20:24 . 2009-09-19 11:44 124976 ----a-w- i:\windows\system32\drivers\SYMEVENT.SYS
2009-09-13 20:24 . 2009-09-13 20:47 -------- d-----w- i:\program files\Common Files\Symantec Shared
2009-09-13 20:23 . 2009-09-19 13:28 -------- d-----w- i:\windows\system32\drivers\NAV
2009-09-13 20:23 . 2009-09-14 03:57 -------- d-----w- i:\documents and settings\All Users\Application Data\Symantec
2009-09-13 20:23 . 2009-09-13 20:23 -------- d-----w- i:\program files\Norton AntiVirus
2009-09-13 20:23 . 2009-09-13 20:23 -------- d-----w- i:\program files\Windows Sidebar
2009-09-13 20:23 . 2009-09-13 20:23 -------- d-----w- i:\documents and settings\All Users\Application Data\Norton
2009-09-13 20:16 . 2009-09-13 20:22 -------- d-----w- i:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-13 20:16 . 2009-09-13 20:16 -------- d-----w- i:\program files\NortonInstaller
2009-09-12 17:03 . 2009-09-12 17:03 -------- d-----w- i:\documents and settings\L4DYKILL3R\Local Settings\Application Data\Blizzard Entertainment
2009-09-10 20:27 . 2009-09-10 20:27 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\teamspeak2
2009-08-25 16:09 . 2009-08-25 16:09 -------- d-----w- i:\documents and settings\L4DYKILL3R\Local Settings\Application Data\id Software
2009-08-25 15:38 . 2009-08-25 15:38 -------- d-----w- i:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-25 15:38 . 2009-08-25 15:38 -------- d-----w- i:\program files\DAEMON Tools Toolbar
2009-08-25 15:38 . 2009-08-29 11:19 -------- d-----w- i:\program files\DAEMON Tools Lite
2009-08-25 15:37 . 2009-08-25 15:44 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\DAEMON Tools Lite
2009-08-25 15:31 . 2009-09-21 15:25 237072 ----a-w- i:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 15:28 . 2009-04-03 15:38 -------- d-----w- i:\program files\Steam
2009-09-21 10:22 . 2009-08-09 20:19 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\vlc
2009-09-19 11:44 . 2009-09-13 20:24 806 ----a-w- i:\windows\system32\drivers\SYMEVENT.INF
2009-09-19 11:44 . 2009-09-13 20:24 7456 ----a-w- i:\windows\system32\drivers\SYMEVENT.CAT
2009-09-17 21:44 . 2009-04-26 22:28 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\dvdcss
2009-09-14 22:26 . 2009-04-01 18:25 -------- d-----w- i:\program files\NVIDIA Corporation
2009-09-14 21:43 . 2009-04-01 18:19 -------- d--h--w- i:\program files\InstallShield Installation Information
2009-09-12 16:59 . 2009-04-02 23:14 -------- d-----w- i:\program files\BitComet
2009-09-12 14:45 . 2009-07-26 10:49 -------- d-----w- i:\program files\Super Mario World
2009-09-11 01:11 . 2009-05-06 22:22 -------- d-----w- i:\documents and settings\L4DYKILL3R\Application Data\LimeWire
2009-09-11 00:37 . 2005-07-28 18:18 14740 ----a-w- i:\program files\TSClient.log
2009-08-25 15:46 . 2009-06-03 12:02 -------- d-----w- i:\program files\Activision
2009-08-25 15:22 . 2009-05-29 14:40 722416 ----a-w- i:\windows\system32\drivers\sptd.sys
2009-08-24 22:28 . 2009-04-01 12:08 29728 ----a-w- i:\documents and settings\L4DYKILL3R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 12:34 . 2009-08-23 12:34 -------- d-----w- i:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-17 01:04 . 2009-08-17 01:04 2173472 ----a-w- i:\windows\system32\nvcplui.exe
2009-08-17 01:04 . 2009-08-17 01:04 81920 ----a-w- i:\windows\system32\nvwddi.dll
2009-08-17 01:03 . 2009-08-17 01:03 3170304 ----a-w- i:\windows\system32\nvwss.dll
2009-08-17 01:03 . 2009-08-17 01:03 4026368 ----a-w- i:\windows\system32\nvvitvs.dll
2009-08-17 01:03 . 2009-08-17 01:03 188416 ----a-w- i:\windows\system32\nvmccss.dll
2009-08-17 01:03 . 2009-08-17 01:03 1286144 ----a-w- i:\windows\system32\nvmobls.dll
2009-08-17 01:03 . 2009-08-17 01:03 3547136 ----a-w- i:\windows\system32\nvgames.dll
2009-08-17 01:03 . 2009-08-17 01:03 4923392 ----a-w- i:\windows\system32\nvdisps.dll
2009-08-17 01:03 . 2009-08-17 01:03 86016 ----a-w- i:\windows\system32\nvmctray.dll
2009-08-17 01:03 . 2009-08-17 01:03 168004 ----a-w- i:\windows\system32\nvsvc32.exe
2009-08-17 01:03 . 2009-08-17 01:03 143360 ----a-w- i:\windows\system32\nvcolor.exe
2009-08-17 01:03 . 2009-08-17 01:03 13877248 ----a-w- i:\windows\system32\nvcpl.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- i:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- i:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- i:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- i:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- i:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-04-01 18:38 485920 ----a-w- i:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2006-11-24 11:44 10457088 ----a-w- i:\windows\system32\nvoglnt.dll
2009-08-16 22:57 . 2006-11-24 11:44 868352 ----a-w- i:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2006-11-24 11:44 7729568 ----a-w- i:\windows\system32\drivers\nv4_mini.sys
2009-08-16 22:57 . 2006-11-24 11:44 5845760 ----a-w- i:\windows\system32\nv4_disp.dll
2009-08-16 22:57 . 2006-11-24 11:44 155648 ----a-w- i:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2006-11-24 11:44 155648 ----a-w- i:\windows\system32\nvcod.dll
2009-08-13 21:11 . 2009-05-06 22:22 -------- d-----w- i:\program files\Java
2009-08-11 20:38 . 2009-04-15 20:32 -------- d-----w- i:\documents and settings\All Users\Application Data\FLEXnet
2009-08-11 10:35 . 2009-04-01 12:12 485920 ----a-w- i:\windows\system32\NVUNINST.EXE
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- i:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- i:\windows\system32\xlivefnt.dll
2009-08-05 09:01 . 2008-04-13 22:42 204800 ----a-w- i:\windows\system32\mswebdvd.dll
2009-08-04 12:06 . 2009-08-04 12:06 -------- d-----w- i:\documents and settings\All Users\Application Data\Fallout3
2009-08-04 12:06 . 2009-08-04 12:06 -------- d-----w- i:\program files\Bethesda Softworks
2009-08-04 06:41 . 2009-06-14 23:10 138464 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys
2009-08-04 06:41 . 2009-06-14 23:09 111928 ----a-w- i:\windows\system32\PnkBstrB.exe
2009-08-04 06:07 . 2009-06-14 23:10 139152 ----a-w- i:\documents and settings\L4DYKILL3R\Application Data\PnkBstrK.sys
2009-08-04 06:06 . 2009-06-14 23:09 794408 ----a-w- i:\windows\system32\pbsvc.exe
2009-08-04 05:50 . 2009-08-04 05:50 -------- d-----w- i:\program files\EA Games
2009-07-25 03:23 . 2009-05-06 22:22 411368 ----a-w- i:\windows\system32\deploytk.dll
2009-07-18 22:51 . 2009-07-18 22:51 107888 ----a-w- i:\windows\system32\CmdLineExt.dll
2009-07-18 22:03 . 2009-07-18 22:03 25280 ----a-w- i:\windows\system32\drivers\hamachi.sys
2009-07-17 19:01 . 2008-04-13 22:41 58880 ----a-w- i:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-28 08:55 286208 ----a-w- i:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2008-04-28 09:25 827392 ----a-w- i:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-04-26 03:44 78336 ----a-w- i:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-04-26 03:44 17408 ----a-w- i:\windows\system32\corpol.dll
2009-06-25 08:25 . 2008-04-13 22:42 54272 ----a-w- i:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-13 22:42 56832 ----a-w- i:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-13 22:42 147456 ----a-w- i:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-13 22:42 136192 ----a-w- i:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2008-04-13 22:41 730112 ----a-w- i:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-13 22:41 301568 ----a-w- i:\windows\system32\kerberos.dll
2009-04-01 20:36 . 2009-04-01 20:36 67262 ----a-w- i:\program files\Uninstal.exe
2005-08-01 16:53 . 2005-08-01 16:53 5632 --sha-w- i:\program files\Thumbs.db
2005-07-23 16:33 . 2005-07-22 19:03 266240 ----a-w- i:\program files\VentriloMIX.exe
2005-07-23 15:55 . 2005-07-23 15:55 24542 ----a-w- i:\program files\icon.ico
2005-07-14 10:47 . 2005-07-22 19:03 933888 ----a-w- i:\program files\Ventrilo 2.3.0.exe
2005-05-02 10:36 . 2005-07-22 19:03 602 ----a-w- i:\program files\Ventrilo.exe.manifest
2004-03-16 15:17 . 2005-07-22 19:03 630784 ----a-w- i:\program files\Ventrilo 2.2.0.exe
2003-12-22 15:36 . 2005-07-22 19:03 581632 ----a-w- i:\program files\Ventrilo 2.1.4.exe
2003-08-29 15:13 . 2005-07-22 19:03 1436160 ----a-w- i:\program files\TeamSpeakRC2 2.0.32.60.exe
2003-02-03 17:47 . 2005-07-22 19:03 20378 ----a-w- i:\program files\SwitchBindings.wav
2003-01-31 14:05 . 2005-07-22 19:03 23446 ----a-w- i:\program files\ChannelLeave.wav
2003-01-31 14:04 . 2005-07-22 19:03 19444 ----a-w- i:\program files\ChannelJoin.wav
2002-07-22 18:28 . 2005-07-22 19:03 25678 ----a-w- i:\program files\Binds.wav
2002-07-04 20:08 . 2005-07-22 19:03 62626 ----a-w- i:\program files\disconnect.wav
2002-07-04 20:08 . 2005-07-22 19:03 83896 ----a-w- i:\program files\connect.wav
2002-07-04 20:05 . 2005-07-22 19:03 55794 ----a-w- i:\program files\UserComment.wav
2002-06-04 22:04 . 2005-07-22 19:03 1174 ----a-w- i:\program files\MicKeyUp.wav
2002-06-04 22:04 . 2005-07-22 19:03 1174 ----a-w- i:\program files\MicKeyDown.wav
2002-06-04 21:25 . 2005-07-22 19:03 26254 ----a-w- i:\program files\MuteSound.wav
2002-06-04 21:23 . 2005-07-22 19:03 21742 ----a-w- i:\program files\MuteMic.wav
2002-06-04 21:13 . 2005-07-22 19:03 5554 ----a-w- i:\program files\Channel.wav
1999-09-01 22:44 . 2005-07-22 19:03 57202 ----a-w- i:\program files\missing.wav
1999-08-29 11:31 . 2005-07-22 19:03 106646 ----a-w- i:\program files\UserConnect.wav
1999-08-29 11:12 . 2005-07-22 19:03 66266 ----a-w- i:\program files\UserDisconnect.wav
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- i:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- i:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- i:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- i:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-28 . AF8ED52D2A32C7729C7F91C72B8CCB10 . 724992 . . [5.82] . . i:\windows\system32\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . i:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . i:\windows\system32\user32.dll

[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . i:\windows\system32\winlogon.exe

[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . i:\windows\explorer.exe

[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . i:\windows\system32\sfcfiles.dll

[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . i:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-01 39408]
"msnmsgr"="i:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Steam"="i:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"MSMSGS"="i:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"CurseClient"="i:\program files\Curse\CurseClient.exe" [2009-08-02 1935360]
"EA Core"="i:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"DAEMON Tools Lite"="i:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RGSC"="i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-09-14 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="i:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-07-07 81920]
"LiveMonitor"="i:\program files\MSI\Live Update 3\LMonitor.exe" [2006-07-31 484864]
"TkBellExe"="i:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-13 198160]
"AdobeCS4ServiceManager"="i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="i:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="i:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"Malwarebytes Anti-Malware (reboot)"="i:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - i:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - i:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - i:\windows\system32\advpack.dll [2009-06-29 124928]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - i:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
CoreCenter.lnk - i:\program files\MSI\Core Center\CoreCenter.exe [2009-4-1 931840]
DigiCell.lnk - i:\program files\MSI\DigiCell\DigiCell.exe [2006-6-27 1375744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"i:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"i:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"i:\\Program Files\\Steam\\steamapps\\donjohan\\day of defeat\\hl.exe"=
"i:\\Program Files\\LimeWire\\LimeWire.exe"=
"i:\\Program Files\\Opera\\opera.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"i:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"i:\\World of Warcraft Public Test\\Launcher.exe"=
"i:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Downloads\\spel\\quake\\Quake III Arena\\quake3.exe"=
"i:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"i:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"i:\\WINDOWS\\system32\\PnkBstrA.exe"=
"i:\\WINDOWS\\system32\\PnkBstrB.exe"=
"i:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"i:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"i:\\Program Files\\Steam\\steamapps\\donjohan\\half-life\\hl.exe"=
"i:\\Program Files\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"=
"i:\\WINDOWS\\system32\\dplaysvr.exe"=
"i:\\Program Files\\Activision\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"i:\\Program Files\\Hamachi\\hamachi.exe"=
"i:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"c:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"i:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"i:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"i:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"i:\\Program Files\\Steam\\steamapps\\donjohan\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18479:TCP"= 18479:TCP:BitComet 18479 TCP
"18479:UDP"= 18479:UDP:BitComet 18479 UDP
"25082:TCP"= 25082:TCP:BitComet 25082 TCP
"25082:UDP"= 25082:UDP:BitComet 25082 UDP
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;i:\windows\system32\drivers\Lbd.sys [9/15/2009 12:38 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;i:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [9/19/2009 1:44 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;i:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [9/19/2009 1:44 PM 259632]
R1 ccHP;Symantec Hash Provider;i:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [9/19/2009 1:44 PM 482432]
R1 IDSxpx86;IDSxpx86;i:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/19/2009 1:45 PM 329080]
R2 Norton AntiVirus;Norton AntiVirus;i:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/19/2009 1:44 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;i:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/14/2009 7:00 AM 102448]
S2 gupdate1c9c5c1214887b2;Google Update Service (gupdate1c9c5c1214887b2);i:\program files\Google\Update\GoogleUpdate.exe [4/25/2009 6:16 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;i:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1028432]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);i:\windows\system32\drivers\sea1bus.sys [4/7/2009 6:20 PM 61536]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DIGICELLDRIVER
*Deregistered* - DigiCellDriver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 i:\windows\Tasks\Ad-Aware Update (Weekly).job
- i:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 10:38]

2009-09-21 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 16:15]

2009-09-22 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 16:15]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - i:\documents and settings\L4DYKILL3R\Application Data\Mozilla\Firefox\Profiles\9lut7l59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p=
FF - component: i:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: i:\documents and settings\L4DYKILL3R\Application Data\Mozilla\Firefox\Profiles\9lut7l59.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: i:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: i:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKCU-Run-AnalogClock - c:\program files\Windows7\Analog Clock\AnalogClock.exe
HKCU-Run-TopDesk - c:\program files\Windows7\TopDesk\topdesk.exe
HKCU-Run-TransBar - c:\program files\Windows7\TransBar\TransBar.exe
HKCU-Run-UberIcon - c:\program files\Windows7\UberIcon\UberIcon Manager.exe
HKLM-Run-KRun - c:\program files\Windows7\RunMe\RunMe.exe
HKLM-Run-Viena Explorer - c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
HKLM-Run-Visual Task Tips - c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe
HKLM-Run-Pie Dock - c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
AddRemove-DAEMON Tools Toolbar - i:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-RocketDock_is1 - c:\program files\RocketDock\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"i:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"i:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-583907252-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:a5,f5,4f,2c,9c,68,58,55,58,92,5c,60,61,7f,a2,eb,13,1f,a8,a6,90,
f4,68,84,12,63,11,c3,27,74,e7,bc,56,82,e5,b1,2b,c6,04,19,9b,93,d6,2d,a6,86,\
"rkeysecu"=hex:e5,74,91,cd,8e,5c,72,a1,f5,c2,af,dd,9f,e8,11,80
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
i:\windows\system32\SETUPAPI.dll
i:\windows\system32\sfc_os.dll
i:\windows\system32\COMRes.dll
i:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1200)
i:\windows\system32\setupapi.dll
.
Completion time: 2009-09-22 16:23
ComboFix-quarantined-files.txt 2009-09-22 14:23

Pre-Run: 213,250,056,192 bytes free
Post-Run: 213,687,463,936 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

340 --- E O F --- 2009-09-19 17:56

Ried

Why is your System File Checker disabled?

donjohan

Hrm... What exactly is my System File Checker? I presume from what you're saying that I should enable it?

Ried

Yes, it should be enabled, but I am concerned what will happen if you do. If you know anything about this, you're going to have to tell me. Sometimes people get copies of Microsoft files from other computers that are not of the same OS type or SP, and place in their own system. In order for Windows to quit complaining about them, people shut off System File Checker.

Here's why I'm concerned about what will happen if you do that:

The above are system critical files that are all failing to pass Microsoft Signature Verification. That output also tells me that you have no other good copies onboard. Where are they? What happened here?

donjohan

I really can't say much about this tbh. I do have windows XP installed that looks like windows 7, but other than that I don't know. Is there anything I can do to fix this?

Ried

What is the name of the software that is giving you the windows 7 look

donjohan

I have no idea :S I didn't actually install windows myself. I had some trouble with my computer recently and did a full reset only saving a few items on one of my harddrives. There is actually a WINDOWS map on the harddrive with my old files as well as on the new harddrive where the new windows is installed. Could that be a problem somehow?

Ried

How did you reinstall Windows on the new drive? Do you have the Windows install disc?

donjohan

I didn't install it myself as I mentioned, my dad did. But I probably have the CD around here somewhere. Do I need to reinstall windows again?

Ried

I think it would be a good idea to do a Repair install--not a full blown format and reinstall. As I mentioned earlier, you have critical Windows system files that are failing signature verification - they need to be replaced. The install disc must be Microsoft Windows XP Professional SP3. Let me know when you find the disc. If you don't have a disc with that SP on it, we can slipstream.

Ried

Sorry, one more thing.

While you're looking for the disc, get an online scan going since we do need to do that to search for remnants.

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply