Recently my Antivirus has started telling each & every .exe file as trojan

welcomback · 11-06-2009, 08:39 PM

DDS (Ver_09-10-26.01) - FAT32x86
Run by abd at 8:41:17.63 on Sat 11/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.654 [GMT -8:00]

AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.club194.com/playdrama.aspx?pageId=1215
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
TCP: {A7740BDF-0EB0-43D4-8C35-FFA10D1241B2} = 203.99.163.240,202.125.132.12
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]

=============== Created Last 30 ================

2009-11-07 07:45:41 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-07 07:45:20 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-07 07:45:20 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-07 06:06:25 114 ----a-w- c:\windows\system32\prsgrc.tgz
2009-11-07 06:06:25 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-11-07 06:06:25 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-11-07 06:06:25 100 ----a-w- c:\windows\system32\prsgrc.dll
2009-11-07 06:05:06 0 d-----w- c:\docume~1\alluse~1\applic~1\SPSS
2009-11-06 16:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2009-11-06 16:37:54 0 d-----w- c:\program files\common files\SPSS
2009-11-06 16:37:39 0 d-----w- c:\program files\SPSSInc
2009-11-06 16:37:32 219 ----a-w- c:\windows\system32\lsprst7.tgz
2009-11-06 16:37:32 205 ----a-w- c:\windows\system32\lsprst7.dll
2009-11-06 16:37:32 16 ---h--w- c:\windows\system32\servdat.slm
2009-11-06 16:37:32 1025 ----a-w- c:\windows\system32\sysprs7.tgz
2009-11-06 16:37:32 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-11-05 07:45:33 0 d-----w- c:\program files\common files\xing shared
2009-11-05 07:45:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-05 07:45:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-05 07:45:23 0 d-----w- c:\program files\common files\Real
2009-11-04 09:06:53 0 d-----w- c:\program files\AVG
2009-11-04 08:40:48 0 d-----w- c:\program files\common files\PCSuite
2009-11-04 08:40:45 0 d-----w- c:\program files\common files\Nokia
2009-11-04 08:40:18 0 d-----w- c:\program files\PC Connectivity Solution
2009-11-03 05:09:00 0 d--h--w- c:\windows\PIF
2009-11-02 08:45:59 0 d-----w- c:\windows\system32\appmgmt
2009-10-30 07:45:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2009-10-30 07:45:27 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2009-10-30 07:45:27 0 d-----w- c:\program files\DAP
2009-10-30 07:45:25 0 d-----w- c:\program files\SpeedBit Video Downloader
2009-10-30 07:00:05 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-30 06:59:56 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-30 06:59:55 0 d-----w- c:\program files\Nokia
2009-10-30 04:47:37 0 d--h--w- c:\windows\system32\GroupPolicy
2009-10-30 04:46:37 0 d-----w- c:\program files\Synaptics
2009-10-29 04:56:38 69 ----a-w- c:\windows\NeroDigital.ini
2009-10-29 04:39:06 55725 ------w- c:\windows\UNMRW.cfg
2009-10-29 04:39:05 3229146 ------w- c:\windows\UNMRW.exe
2009-10-29 04:37:33 59143 ------w- c:\windows\NuNinst.cfg
2009-10-29 04:37:32 3229150 ------w- c:\windows\NuNinst.exe
2009-10-29 04:37:25 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2009-10-29 04:37:25 29440 ------w- c:\windows\system32\drivers\InCDpass.sys
2009-10-29 04:37:25 102016 ------w- c:\windows\system32\drivers\InCDfs.sys
2009-10-29 04:37:24 32640 ------w- c:\windows\system32\drivers\InCDrm.sys
2009-10-29 04:37:21 0 d-----w- c:\windows\InCD
2009-10-29 04:30:33 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-29 04:30:32 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-29 04:30:12 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-29 04:30:11 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-29 04:30:11 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-29 04:30:11 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-29 04:30:06 333266 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-28 11:01:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2009-10-28 10:59:14 0 d--h--w- c:\windows\$hf_mig$
2009-10-28 10:45:40 0 d-----w- c:\windows\ServicePackFiles
2009-10-28 10:45:28 294912 ------w- c:\windows\system32\dllcache\dlimport.exe
2009-10-28 10:43:18 19569 ----a-w- c:\windows\002901_.tmp
2009-10-28 10:43:03 204252 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-28 10:39:01 0 d-sh--w- C:\Recycled
2009-10-28 10:08:17 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-28 10:07:39 1904 ------w- c:\windows\system32\SetupBD.din
2009-10-28 10:06:23 0 d-----w- c:\program files\ATI Technologies
2009-10-28 10:05:20 0 d-----w- c:\program files\Analog Devices
2009-10-28 10:04:06 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-10-28 10:04:06 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 10:04:06 372736 ----a-w- c:\windows\system32\athcfg11.dll
2009-10-28 10:04:06 233472 ----a-w- c:\windows\system32\wgapi.dll
2009-10-28 10:04:06 233472 ----a-w- c:\windows\system32\wcapi.dll
2009-10-28 10:04:06 214494 ----a-w- c:\windows\system32\acs.exe
2009-10-28 10:04:06 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-10-28 10:03:53 8448 ----a-r- c:\windows\system32\net5211.cat
2009-10-28 10:03:53 471616 ----a-w- c:\windows\system32\ar5211.sys
2009-10-28 10:03:53 28394 ----a-w- c:\windows\system32\net5211.inf
2009-10-28 10:03:53 0 d-----w- c:\program files\Lenovo
2009-10-28 10:03:46 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 10:03:34 493018 ----a-w- c:\windows\system32\AegisI5.exe
2009-10-28 10:03:34 1396835 ----a-r- c:\windows\system32\AegisE5.dll
2009-10-28 10:03:33 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2009-10-28 09:52:42 0 d-----w- c:\program files\CONEXANT
2009-10-28 09:15:52 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-28 09:15:33 0 d--h--w- c:\program files\WindowsUpdate
2009-10-28 09:14:43 0 d-----w- c:\program files\common files\MSSoap
2009-10-28 09:13:18 0 d-----w- c:\program files\Online Services
2009-10-28 09:13:12 0 d-----w- c:\program files\Messenger
2009-10-28 09:13:09 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-28 09:12:32 0 d-----w- c:\program files\Windows NT
2009-10-28 09:07:55 0 d-----w- c:\program files\common files\ODBC
2009-10-28 09:07:52 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-28 09:07:29 0 d-----r- c:\documents and settings\all users\Documents
2009-10-27 21:27:05 0 d-----w- c:\program files\Yahoo!
2009-10-27 21:25:03 0 d-----w- c:\program files\The KMPlayer

==================== Find3M ====================

2009-11-04 09:40:54 542166 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 09:40:54 206298 ----a-w- c:\windows\system32\verclsid.exe
2009-11-04 09:40:54 202712 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 09:40:54 185302 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-11-04 09:40:52 226780 ----a-w- c:\windows\system32\DSndUp.exe
2009-11-04 09:40:52 222684 ----a-w- c:\windows\system32\CleanUp.exe
2009-11-04 09:40:46 198628 ----a-w- c:\windows\system32\faxpatch.exe
2009-11-04 09:40:46 198618 ----a-w- c:\windows\system32\spupdwxp.exe
2009-11-04 09:40:46 187358 ----a-w- c:\windows\system32\comsdupd.exe
2009-11-04 09:40:44 229342 ----a-w- c:\windows\system32\migpwd.exe
2009-11-04 09:40:44 198104 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-28 09:13:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 8:41:23.37 ===============

CatByte · 11-07-2009, 05:12 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

welcomback · 11-07-2009, 08:27 PM

ComboFix 09-11-07.02 - abd 11/08/2009 8:36.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -8:00]
Running from: g:\desktop\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 07:46 . 2009-11-07 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-07 07:45 . 2009-11-07 07:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-07 07:45 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-07 07:45 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-07 06:11 . 2009-11-07 06:12 -------- d-----w- c:\documents and settings\abd\Application Data\Download Manager
2009-11-07 06:05 . 2009-11-07 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2009-11-07 05:56 . 2009-11-07 05:56 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Adobe
2009-11-07 05:54 . 2009-11-07 05:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\Common Files\SPSS
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\SPSSInc
2009-11-06 16:37 . 2009-11-06 16:37 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-11-05 07:45 . 2009-11-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-05 07:45 . 2009-11-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Real
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Common Files\Real
2009-11-04 09:06 . 2009-11-04 09:06 -------- d-----w- c:\program files\AVG
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-04 08:39 . 2009-10-30 08:11 33953240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-04 08:39 . 2009-11-04 08:39 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-04 08:39 . 2009-11-04 08:39 272858 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 239060 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 187862 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-03 05:09 . 2009-11-03 05:09 -------- d--h--w- c:\windows\PIF
2009-10-30 08:08 . 2009-10-30 08:08 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-30 07:46 . 2009-10-30 07:46 99840 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\DAP
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\Nokia
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\PC Suite
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\DIFX
2009-10-30 07:00 . 2008-08-26 18:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\windows\system32\DRVSTORE
2009-10-30 06:59 . 2009-02-09 16:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\program files\Nokia
2009-10-30 06:59 . 2009-02-17 02:52 33842658 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2009-10-30 06:59 . 2009-10-30 06:59 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-30 06:59 . 2009-10-30 06:59 239068 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-30 06:59 . 2009-10-30 06:59 187870 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-30 04:47 . 2009-10-30 04:47 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-30 04:46 . 2009-10-30 04:46 -------- d-----w- c:\program files\Synaptics
2009-10-29 05:02 . 2009-10-29 05:02 -------- d-----w- c:\documents and settings\abd\Application Data\Apple Computer
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Ahead
2009-10-29 04:49 . 2009-10-29 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-29 04:39 . 2008-08-01 11:44 3229146 ------w- c:\windows\UNMRW.exe
2009-10-29 04:37 . 2008-08-01 11:43 3229150 ------w- c:\windows\NuNinst.exe
2009-10-29 04:37 . 2006-01-17 18:09 102016 ------w- c:\windows\system32\drivers\InCDfs.sys
2009-10-29 04:37 . 2006-01-17 18:09 29440 ------w- c:\windows\system32\drivers\InCDpass.sys
2009-10-29 04:37 . 2006-01-17 01:41 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2009-10-29 04:37 . 2008-08-01 11:44 32640 ------w- c:\windows\system32\drivers\InCDrm.sys
2009-10-29 04:37 . 2009-10-29 04:37 -------- d-----w- c:\windows\InCD
2009-10-29 04:33 . 2009-10-29 04:33 -------- d-----w- c:\program files\Common Files\Nero
2009-10-29 04:30 . 2004-07-09 16:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-29 04:30 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-29 04:30 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-29 04:30 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-29 04:30 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-29 04:30 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-29 04:30 . 2009-11-04 09:40 333266 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Ahead
2009-10-28 10:59 . 2009-10-28 10:59 -------- d--h--w- c:\windows\$hf_mig$
2009-10-28 10:51 . 2009-10-28 10:51 13104 ----a-w- c:\documents and settings\abd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 10:45 . 2009-10-28 10:45 -------- d-----w- c:\windows\ServicePackFiles
2009-10-28 10:45 . 2007-12-01 08:26 294912 ------w- c:\windows\system32\dllcache\dlimport.exe
2009-10-28 10:43 . 2009-11-04 09:40 204252 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-28 10:06 . 2009-10-28 10:06 -------- d-----w- c:\program files\ATI Technologies
2009-10-28 10:04 . 2009-11-04 09:40 214494 ----a-w- c:\windows\system32\acs.exe
2009-10-28 10:04 . 2005-11-09 00:04 233472 ----a-w- c:\windows\system32\wgapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 233472 ----a-w- c:\windows\system32\wcapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 372736 ----a-w- c:\windows\system32\athcfg11.dll
2009-10-28 10:04 . 2005-11-09 00:01 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-10-28 10:04 . 2004-05-19 06:32 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 10:04 . 2004-05-19 06:32 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Lenovo
2009-10-28 10:03 . 2006-04-18 13:35 471616 ----a-w- c:\windows\system32\ar5211.sys
2009-10-28 10:03 . 2009-10-28 10:03 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 10:03 . 2009-11-04 09:40 493018 ----a-w- c:\windows\system32\AegisI5.exe
2009-10-28 10:03 . 2005-11-08 23:54 1396835 ----a-r- c:\windows\system32\AegisE5.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 10:03 . 2003-12-03 14:20 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 05:14 . 2009-11-06 16:38 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-11-04 09:40 . 2009-10-28 10:46 206298 ----a-w- c:\windows\system32\verclsid.exe
2009-11-04 09:40 . 2009-10-28 09:46 542166 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 09:40 . 2009-10-28 09:46 202712 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 09:40 . 2007-12-01 08:26 185302 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-11-04 09:40 . 2009-10-28 10:05 226780 ----a-w- c:\windows\system32\DSndUp.exe
2009-11-04 09:40 . 2009-10-28 10:05 222684 ----a-w- c:\windows\system32\CleanUp.exe
2009-11-04 09:40 . 2009-10-28 10:46 187358 ----a-w- c:\windows\system32\comsdupd.exe
2009-11-04 09:40 . 2007-12-01 08:26 198618 ----a-w- c:\windows\system32\spupdwxp.exe
2009-11-04 09:40 . 2007-12-01 08:26 198628 ----a-w- c:\windows\system32\faxpatch.exe
2009-11-04 09:40 . 2004-08-04 08:56 198104 ----a-w- c:\windows\system32\cliconfg.exe
2009-11-04 09:40 . 2001-08-23 22:00 229342 ----a-w- c:\windows\system32\migpwd.exe
2009-10-28 10:48 . 2009-10-28 09:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 10:05 . 2009-10-28 10:05 -------- d-----w- c:\program files\Analog Devices
2009-10-28 09:53 . 2009-10-28 09:53 -------- d-----w- c:\program files\Intel
2009-10-28 09:52 . 2009-10-28 09:52 -------- d-----w- c:\program files\CONEXANT
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\microsoft frontpage
2009-10-28 09:13 . 2009-10-28 09:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\program files\Yahoo!
2009-10-27 21:25 . 2009-10-27 21:25 -------- d-----w- c:\program files\The KMPlayer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\QuickTime
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-10-30 07:45 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-30 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 521692]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 213470]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1113046]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 214996]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 820698]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=3 (0x3)
"ServiceLayer"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=

S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - UDFS
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.club194.com/playdrama.aspx?pageId=1215
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {A7740BDF-0EB0-43D4-8C35-FFA10D1241B2} = 203.99.163.240,202.125.132.12
.
- - - - ORPHANS REMOVED - - - -

AddRemove-FileASSASSIN - c:\program files\FileASSASSIN\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 08:40
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-08 8:40
ComboFix-quarantined-files.txt 2009-11-08 16:40

Pre-Run: 8,894,267,392 bytes free
Post-Run: 9,231,876,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 52C1E9155B2155071DC78427BD7BA8A6

CatByte · 11-07-2009, 09:37 PM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

welcomback · 11-08-2009, 02:42 AM

An error message appeared while running combifix with CFScript.txt:

PEV.cfxxe HAS ENCOUNTERED A PROBLEM AND NEEDS TO CLOSE. wE ARE SORRY FOR INCONVENIENCE.

welcomback · 11-08-2009, 02:58 AM

While trying to run Combofix with CFScript.txt the enclosed message window appeared. I continued to run Combofix and results are as below:

ComboFix 09-11-07.02 - abd 11/08/2009 15:02.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.633 [GMT -8:00]
Running from: g:\desktop\ComboFix.exe
Command switches used :: g:\desktop\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 16:50 . 2009-11-08 16:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 16:50 . 2009-11-08 16:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-08 16:50 . 2009-11-08 16:50 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-08 16:49 . 2009-11-08 16:49 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-08 16:49 . 2009-11-08 16:49 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-08 16:49 . 2009-11-08 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 07:46 . 2009-11-07 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-07 07:45 . 2009-11-07 07:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-07 07:45 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-07 07:45 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-07 06:11 . 2009-11-07 06:12 -------- d-----w- c:\documents and settings\abd\Application Data\Download Manager
2009-11-07 06:05 . 2009-11-07 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2009-11-07 05:56 . 2009-11-07 05:56 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Adobe
2009-11-07 05:54 . 2009-11-07 05:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\Common Files\SPSS
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\SPSSInc
2009-11-06 16:37 . 2009-11-06 16:37 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-11-05 07:45 . 2009-11-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-05 07:45 . 2009-11-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Real
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Common Files\Real
2009-11-04 09:06 . 2009-11-04 09:06 -------- d-----w- c:\program files\AVG
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-04 08:39 . 2009-10-30 08:11 33953240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-04 08:39 . 2009-11-04 08:39 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-04 08:39 . 2009-11-04 08:39 272858 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 239060 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 187862 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-03 05:09 . 2009-11-03 05:09 -------- d--h--w- c:\windows\PIF
2009-10-30 08:08 . 2009-10-30 08:08 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-30 07:46 . 2009-10-30 07:46 99840 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\DAP
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\Nokia
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\PC Suite
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\DIFX
2009-10-30 07:00 . 2008-08-26 18:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\windows\system32\DRVSTORE
2009-10-30 06:59 . 2009-02-09 16:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\program files\Nokia
2009-10-30 06:59 . 2009-02-17 02:52 33842658 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2009-10-30 06:59 . 2009-10-30 06:59 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-30 06:59 . 2009-10-30 06:59 239068 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-30 06:59 . 2009-10-30 06:59 187870 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-30 04:47 . 2009-10-30 04:47 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-30 04:46 . 2009-10-30 04:46 -------- d-----w- c:\program files\Synaptics
2009-10-29 05:02 . 2009-10-29 05:02 -------- d-----w- c:\documents and settings\abd\Application Data\Apple Computer
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Ahead
2009-10-29 04:49 . 2009-10-29 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-29 04:39 . 2008-08-01 11:44 3229146 ------w- c:\windows\UNMRW.exe
2009-10-29 04:37 . 2008-08-01 11:43 3229150 ------w- c:\windows\NuNinst.exe
2009-10-29 04:37 . 2006-01-17 18:09 102016 ------w- c:\windows\system32\drivers\InCDfs.sys
2009-10-29 04:37 . 2006-01-17 18:09 29440 ------w- c:\windows\system32\drivers\InCDpass.sys
2009-10-29 04:37 . 2006-01-17 01:41 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2009-10-29 04:37 . 2008-08-01 11:44 32640 ------w- c:\windows\system32\drivers\InCDrm.sys
2009-10-29 04:37 . 2009-10-29 04:37 -------- d-----w- c:\windows\InCD
2009-10-29 04:33 . 2009-10-29 04:33 -------- d-----w- c:\program files\Common Files\Nero
2009-10-29 04:30 . 2004-07-09 16:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-29 04:30 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-29 04:30 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-29 04:30 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-29 04:30 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-29 04:30 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-29 04:30 . 2009-11-04 09:40 333266 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Ahead
2009-10-28 10:59 . 2009-10-28 10:59 -------- d--h--w- c:\windows\$hf_mig$
2009-10-28 10:51 . 2009-10-28 10:51 13104 ----a-w- c:\documents and settings\abd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 10:45 . 2009-10-28 10:45 -------- d-----w- c:\windows\ServicePackFiles
2009-10-28 10:45 . 2007-12-01 08:26 294912 ------w- c:\windows\system32\dllcache\dlimport.exe
2009-10-28 10:43 . 2009-11-04 09:40 204252 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-28 10:06 . 2009-10-28 10:06 -------- d-----w- c:\program files\ATI Technologies
2009-10-28 10:04 . 2009-11-04 09:40 214494 ----a-w- c:\windows\system32\acs.exe
2009-10-28 10:04 . 2005-11-09 00:04 233472 ----a-w- c:\windows\system32\wgapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 233472 ----a-w- c:\windows\system32\wcapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 372736 ----a-w- c:\windows\system32\athcfg11.dll
2009-10-28 10:04 . 2005-11-09 00:01 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-10-28 10:04 . 2004-05-19 06:32 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 10:04 . 2004-05-19 06:32 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Lenovo
2009-10-28 10:03 . 2006-04-18 13:35 471616 ----a-w- c:\windows\system32\ar5211.sys
2009-10-28 10:03 . 2009-10-28 10:03 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 10:03 . 2009-11-04 09:40 493018 ----a-w- c:\windows\system32\AegisI5.exe
2009-10-28 10:03 . 2005-11-08 23:54 1396835 ----a-r- c:\windows\system32\AegisE5.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 10:03 . 2003-12-03 14:20 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 05:14 . 2009-11-06 16:38 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-11-04 09:40 . 2009-10-28 10:46 206298 ----a-w- c:\windows\system32\verclsid.exe
2009-11-04 09:40 . 2009-10-28 09:46 542166 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 09:40 . 2009-10-28 09:46 202712 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 09:40 . 2007-12-01 08:26 185302 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-11-04 09:40 . 2009-10-28 10:05 226780 ----a-w- c:\windows\system32\DSndUp.exe
2009-11-04 09:40 . 2009-10-28 10:05 222684 ----a-w- c:\windows\system32\CleanUp.exe
2009-11-04 09:40 . 2009-10-28 10:46 187358 ----a-w- c:\windows\system32\comsdupd.exe
2009-11-04 09:40 . 2007-12-01 08:26 198618 ----a-w- c:\windows\system32\spupdwxp.exe
2009-11-04 09:40 . 2007-12-01 08:26 198628 ----a-w- c:\windows\system32\faxpatch.exe
2009-11-04 09:40 . 2004-08-04 08:56 198104 ----a-w- c:\windows\system32\cliconfg.exe
2009-11-04 09:40 . 2001-08-23 22:00 229342 ----a-w- c:\windows\system32\migpwd.exe
2009-10-28 10:48 . 2009-10-28 09:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 10:05 . 2009-10-28 10:05 -------- d-----w- c:\program files\Analog Devices
2009-10-28 09:53 . 2009-10-28 09:53 -------- d-----w- c:\program files\Intel
2009-10-28 09:52 . 2009-10-28 09:52 -------- d-----w- c:\program files\CONEXANT
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\microsoft frontpage
2009-10-28 09:13 . 2009-10-28 09:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\program files\Yahoo!
2009-10-27 21:25 . 2009-10-27 21:25 -------- d-----w- c:\program files\The KMPlayer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\QuickTime
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-10-30 07:45 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-30 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 521692]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 213470]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1113046]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 214996]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 820698]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-08 2010904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-08 16:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=3 (0x3)
"ServiceLayer"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/8/2009 8:50 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/8/2009 8:50 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/8/2009 8:50 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/8/2009 8:50 AM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/8/2009 8:50 AM 2321720]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/8/2009 8:49 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/8/2009 8:49 AM 30104]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.club194.com/playdrama.aspx?pageId=1215
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {A7740BDF-0EB0-43D4-8C35-FFA10D1241B2} = 203.99.163.240,202.125.132.12
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 15:05
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\IEFRAME.dll
.
Completion time: 2009-11-08 15:06
ComboFix-quarantined-files.txt 2009-11-08 23:06

Pre-Run: 8,975,056,896 bytes free
Post-Run: 8,946,352,128 bytes free

- - End Of File - - 2AED00522BFA3084311734582F6C2B5A

CatByte · 11-08-2009, 05:45 AM

Hi,

That didn't process the script properly, probably because of the error,

Please delete the copy of ComboFix that you have from your desktop and download a fresh copy.

Then please process this script once more:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

KillAll::

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Were you able to run the Malwarebytes and Kaspersky scans?

welcomback · 11-09-2009, 12:48 AM

These folders are creates with recent combofix scan
cmdcons (7.73MB)
qoobox(1.55MB)

Enclosed Error Message appeared during scan.
Log generated is below:

ComboFix 09-11-08.03 - abd 11/09/2009 12:50.6.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.638 [GMT -8:00]
Running from: g:\desktop\ComboFix.exe
Command switches used :: g:\desktop\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\tmp\mec27.tmp

c:\windows\system32\spoolsv.exe . . . is infected!!

Infected copy of c:\windows\system32\gpresult.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{698788E1-522F-4A1B-AD9A-617C11823FD4}\RP38\A0011038.exe

Infected copy of c:\windows\system32\alg.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{698788E1-522F-4A1B-AD9A-617C11823FD4}\RP37\A0010189.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 23:25 . 2009-11-08 23:25 -------- d-----w- c:\windows\Sun
2009-11-08 23:24 . 2009-11-08 23:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-08 23:24 . 2009-11-08 23:24 152576 ----a-w- c:\documents and settings\abd\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-08 23:23 . 2009-11-08 23:23 -------- d-----w- c:\program files\Sun
2009-11-08 23:22 . 2009-11-08 23:22 -------- d-----w- c:\program files\Java
2009-11-08 23:22 . 2009-11-08 23:22 -------- d-----w- c:\program files\Common Files\Java
2009-11-08 16:50 . 2009-11-08 16:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 16:50 . 2009-11-08 16:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-08 16:50 . 2009-11-08 16:50 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 16:50 . 2009-11-08 16:50 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-08 16:49 . 2009-11-08 16:49 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-08 16:49 . 2009-11-08 16:49 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-08 16:49 . 2009-11-08 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 07:46 . 2009-11-07 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-07 07:45 . 2009-11-07 07:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-07 07:45 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-07 07:45 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-11-07 06:11 . 2009-11-07 06:12 -------- d-----w- c:\documents and settings\abd\Application Data\Download Manager
2009-11-07 05:56 . 2009-11-07 05:56 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Adobe
2009-11-07 05:54 . 2009-11-07 05:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\Common Files\SPSS
2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\SPSSInc
2009-11-06 16:37 . 2009-11-06 16:37 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-11-05 07:45 . 2009-11-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-05 07:45 . 2009-11-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Real
2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Common Files\Real
2009-11-04 09:06 . 2009-11-04 09:06 -------- d-----w- c:\program files\AVG
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-04 08:39 . 2009-10-30 08:11 33953240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-11-04 08:39 . 2009-11-04 08:39 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-04 08:39 . 2009-11-04 08:39 272858 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 239060 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-04 08:39 . 2009-11-04 08:39 187862 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-03 05:09 . 2009-11-03 05:09 -------- d--h--w- c:\windows\PIF
2009-10-30 08:08 . 2009-10-30 08:08 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-10-30 07:46 . 2009-10-30 07:46 99840 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\DAP
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\Nokia
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\PC Suite
2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\DIFX
2009-10-30 07:00 . 2008-08-26 18:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\windows\system32\DRVSTORE
2009-10-30 06:59 . 2009-02-09 16:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\program files\Nokia
2009-10-30 06:59 . 2009-02-17 02:52 33842658 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2009-10-30 06:59 . 2009-10-30 06:59 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-30 06:59 . 2009-10-30 06:59 239068 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-30 06:59 . 2009-10-30 06:59 187870 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-30 04:47 . 2009-10-30 04:47 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-30 04:46 . 2009-10-30 04:46 -------- d-----w- c:\program files\Synaptics
2009-10-29 05:02 . 2009-10-29 05:02 -------- d-----w- c:\documents and settings\abd\Application Data\Apple Computer
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Ahead
2009-10-29 04:49 . 2009-10-29 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-29 04:39 . 2009-11-09 05:44 3229136 ----a-w- c:\windows\UNMRW.exe
2009-10-29 04:37 . 2009-11-09 05:43 3229146 ----a-w- c:\windows\NuNinst.exe
2009-10-29 04:37 . 2006-01-17 18:09 102016 ------w- c:\windows\system32\drivers\InCDfs.sys
2009-10-29 04:37 . 2006-01-17 18:09 29440 ------w- c:\windows\system32\drivers\InCDpass.sys
2009-10-29 04:37 . 2006-01-17 01:41 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2009-10-29 04:37 . 2008-08-01 11:44 32640 ------w- c:\windows\system32\drivers\InCDrm.sys
2009-10-29 04:37 . 2009-10-29 04:37 -------- d-----w- c:\windows\InCD
2009-10-29 04:33 . 2009-10-29 04:33 -------- d-----w- c:\program files\Common Files\Nero
2009-10-29 04:30 . 2004-07-09 16:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-29 04:30 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-10-29 04:30 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-10-29 04:30 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-10-29 04:30 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-10-29 04:30 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-10-29 04:30 . 2009-11-09 05:53 333278 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Ahead
2009-10-28 10:59 . 2009-10-28 10:59 -------- d--h--w- c:\windows\$hf_mig$
2009-10-28 10:51 . 2009-10-28 10:51 13104 ----a-w- c:\documents and settings\abd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 10:45 . 2009-10-28 10:45 -------- d-----w- c:\windows\ServicePackFiles
2009-10-28 10:45 . 2007-12-01 08:26 294912 ------w- c:\windows\system32\dllcache\dlimport.exe
2009-10-28 10:43 . 2009-11-04 09:40 204252 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-28 10:06 . 2009-10-28 10:06 -------- d-----w- c:\program files\ATI Technologies
2009-10-28 10:04 . 2009-11-04 09:40 214494 ----a-w- c:\windows\system32\acs.exe
2009-10-28 10:04 . 2005-11-09 00:04 233472 ----a-w- c:\windows\system32\wgapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 233472 ----a-w- c:\windows\system32\wcapi.dll
2009-10-28 10:04 . 2005-11-09 00:03 372736 ----a-w- c:\windows\system32\athcfg11.dll
2009-10-28 10:04 . 2005-11-09 00:01 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-10-28 10:04 . 2004-05-19 06:32 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-10-28 10:04 . 2004-05-19 06:32 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Lenovo
2009-10-28 10:03 . 2006-04-18 13:35 471616 ----a-w- c:\windows\system32\ar5211.sys
2009-10-28 10:03 . 2009-10-28 10:03 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-28 10:03 . 2009-11-04 09:40 493018 ----a-w- c:\windows\system32\AegisI5.exe
2009-10-28 10:03 . 2005-11-08 23:54 1396835 ----a-r- c:\windows\system32\AegisE5.dll
2009-10-28 10:03 . 2009-10-28 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 10:03 . 2003-12-03 14:20 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL
2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 02:21 . 2009-10-28 10:46 206292 ----a-w- c:\windows\system32\verclsid.exe
2009-11-07 05:14 . 2009-11-06 16:38 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-11-04 09:40 . 2009-10-28 09:46 542166 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 09:40 . 2009-10-28 09:46 202712 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 09:40 . 2007-12-01 08:26 185302 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-11-04 09:40 . 2009-10-28 10:05 226780 ----a-w- c:\windows\system32\DSndUp.exe
2009-11-04 09:40 . 2009-10-28 10:05 222684 ----a-w- c:\windows\system32\CleanUp.exe
2009-11-04 09:40 . 2009-10-28 10:46 187358 ----a-w- c:\windows\system32\comsdupd.exe
2009-11-04 09:40 . 2007-12-01 08:26 198618 ----a-w- c:\windows\system32\spupdwxp.exe
2009-11-04 09:40 . 2007-12-01 08:26 198628 ----a-w- c:\windows\system32\faxpatch.exe
2009-11-04 09:40 . 2004-08-04 08:56 198104 ----a-w- c:\windows\system32\cliconfg.exe
2009-11-04 09:40 . 2001-08-23 22:00 229342 ----a-w- c:\windows\system32\migpwd.exe
2009-10-28 10:48 . 2009-10-28 09:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 10:05 . 2009-10-28 10:05 -------- d-----w- c:\program files\Analog Devices
2009-10-28 09:53 . 2009-10-28 09:53 -------- d-----w- c:\program files\Intel
2009-10-28 09:52 . 2009-10-28 09:52 -------- d-----w- c:\program files\CONEXANT
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\microsoft frontpage
2009-10-28 09:13 . 2009-10-28 09:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\program files\Yahoo!
2009-10-27 21:25 . 2009-10-27 21:25 -------- d-----w- c:\program files\The KMPlayer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\QuickTime
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.

------- Sigcheck -------

[-] 2009-11-04 . 2FF83D3849B23B46EA769D2ED826567E . 235478 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2007-12-01 . BAA38EE6F2CED9D6E75442EA04573544 . 235484 . . [5.1.2600.3264] . . c:\windows\system32\spoolsv.exe
[-] 2007-12-01 . 1720EC1974186EDB11A51CEF9A314339 . 235486 . . [5.1.2600.3264] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2007-12-01 . 7D658F3AE6E134575593A652A1F52EEE . 235480 . . [5.1.2600.3264] . . c:\windows\ERDNT\cache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-30 2983378]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-09 1591768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 521692]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 213470]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1113046]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 214996]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-11-09 820694]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 378326]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-08 2188762]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 329174]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-08 16:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=3 (0x3)
"ServiceLayer"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/8/2009 8:50 AM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/8/2009 8:50 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/8/2009 8:50 AM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/8/2009 8:50 AM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/8/2009 8:50 AM 2499552]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/8/2009 8:49 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/8/2009 8:49 AM 30104]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.club194.com/playdrama.aspx?pageId=1215
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {A7740BDF-0EB0-43D4-8C35-FFA10D1241B2} = 203.99.163.240,202.125.132.12
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 12:56
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2388)
d:\tmp\xna1.tmp
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-09 12:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 20:57

Pre-Run: 8,750,989,312 bytes free
Post-Run: 8,712,486,912 bytes free

- - End Of File - - F4885518D1CED1F5F817F3C9647E701D

CatByte · 11-09-2009, 03:20 AM

Hi,

we need to get a fresh copy of ComboFix, that error seems to be an issue.

Pleas delete the copy of combofix that you have on your desktop and download a fresh copy from one of these links:

Link 1
Link 2

before you run it - do this:

Open notepad and copy/paste the text inside the quotebox below into it:

Quote:

KillAll::

File::
d:\tmp\xna1.tmp

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com

Save this as CFScript.txt

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

Allow Combofix to run uninterrupted. Post the log

NOTE: Make sure your security programs are disabled.

**amateur** · 11-19-2009, 07:42 PM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

11-07-2009, 05:12 AM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,178 OS: XP sp3	Re: Recently my Antivirus has started telling each & every .exe file as trojan Hi, Please do the following: Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now** __________________ ASAP & UNITE Member

11-07-2009, 08:27 PM	#3 (permalink)
welcomback Registered User Join Date: Nov 2009 Posts: 9 OS: xp sp3	Re: Recently my Antivirus has started telling each & every .exe file as trojan ComboFix 09-11-07.02 - abd 11/08/2009 8:36.1.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -8:00] Running from: g:\desktop\ComboFix.exe AV: AVG Anti-Virus plus Firewall On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall enabled {8decf618-9569-4340-b34a-d78d28969b66} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll c:\windows\system32\lsprst7.dll c:\windows\system32\prsgrc.dll . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-07 07:46 . 2009-11-07 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-11-07 07:45 . 2009-11-07 07:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-11-07 07:45 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2009-11-07 07:45 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll 2009-11-07 06:11 . 2009-11-07 06:12 -------- d-----w- c:\documents and settings\abd\Application Data\Download Manager 2009-11-07 06:05 . 2009-11-07 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS 2009-11-07 05:56 . 2009-11-07 05:56 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Adobe 2009-11-07 05:54 . 2009-11-07 05:54 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\Common Files\SPSS 2009-11-06 16:37 . 2009-11-06 16:37 -------- d-----w- c:\program files\SPSSInc 2009-11-06 16:37 . 2009-11-06 16:37 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-11-05 07:45 . 2009-11-08 16:24 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-05 07:45 . 2009-11-08 16:24 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Real 2009-11-05 07:45 . 2009-11-05 07:45 -------- d-----w- c:\program files\Common Files\Real 2009-11-04 09:06 . 2009-11-04 09:06 -------- d-----w- c:\program files\AVG 2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\PCSuite 2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\Common Files\Nokia 2009-11-04 08:40 . 2009-11-04 08:40 -------- d-----w- c:\program files\PC Connectivity Solution 2009-11-04 08:39 . 2009-10-30 08:11 33953240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe 2009-11-04 08:39 . 2009-11-04 08:39 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-11-04 08:39 . 2009-11-04 08:39 272858 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-11-04 08:39 . 2009-11-04 08:39 239060 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-11-04 08:39 . 2009-11-04 08:39 187862 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-11-03 05:09 . 2009-11-03 05:09 -------- d--h--w- c:\windows\PIF 2009-10-30 08:08 . 2009-10-30 08:08 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll 2009-10-30 07:46 . 2009-10-30 07:46 99840 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll 2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\DAP 2009-10-30 07:45 . 2009-10-30 07:45 -------- d-----w- c:\program files\SpeedBit Video Downloader 2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\Nokia 2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\abd\Application Data\PC Suite 2009-10-30 07:01 . 2009-10-30 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\DIFX 2009-10-30 07:00 . 2008-08-26 18:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\windows\system32\DRVSTORE 2009-10-30 06:59 . 2009-02-09 16:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\program files\Nokia 2009-10-30 06:59 . 2009-02-17 02:52 33842658 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe 2009-10-30 06:59 . 2009-10-30 06:59 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe 2009-10-30 06:59 . 2009-10-30 06:59 239068 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-10-30 06:59 . 2009-10-30 06:59 187870 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe 2009-10-30 06:59 . 2009-10-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-10-30 04:47 . 2009-10-30 04:47 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-30 04:46 . 2009-10-30 04:46 -------- d-----w- c:\program files\Synaptics 2009-10-29 05:02 . 2009-10-29 05:02 -------- d-----w- c:\documents and settings\abd\Application Data\Apple Computer 2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\abd\Local Settings\Application Data\Ahead 2009-10-29 04:49 . 2009-10-29 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-10-29 04:39 . 2008-08-01 11:44 3229146 ------w- c:\windows\UNMRW.exe 2009-10-29 04:37 . 2008-08-01 11:43 3229150 ------w- c:\windows\NuNinst.exe 2009-10-29 04:37 . 2006-01-17 18:09 102016 ------w- c:\windows\system32\drivers\InCDfs.sys 2009-10-29 04:37 . 2006-01-17 18:09 29440 ------w- c:\windows\system32\drivers\InCDpass.sys 2009-10-29 04:37 . 2006-01-17 01:41 8704 ------w- c:\windows\system32\drivers\InCDrec.sys 2009-10-29 04:37 . 2008-08-01 11:44 32640 ------w- c:\windows\system32\drivers\InCDrm.sys 2009-10-29 04:37 . 2009-10-29 04:37 -------- d-----w- c:\windows\InCD 2009-10-29 04:33 . 2009-10-29 04:33 -------- d-----w- c:\program files\Common Files\Nero 2009-10-29 04:30 . 2004-07-09 16:43 364544 ------w- c:\windows\system32\TwnLib4.dll 2009-10-29 04:30 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2009-10-29 04:30 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll 2009-10-29 04:30 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll 2009-10-29 04:30 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll 2009-10-29 04:30 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll 2009-10-29 04:30 . 2009-11-04 09:40 333266 ----a-w- c:\windows\system32\NeroCheck.exe 2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Common Files\Ahead 2009-10-29 04:29 . 2009-10-29 04:29 -------- d-----w- c:\program files\Ahead 2009-10-28 10:59 . 2009-10-28 10:59 -------- d--h--w- c:\windows\$hf_mig$ 2009-10-28 10:51 . 2009-10-28 10:51 13104 ----a-w- c:\documents and settings\abd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-28 10:45 . 2009-10-28 10:45 -------- d-----w- c:\windows\ServicePackFiles 2009-10-28 10:45 . 2007-12-01 08:26 294912 ------w- c:\windows\system32\dllcache\dlimport.exe 2009-10-28 10:43 . 2009-11-04 09:40 204252 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-28 10:06 . 2009-10-28 10:06 -------- d-----w- c:\program files\ATI Technologies 2009-10-28 10:04 . 2009-11-04 09:40 214494 ----a-w- c:\windows\system32\acs.exe 2009-10-28 10:04 . 2005-11-09 00:04 233472 ----a-w- c:\windows\system32\wgapi.dll 2009-10-28 10:04 . 2005-11-09 00:03 233472 ----a-w- c:\windows\system32\wcapi.dll 2009-10-28 10:04 . 2005-11-09 00:03 372736 ----a-w- c:\windows\system32\athcfg11.dll 2009-10-28 10:04 . 2005-11-09 00:01 77824 ----a-w- c:\windows\system32\athcfg11res.dll 2009-10-28 10:04 . 2004-05-19 06:32 651264 ----a-w- c:\windows\system32\libeay32.dll 2009-10-28 10:04 . 2004-05-19 06:32 147456 ----a-w- c:\windows\system32\ssleay32.dll 2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Lenovo 2009-10-28 10:03 . 2006-04-18 13:35 471616 ----a-w- c:\windows\system32\ar5211.sys 2009-10-28 10:03 . 2009-10-28 10:03 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-10-28 10:03 . 2009-11-04 09:40 493018 ----a-w- c:\windows\system32\AegisI5.exe 2009-10-28 10:03 . 2005-11-08 23:54 1396835 ----a-r- c:\windows\system32\AegisE5.dll 2009-10-28 10:03 . 2009-10-28 10:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-28 10:03 . 2003-12-03 14:20 118784 ----a-w- c:\windows\system32\ATHCFG10.DLL 2009-10-28 10:03 . 2009-10-28 10:03 -------- d-----w- c:\program files\Common Files\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 05:14 . 2009-11-06 16:38 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-11-04 09:40 . 2009-10-28 10:46 206298 ----a-w- c:\windows\system32\verclsid.exe 2009-11-04 09:40 . 2009-10-28 09:46 542166 ----a-w- c:\windows\system32\ati2evxx.exe 2009-11-04 09:40 . 2009-10-28 09:46 202712 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-11-04 09:40 . 2007-12-01 08:26 185302 ----a-w- c:\windows\system32\spdwnwxp.exe 2009-11-04 09:40 . 2009-10-28 10:05 226780 ----a-w- c:\windows\system32\DSndUp.exe 2009-11-04 09:40 . 2009-10-28 10:05 222684 ----a-w- c:\windows\system32\CleanUp.exe 2009-11-04 09:40 . 2009-10-28 10:46 187358 ----a-w- c:\windows\system32\comsdupd.exe 2009-11-04 09:40 . 2007-12-01 08:26 198618 ----a-w- c:\windows\system32\spupdwxp.exe 2009-11-04 09:40 . 2007-12-01 08:26 198628 ----a-w- c:\windows\system32\faxpatch.exe 2009-11-04 09:40 . 2004-08-04 08:56 198104 ----a-w- c:\windows\system32\cliconfg.exe 2009-11-04 09:40 . 2001-08-23 22:00 229342 ----a-w- c:\windows\system32\migpwd.exe 2009-10-28 10:48 . 2009-10-28 09:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-28 10:05 . 2009-10-28 10:05 -------- d-----w- c:\program files\Analog Devices 2009-10-28 09:53 . 2009-10-28 09:53 -------- d-----w- c:\program files\Intel 2009-10-28 09:52 . 2009-10-28 09:52 -------- d-----w- c:\program files\CONEXANT 2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\microsoft frontpage 2009-10-28 09:13 . 2009-10-28 09:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-10-27 21:27 . 2009-10-27 21:27 -------- d-----w- c:\program files\Yahoo! 2009-10-27 21:25 . 2009-10-27 21:25 -------- d-----w- c:\program files\The KMPlayer 2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\QuickTime 2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\program files\Apple Software Update 2009-10-27 21:14 . 2009-10-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}] 2009-10-30 07:45 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-30 2803200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-07 521692] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 213470] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1113046] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 214996] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 820698] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SoundMAX Agent Service (default)"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "ACS"=3 (0x3) "ServiceLayer"=3 (0x3) "InCDsrvR"=2 (0x2) "InCDsrv"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "avgfws9"=2 (0x2) "avg9wd"=2 (0x2) "avg9emc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?] S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] --- Other Services/Drivers In Memory --- NewlyCreated - MBR NewlyCreated - UDFS Deregistered - mbr Deregistered - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gmail.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = hxxp://www.club194.com/playdrama.aspx?pageId=1215 uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/http://www.yahoo.com IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm TCP: {A7740BDF-0EB0-43D4-8C35-FFA10D1241B2} = 203.99.163.240,202.125.132.12 . - - - - ORPHANS REMOVED - - - - AddRemove-FileASSASSIN - c:\program files\FileASSASSIN\uninst.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 08:40 Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-11-08 8:40 ComboFix-quarantined-files.txt 2009-11-08 16:40 Pre-Run: 8,894,267,392 bytes free Post-Run: 9,231,876,096 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 52C1E9155B2155071DC78427BD7BA8A6

11-07-2009, 09:37 PM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,178 OS: XP sp3	Re: Recently my Antivirus has started telling each & every .exe file as trojan Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: DDS:: uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/http://www.yahoo.com Now paste* the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Run an on-line scan with Kaspersky Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply __________________ ASAP & UNITE Member

11-08-2009, 02:42 AM	#5 (permalink)
welcomback Registered User Join Date: Nov 2009 Posts: 9 OS: xp sp3	Re: Recently my Antivirus has started telling each & every .exe file as trojan An error message appeared while running combifix with CFScript.txt: PEV.cfxxe HAS ENCOUNTERED A PROBLEM AND NEEDS TO CLOSE. wE ARE SORRY FOR INCONVENIENCE.

11-08-2009, 05:45 AM	#7 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,178 OS: XP sp3	Re: Recently my Antivirus has started telling each & every .exe file as trojan Hi, That didn't process the script properly, probably because of the error, Please delete the copy of ComboFix that you have from your desktop and download a fresh copy. Then please process this script once more: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: KillAll:: DDS:: uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/http://www.yahoo.com Now paste* the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Were you able to run the Malwarebytes and Kaspersky scans? __________________ ASAP & UNITE Member

11-19-2009, 07:42 PM	#10 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,472 OS: XP SP3	Re: Recently my Antivirus has started telling each & every .exe file as trojan Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006