Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 57 Posts

·
Registered
Joined
·
68 Posts
Discussion Starter · #1 ·
When I was running my virus scan (PC Tools Spyware Doctor) it found two Trojans in my computer. They were listed as Trojan-Spy.Agent!sd6 and Trojan.Agent which both were found in my C:WINDOWS\system32\okl.exe folder. Spyware doctor said it found them and removed them but I was wondering if there is a possibilty that i could be still infected and what sort of trojan this is.?
Please Help!!!
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #2 ·
DDS (Ver_09-03-16.01) - NTFSx86
Run by Brad at 21:31:37.29 on Thu 04/30/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2122 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Brad\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,[email protected]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [A00F1C630B4.exe] c:\windows\temp\_A00F1C630B4.exe
dRun: [A00FE4D60.exe] c:\windows\temp\_A00FE4D60.exe
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,[email protected]
StartupFolder: c:\docume~1\brad\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {182C7ED7-E56D-4509-9D9B-AC49318D9895} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\jzi06am4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\brad\application data\mozilla\firefox\profiles\jzi06am4.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-23 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-3-23 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-3-23 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-23 159600]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-3-25 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-3-25 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-3-23 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-3-23 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-04-30 21:12 23,668 a------- c:\windows\system32\lmppcsetup.exe
2009-04-27 19:05 29,696 a------- c:\windows\system32\loader49.exe
2009-04-24 10:27 4,096 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-23 19:18 39,936 a------- c:\windows\system32\winglsetup.exe
2009-04-17 18:33 89,448 a------- c:\windows\system32\drivers\a640f4fa.sys
2009-04-16 14:42 46 a------- c:\windows\system32\p2hhr.bat
2009-04-15 14:38 <DIR> --d----- c:\program files\Microsoft Common
2009-04-14 22:40 109,010 a------- c:\windows\system32\drivers\d4ca901c.sys
2009-04-14 22:21 <DIR> --d----- c:\docume~1\brad\applic~1\Pegasys Inc
2009-04-14 22:21 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-04-14 22:21 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-04-14 22:21 13,567 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-04-14 20:08 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-04-14 20:08 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-14 20:08 728,064 a------- c:\windows\system32\lsasrv.dll
2009-04-14 20:08 706,048 a------- c:\windows\system32\ntdll.dll
2009-04-14 20:08 617,472 a------- c:\windows\system32\advapi32.dll
2009-04-14 20:08 108,544 a------- c:\windows\system32\services.exe
2009-04-14 17:31 728,064 -------- c:\windows\system32\_000028_.tmp.dll
2009-04-14 17:31 706,048 -------- c:\windows\system32\_000027_.tmp.dll
2009-04-14 17:31 108,544 -------- c:\windows\system32\_000026_.tmp.dll
2009-04-14 17:20 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 17:20 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 17:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-08 23:04 <DIR> --d----- c:\docume~1\brad\applic~1\Sierra
2009-04-07 23:07 <DIR> --d----- c:\program files\iPod
2009-04-07 23:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-04-21 13:50 21,280 a------- c:\docume~1\brad\applic~1\wklnhst.dat
2009-04-20 15:17 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-04-20 15:16 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-04-20 15:16 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-04-20 15:16 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-04-20 15:16 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-02 19:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 04:11 3,068,416 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-20 04:10 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 21:32:40.34 ===============
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #3 ·
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/17/2006 4:23:09 PM
System Uptime: 4/30/2009 6:56:23 PM (3 hours ago)

Motherboard: Dell Inc. | | 0J8885
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 9.71 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP736: 1/21/2009 7:48:34 PM - System Checkpoint
RP737: 1/22/2009 8:47:45 PM - System Checkpoint
RP738: 1/24/2009 1:19:56 AM - System Checkpoint
RP739: 1/25/2009 2:05:14 AM - System Checkpoint
RP740: 1/26/2009 4:10:27 PM - System Checkpoint
RP741: 1/27/2009 4:12:29 PM - System Checkpoint
RP742: 1/28/2009 4:41:50 PM - System Checkpoint
RP743: 1/29/2009 6:19:37 PM - System Checkpoint
RP744: 1/30/2009 6:54:59 PM - System Checkpoint
RP745: 2/1/2009 5:13:35 PM - System Checkpoint
RP746: 2/2/2009 1:47:53 AM - Installed iTunes
RP747: 2/3/2009 9:13:15 AM - System Checkpoint
RP748: 2/4/2009 12:42:38 PM - System Checkpoint
RP749: 2/5/2009 6:49:21 PM - System Checkpoint
RP750: 2/6/2009 8:47:09 PM - System Checkpoint
RP751: 2/7/2009 9:52:24 PM - System Checkpoint
RP752: 2/8/2009 9:54:06 PM - System Checkpoint
RP753: 2/9/2009 11:57:24 PM - System Checkpoint
RP754: 2/11/2009 12:45:03 AM - System Checkpoint
RP755: 2/11/2009 11:34:29 AM - Software Distribution Service 3.0
RP756: 2/12/2009 1:04:00 PM - System Checkpoint
RP757: 2/13/2009 1:16:32 PM - System Checkpoint
RP758: 2/15/2009 1:24:18 PM - System Checkpoint
RP759: 2/16/2009 12:33:55 PM - Installed DirectX
RP760: 2/16/2009 12:34:31 PM - Installed Nero 7 Essentials
RP761: 2/17/2009 1:04:51 PM - System Checkpoint
RP762: 2/18/2009 4:42:46 PM - System Checkpoint
RP763: 2/19/2009 7:14:16 PM - System Checkpoint
RP764: 2/20/2009 9:33:21 PM - System Checkpoint
RP765: 2/21/2009 11:34:15 PM - System Checkpoint
RP766: 2/22/2009 11:35:30 PM - System Checkpoint
RP767: 2/24/2009 12:39:37 AM - System Checkpoint
RP768: 2/24/2009 2:20:52 PM - Software Distribution Service 3.0
RP769: 2/25/2009 5:33:19 PM - System Checkpoint
RP770: 2/27/2009 2:59:06 PM - System Checkpoint
RP771: 2/28/2009 4:13:08 PM - System Checkpoint
RP772: 3/1/2009 4:22:16 PM - System Checkpoint
RP773: 3/2/2009 8:31:56 PM - System Checkpoint
RP774: 3/3/2009 8:48:18 PM - System Checkpoint
RP775: 3/4/2009 9:15:54 PM - System Checkpoint
RP776: 3/5/2009 9:26:40 PM - System Checkpoint
RP777: 3/6/2009 9:27:23 PM - System Checkpoint
RP778: 3/7/2009 9:47:33 PM - System Checkpoint
RP779: 3/8/2009 1:27:57 AM - Removed Nero 7 Essentials
RP780: 3/10/2009 9:14:16 PM - System Checkpoint
RP781: 3/11/2009 12:14:52 AM - Software Distribution Service 3.0
RP782: 3/14/2009 1:43:05 PM - Software Distribution Service 3.0
RP783: 3/15/2009 5:16:07 PM - System Checkpoint
RP784: 3/16/2009 8:30:49 PM - System Checkpoint
RP785: 3/18/2009 1:07:54 AM - System Checkpoint
RP786: 3/20/2009 2:32:38 PM - System Checkpoint
RP787: 3/21/2009 4:47:33 PM - System Checkpoint
RP788: 3/21/2009 11:24:32 PM - Installed Nero 7 Essentials
RP789: 3/22/2009 12:19:25 AM - Removed LightScribe System Software 1.14.17.1.
RP790: 3/22/2009 12:22:19 AM - Removed Nero 7 Essentials
RP791: 3/23/2009 1:03:36 AM - System Checkpoint
RP792: 3/24/2009 2:38:02 PM - System Checkpoint
RP793: 3/24/2009 7:48:19 PM - Installed Nero 7 Essentials
RP794: 3/25/2009 8:56:29 PM - System Checkpoint
RP795: 3/26/2009 9:40:34 PM - System Checkpoint
RP796: 3/27/2009 9:43:20 PM - System Checkpoint
RP797: 3/28/2009 10:18:38 PM - System Checkpoint
RP798: 3/29/2009 11:10:12 PM - System Checkpoint
RP799: 3/31/2009 10:58:18 PM - System Checkpoint
RP800: 4/2/2009 5:42:18 PM - System Checkpoint
RP801: 4/3/2009 6:40:46 PM - System Checkpoint
RP802: 4/4/2009 6:52:39 PM - System Checkpoint
RP803: 4/5/2009 7:56:44 PM - System Checkpoint
RP804: 4/6/2009 9:33:57 PM - Installed Java(TM) 6 Update 13
RP805: 4/8/2009 1:27:18 AM - System Checkpoint
RP806: 4/9/2009 11:12:36 PM - System Checkpoint
RP807: 4/11/2009 2:21:42 PM - System Checkpoint
RP808: 4/12/2009 2:40:33 PM - System Checkpoint
RP809: 4/13/2009 7:08:52 PM - System Checkpoint
RP810: 4/14/2009 5:27:48 PM - Software Distribution Service 3.0
RP811: 4/14/2009 8:07:10 PM - Software Distribution Service 3.0
RP812: 4/14/2009 10:20:43 PM - Installed TMPGEnc Authoring Works 4 Trial Version
RP813: 4/18/2009 10:45:15 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player
AIM 6
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AutoUpdate
BitZipper 5.1
Bonjour
Company of Heroes
Company of Heroes - FAKEMSI
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
EPSON CX5000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
FUJIFILM USB Driver
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LightScribe System Software 1.14.17.1
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
MyWay Search Assistant
Nero 7 Essentials
neroxml
NVIDIA Drivers
Photo Click
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB963027)
Shockwave
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 6.0
System Requirements Lab
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URGE
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade

==== Event Viewer Messages From Past Week ========

4/30/2009 9:28:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/30/2009 12:12:25 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/29/2009 9:02:19 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
4/29/2009 9:02:19 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
4/26/2009 3:44:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).
4/26/2009 3:44:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #4 ·
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-30 21:36:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A349DF8 ZwEnumerateKey
Code 8A349DC0 ZwFlushInstructionCache
Code 8A31E1F6 IofCallDriver
Code 8A314226 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs a640f4fa.sys
Device \FileSystem\Ntfs \Ntfs 8AA921E8

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip a640f4fa.sys

Device \Driver\pctgntdi \Device\PctGnTcpFilter a640f4fa.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A81F1E8
Device \Driver\usbehci \Device\USBPDO-1 8A7F17A0
Device \Driver\usbuhci \Device\USBPDO-2 8A81F1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A81F1E8
Device \Driver\usbuhci \Device\USBPDO-4 8A81F1E8

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp a640f4fa.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB061E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB061E8
Device \Driver\Cdrom \Device\CdRom0 8A7601E8
Device \Driver\Cdrom \Device\CdRom1 8A7601E8
Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AB061E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0AB4E41-CA70-4381-A067-004A420F8387} 8A0F71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0F71E8
Device \Driver\NetBT \Device\NetbiosSmb 8A0F71E8
Device \Driver\pctgntdi \Device\pctgntdi a640f4fa.sys
Device \Driver\pctgntdi \Device\PctGnUdpFilter a640f4fa.sys

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp a640f4fa.sys
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp a640f4fa.sys

Device \Driver\usbuhci \Device\USBFDO-0 8A81F1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A81F1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0EF1E8
Device \Driver\pctgntdi \Device\PctGnRawIpFilter a640f4fa.sys
Device \Driver\usbuhci \Device\USBFDO-2 8A81F1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0EF1E8
Device \Driver\usbuhci \Device\USBFDO-3 8A81F1E8
Device \Driver\usbehci \Device\USBFDO-4 8A7F17A0
Device \Driver\Ftdisk \Device\FtControl 8AB061E8
Device \FileSystem\Fastfat \Fat 8A53C7A0
Device \FileSystem\Fastfat \Fat B2CBB297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8A4057A0
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #5 ·
The problem I have been having is that I cannot access certain websites that are password protected (i.e. Yahoo and so on) My computer also runs slow sometimes so I was just wondering if anyone could tell me if my computer is safe or what steps do I need to take to fix it and clean it.
Thank You
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #10 ·
I ran another virus scan today and it found two more viruses....Trojan-Downloader.Agent.OGP and Backdoor.Agent.CFC. PC Doctor said it removed it but I would still like to know if my system could still be infected Please Help!!!!
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #12 ·
I did another scan with Spybot and it showed 3 trojan entries from a Virtmonde.sdn and another trojan virus with 4 entries called Win32.TDSS.rtk...please need help with these trojan virus'!!!!!!
 

·
Registered
Joined
·
1,702 Posts
Sorry about the delay B_rad21

Unless your recieving help via another help forum ? , continue here


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop (not elswhere)


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #15 ·
I turned of my virus scan Spyware Doctor with Antivirus and when I try to run Combofix it says that it is still active but when I pull up Task Manager it is not listed on there for me to turn off what am I missing?
 

·
Registered
Joined
·
68 Posts
Discussion Starter · #16 ·
ComboFix 09-05-05.05 - Brad 05/06/2009 13:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2490 [GMT -4:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brad\Local Settings\Temporary Internet Files\egun._dl
c:\documents and settings\Brad\Local Settings\Temporary Internet Files\lifodekup.pif
c:\documents and settings\Brad\Local Settings\Temporary Internet Files\ofomagu.scr
c:\documents and settings\Brad\Local Settings\Temporary Internet Files\ysixib._dl
c:\documents and settings\Brad\protect.dll
c:\documents and settings\Brad\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\program files\Microsoft Common
c:\windows\BMc7613a74.txt
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\_000027_.tmp.dll
c:\windows\system32\_000028_.tmp.dll
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\a640f4fa.sys
c:\windows\system32\drivers\d4ca901c.sys
c:\windows\system32\drivers\ovfsthrujbimrcsipguwyksenkysmjahqypaoe.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\loader49.exe
c:\windows\system32\ovfsthcunyocfwutpuvirlviyvxqprchqpsflq.dat
c:\windows\system32\ovfsthhxqrtqwqbvdkotejxwovbrwnkrduhljf.dll
c:\windows\system32\ovfsthhxqrtqwqbvdkotejxwovbrwnkrduhljf.dll_old
c:\windows\system32\ovfsthkbtnpfholawtybwjqqvplyaqotorwxib.dll
c:\windows\system32\ovfsthkbtnpfholawtybwjqqvplyaqotorwxib.dll_old
c:\windows\system32\ovfsthttroymltigfeibpjvyrpetjlfbmqpsqn.dat
c:\windows\system32\ovfsthwirrtiieuwnvkyvsiiwofjottlcooewa.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winglsetup.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthtfuwkkllrtrxokpdmixwqddbapxmnkcd
-------\Service_a640f4fa
-------\Service_d4ca901c


((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-06 15:19 . 2009-05-06 16:33 27648 ----a-w c:\windows\system32\lmn_setup.exe
2009-05-01 03:34 . 2009-05-01 21:14 -------- d-----w c:\program files\Azureus
2009-05-01 03:21 . 2009-05-01 03:22 -------- d-----w c:\program files\Vuze
2009-04-24 14:27 . 2009-04-24 14:34 4096 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-15 02:22 . 2009-04-15 02:22 104115 ----a-w c:\documents and settings\Brad\Local Settings\Application Data\codecsetup.exe
2009-04-15 02:22 . 2009-04-15 02:22 24576 ----a-w c:\documents and settings\Brad\Local Settings\Application Data\cp_setup_assist.exe
2009-04-15 02:21 . 2009-04-30 23:10 -------- d-----w c:\documents and settings\Brad\Application Data\Pegasys Inc
2009-04-15 02:21 . 2009-04-15 02:20 13567 ----a-w c:\windows\system32\drivers\CDRBSDRV.SYS
2009-04-15 02:21 . 2009-04-15 02:20 59488 ----a-w c:\windows\system32\GenSvcInst.exe
2009-04-15 02:21 . 2009-04-15 02:20 145504 ----a-w c:\windows\system32\bgsvcgen.exe
2009-04-15 00:08 . 2008-04-14 00:11 617472 ----a-w c:\windows\system32\advapi32.dll
2009-04-15 00:08 . 2008-04-14 00:11 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 00:08 . 2008-04-14 00:11 706048 ----a-w c:\windows\system32\ntdll.dll
2009-04-15 00:08 . 2008-04-14 00:12 108544 ----a-w c:\windows\system32\services.exe
2009-04-15 00:08 . 2008-08-14 10:09 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 00:08 . 2008-08-14 09:33 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-14 21:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 21:20 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-09 03:04 . 2009-04-09 03:04 -------- d-----w c:\documents and settings\Brad\Application Data\Sierra
2009-04-08 03:07 . 2009-04-08 03:07 -------- d-----w c:\program files\iPod
2009-04-08 03:07 . 2009-04-08 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 17:32 . 2008-03-25 23:53 -------- d-----w c:\program files\Spyware Doctor
2009-05-01 01:28 . 2008-03-12 16:46 -------- d-----w c:\program files\LimeWire
2009-04-21 17:50 . 2006-10-20 05:16 21280 ----a-w c:\documents and settings\Brad\Application Data\wklnhst.dat
2009-04-20 19:17 . 2009-03-23 04:28 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-04-20 19:16 . 2009-03-23 04:28 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-04-20 19:16 . 2009-03-23 04:28 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-04-20 19:16 . 2009-03-23 04:28 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-04-20 19:16 . 2009-03-23 04:27 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-16 21:31 . 2007-05-08 23:35 -------- d-----w c:\program files\Microsoft Games
2009-04-15 00:14 . 2006-12-10 23:41 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-08 03:07 . 2007-09-28 04:34 -------- d-----w c:\program files\iTunes
2009-04-08 03:07 . 2007-07-09 04:24 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:34 . 2005-08-26 04:40 -------- d-----w c:\program files\Java
2009-03-25 17:03 . 2009-03-25 17:03 -------- d-----w c:\program files\BitZipper
2009-03-24 23:55 . 2009-03-24 23:55 -------- d-----w c:\program files\Common Files\LightScribe
2009-03-24 23:52 . 2009-03-24 23:48 -------- d-----w c:\program files\Common Files\Ahead
2009-03-24 23:48 . 2009-03-24 23:48 -------- d-----w c:\program files\Nero
2009-03-23 04:27 . 2008-03-26 04:11 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 18:33 . 2009-03-14 18:33 -------- d-----w c:\program files\Bonjour
2009-03-09 09:19 . 2008-11-24 17:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 06:30 . 2005-08-26 04:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 06:24 . 2005-08-26 04:44 -------- d-----w c:\program files\CyberLink
2009-03-06 03:59 . 2009-03-14 18:36 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-20 16:42 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-20 08:10 . 2004-08-10 17:51 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 17:51 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\STSYSTRA.EXE [2005-03-23 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-8-26 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/23/2009 12:27 AM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/23/2009 12:28 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/23/2009 12:28 AM 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/23/2009 12:27 AM 159600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/19/2008 12:53 AM 24652]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/23/2009 12:26 AM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/25/2008 7:53 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/23/2009 12:28 AM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1349adcc-9877-11db-9d60-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\afnoinkdsfe.dll
HKU-Default-Run-A00F1C630B4.exe - c:\windows\TEMP\_A00F1C630B4.exe
HKU-Default-Run-A00FE4D60.exe - c:\windows\TEMP\_A00FE4D60.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\xhfhoq062f.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\4029590532.exe
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\afnoinkdsfe.dll
ShellExecuteHooks-{182C7ED7-E56D-4509-9D9B-AC49318D9895} - (no file)
Notify-__c00d43c4 - (no file)
Notify-__c00ff155 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\jzi06am4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\jzi06am4.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 13:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4247063105-3522561950-2355554643-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0f,ec,ea,97,28,70,f1,af,1e,da,80,88,8a,1a,f7,5b,82,ac,ec,25,3c,a0,8d,
48,d9,df,c2,2a,01,49,6f,36,0f,18,38,7b,4f,8f,86,0c,fb,6b,92,4f,f1,35,01,48,\
"??"=hex:de,c2,f1,00,6b,13,52,1e,8d,7b,f0,04,df,b8,e0,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-06 13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 17:54
ComboFix2.txt 2008-04-01 05:15

Pre-Run: 7,032,815,616 bytes free
Post-Run: 7,329,832,960 bytes free

259 --- E O F --- 2009-04-15 00:08
 

Attachments

·
Registered
Joined
·
68 Posts
Discussion Starter · #18 ·
DDS (Ver_09-03-16.01) - NTFSx86
Run by Brad at 21:58:37.71 on Wed 05/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2239 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\jzi06am4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\brad\application data\mozilla\firefox\profiles\jzi06am4.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-23 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-3-23 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-3-23 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-23 159600]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-3-25 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-3-25 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-3-23 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-3-23 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-05-06 21:19 <DIR> --d----- c:\program files\Panda Security
2009-05-06 13:33 161,792 a------- c:\windows\SWREG.exe
2009-05-06 13:33 98,816 a------- c:\windows\sed.exe
2009-05-06 11:19 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-04-30 23:34 <DIR> --d----- c:\program files\Azureus
2009-04-30 23:21 <DIR> --d----- c:\program files\Vuze
2009-04-24 10:27 4,096 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-14 22:21 <DIR> --d----- c:\docume~1\brad\applic~1\Pegasys Inc
2009-04-14 22:21 145,504 a------- c:\windows\system32\bgsvcgen.exe
2009-04-14 22:21 59,488 a------- c:\windows\system32\GenSvcInst.exe
2009-04-14 22:21 13,567 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-04-14 20:08 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-04-14 20:08 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-14 20:08 728,064 a------- c:\windows\system32\lsasrv.dll
2009-04-14 20:08 706,048 a------- c:\windows\system32\ntdll.dll
2009-04-14 20:08 617,472 a------- c:\windows\system32\advapi32.dll
2009-04-14 20:08 108,544 a------- c:\windows\system32\services.exe
2009-04-14 17:20 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 17:20 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 17:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-08 23:04 <DIR> --d----- c:\docume~1\brad\applic~1\Sierra
2009-04-07 23:07 <DIR> --d----- c:\program files\iPod
2009-04-07 23:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-04-21 13:50 21,280 a------- c:\docume~1\brad\applic~1\wklnhst.dat
2009-04-20 15:17 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-04-20 15:16 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-04-20 15:16 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-04-20 15:16 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-04-20 15:16 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 19:04 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 04:11 3,068,416 -------- c:\windows\system32\dllcache\mshtml.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-20 04:10 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-20 04:10 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 22:00:14.62 ===============
 

Attachments

1 - 20 of 57 Posts
Status
Not open for further replies.
Top