Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Please help Trojan.SystemDriver found
   
BullGuard Antivirus Forum > Virus > Virus Questions > Please help Trojan.SystemDriver found  
Forum Quick Jump
 
New Topic Post reply to : Please help Trojan.SystemDriver found Printable version of : Please help Trojan.SystemDriver found
[ << Previous Thread | Next Thread >> ]

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-1-2008 3:10 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
<!-- google_ad_section_start -->
Hi, I have a PC that is new, I have put files and programs on and then this month, it is playing up.

When I go to start up the computer sometimes it works, but 80% it will not go past the welcome page, 10% of the time it does but then only for the screen to go black, each time it gors black or will not go past the welcome page. I have to reboot the PC.

Sometimes I have to open it up in Safemode then restart it and then it works.

And then when I go to closed it down, it stops on the shut down page and will not move, I left it one night to see if it would and in the morning it was still saying windows in shutting down.

I ran Super Anti spyware and it found this:


Trojan. System Driver, C:\32788R22FWJFW\CREG.DAT

Which has been put in the quarantined items file, should I delete it?

It also fould 52 Tracking Cookies which have also been put in quarantined file.


I did a Hijackthis scan and this is what it said:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:20, on 15/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=uk&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Scribble] C:\Program Files\Scribble\Scribble.exe -silent
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Scheduler.lnk = ?
O4 - Startup: TracksCleaner.lnk = C:\Program Files\GhostSurf Platinum\TracksCleaner.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf Platinum\Proxy.exe
O4 - Global Startup: SpyCatcher.lnk = C:\Program Files\GhostSurf Platinum\SpyCatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Protector - Tenebril Inc. - C:\Program Files\GhostSurf Platinum\ProtectorSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9503 bytes
<!-- google_ad_section_end -->
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-1-2008 5:06 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Hello smile
 
 
CREG.DAT seems to be a file from Combofix. Have you run combofix ?
 
Looks like are getting help here ? ->

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-1-2008 6:42 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Hi, Yes I did post it on he juice one, but did not think I had a reply.
As I put a help post on this site in Alerts & New Threats
it was called:
I put it in there on 25 nov.
But I must of put it in the wrong page, sorry.
 
I have got and have run Combo Fix, I have run a few others as well, just trying to fix it.
The scan from the last time a ran that is below.
 
I don't know what is the best software to get.
I have Norton 360, which did dont pick it up.
Then I ran combo fix, with no joy, then AVG and then Superantispyware.
Please can you help.
 
 
 
Combo Fix Scan:
 
ComboFix 08-11-23.02 - Hilary 2008-11-24 23:50:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1070 [GMT 0:00]
Running from: c:\users\Hilary\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mpg4c32.dll
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Protector

(((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
.
2008-11-24 16:59 . 2008-11-24 16:59 0 --a------ c:\windows\ativpsrm.bin
2008-11-24 16:55 . 2008-11-24 16:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-24 16:45 . 2008-11-24 16:45 23,600 --a------ c:\windows\System32\drivers\TVICHW32.SYS
2008-11-15 12:17 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 12:17 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 12:17 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 12:17 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 12:16 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 12:16 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 12:16 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 12:16 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 12:16 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 18:59 . 2008-11-13 18:59 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 17:08 . 2008-11-13 18:02 <DIR> d-------- c:\program files\RegCure
2008-11-13 13:33 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 13:32 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 13:32 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 15:45 . 2008-11-16 12:36 <DIR> d-------- c:\users\Hilary\AppData\Roaming\Roxio
2008-11-11 15:44 . 2008-11-11 15:44 <DIR> d-------- c:\program files\InterActual
2008-11-11 15:28 . 2008-11-11 15:28 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-11 15:15 . 2008-11-11 15:15 <DIR> d-------- c:\program files\Sonic
2008-11-11 15:14 . 2008-11-11 15:19 <DIR> d-------- c:\windows\System32\DLA
2008-11-11 15:14 . 2006-10-25 08:22 99,816 --a------ c:\windows\System32\drivers\DRVMCDB.SYS
2008-11-11 15:14 . 2006-11-01 08:58 92,920 --a------ c:\windows\DLA.EXE
2008-11-11 15:14 . 2006-11-01 08:58 56,056 --a------ c:\windows\System32\DLAAPI_W.DLL
2008-11-11 15:14 . 2006-09-15 09:42 51,768 --a------ c:\windows\System32\drivers\DRVNDDM.SYS
2008-11-11 15:14 . 2006-09-15 09:45 28,184 --a------ c:\windows\System32\drivers\DLARTL_M.SYS
2008-11-11 15:14 . 2006-09-15 09:45 12,920 --a------ c:\windows\System32\drivers\DLACDBHM.SYS
2008-11-11 15:14 . 2008-11-11 15:14 120 --a------ c:\windows\wininit.ini
2008-11-11 15:12 . 2008-11-11 15:12 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2008-11-11 15:09 . 2008-11-11 15:10 <DIR> d-------- c:\program files\SightSpeed
2008-11-11 15:02 . 2008-11-16 12:36 <DIR> d-------- c:\users\All Users\Roxio
2008-11-11 15:02 . 2008-11-11 15:14 <DIR> d-------- c:\program files\Roxio
2008-11-11 15:02 . 2008-11-11 15:12 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-11 15:02 . 2008-11-11 15:04 <DIR> d-------- c:\program files\Common Files\SightSpeed
2008-11-11 15:00 . 2008-11-11 15:00 <DIR> d-------- c:\program files\DivX
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-11-11 14:32 . 2008-11-11 14:32 <DIR> d-------- c:\windows\System32\URTTEMP
2008-11-09 16:10 . 2008-11-09 16:10 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-07 13:26 . 2008-11-07 13:36 <DIR> d-------- c:\users\Hilary\AppData\Roaming\Tenebril
2008-11-07 13:20 . 2008-11-07 13:20 <DIR> d-------- c:\windows\System32\SpycatcherAgentSetupTemp
2008-11-07 13:20 . 2008-11-07 13:27 <DIR> d-------- c:\users\All Users\Tenebril
2008-11-07 13:19 . 2008-11-07 13:19 <DIR> d-------- c:\windows\System32\tenarchlib
2008-11-07 13:19 . 2008-11-07 13:20 <DIR> d-------- c:\program files\GhostSurf Platinum
2008-11-07 13:19 . 2008-06-17 11:13 185,664 --a-s---- c:\windows\System32\archlib.dll
2008-11-07 13:19 . 2008-06-17 11:13 57,344 --a------ c:\windows\System32\MFC71ENU.DLL
2008-11-07 09:53 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\System32\MGIIpl2A6.dll
2008-11-07 09:53 . 1999-08-04 12:00 1,093,632 --a------ c:\windows\System32\MGIIpl2PX.dll
2008-11-07 09:53 . 1999-09-14 12:00 126,976 --a------ c:\windows\System32\ipubgrnd.dll
2008-11-07 09:53 . 1999-09-14 12:00 86,016 --a------ c:\windows\System32\ImageMosaic.ocx
2008-11-07 09:53 . 1999-08-04 12:00 54,272 --a------ c:\windows\System32\Serial.ocx
2008-11-07 09:53 . 1999-08-04 12:00 53,760 --a------ c:\windows\System32\Infrared.ocx
2008-11-07 09:53 . 1999-08-04 12:00 51,712 --a------ c:\windows\System32\USB.ocx
2008-11-07 09:53 . 1999-08-04 12:00 20,480 --a------ c:\windows\System32\MGIIpl2.dll
2008-11-07 09:53 . 1999-08-04 12:00 5,632 --a------ c:\windows\System32\HELLUT32.DLL
2008-11-07 09:52 . 2008-11-07 09:52 <DIR> d-------- c:\program files\Common Files\MGI Shared
2008-11-07 09:49 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-07 05:10 . 2008-11-07 05:10 <DIR> d-------- c:\users\All Users\Nokia
2008-11-06 21:25 . 2008-11-06 21:25 <DIR> d-------- c:\users\All Users\Installations
2008-11-06 21:25 . 2008-05-07 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-03 16:26 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 16:26 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 16:26 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 16:26 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 16:26 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-01 16:12 . 2008-11-01 16:12 <DIR> d-------- c:\users\All Users\FLEXnet
2008-11-01 13:24 . 2008-11-01 13:24 <DIR> d-------- c:\program files\ReflexiveArcade
2008-11-01 13:24 . 2008-11-01 13:28 <DIR> d-------- c:\program files\Cradle Of Rome
2008-11-01 12:18 . 2008-11-24 17:27 12 --a------ c:\windows\bthservsdp.dat
2008-11-01 12:17 . 2008-11-01 12:17 <DIR> d-------- c:\users\Hilary\AppData\Roaming\AVSMedia
2008-11-01 12:16 . 2008-11-01 12:16 <DIR> d-------- c:\users\All Users\AVS4YOU
2008-11-01 12:16 . 2008-11-01 12:16 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-11-01 12:16 . 2008-11-01 12:16 <DIR> d-------- c:\program files\AVSMedia
2008-11-01 12:16 . 2007-02-27 19:36 1,700,352 --a------ c:\windows\System32\GdiPlus.dll
2008-11-01 12:16 . 2007-02-27 19:36 974,848 --a------ c:\windows\System32\mfc70.dll
2008-11-01 12:16 . 2007-02-27 19:36 487,424 --a------ c:\windows\System32\msvcp70.dll
2008-11-01 12:16 . 2007-02-27 19:36 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-11-01 12:16 . 2007-02-27 19:36 261,632 --a------ c:\windows\System32\mcdvd_32.dll
2008-11-01 12:16 . 2007-02-27 19:36 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-01 12:16 . 2003-03-25 06:49 98,304 --a------ c:\windows\System32\L3CODECX.AX
2008-11-01 12:16 . 2007-02-27 19:36 82,944 --a------ c:\windows\System32\vct3216.acm
2008-11-01 12:16 . 2007-02-27 19:36 81,920 --a------ c:\windows\System32\AC3ACM.acm
2008-11-01 12:16 . 2007-02-27 19:36 38,912 --a------ c:\windows\System32\alf2cd.acm
2008-11-01 12:16 . 2007-02-27 19:36 24,576 --a------ c:\windows\System32\msxml3a.dll
2008-11-01 12:16 . 2007-02-27 19:36 13,239 --a------ c:\windows\System32\Scg726.acm
2008-11-01 12:13 . 2008-11-07 10:25 <DIR> d-------- c:\program files\MGI
2008-11-01 10:59 . 2008-11-01 10:59 <DIR> d-------- c:\program files\Microprose
2008-11-01 10:01 . 2008-11-01 10:01 <DIR> d-------- c:\program files\OLYMPUS
2008-11-01 09:31 . 2006-05-23 00:00 172,032 --a------ c:\windows\System32\esint54.dll
2008-11-01 09:31 . 2006-10-13 00:00 65,793 --a------ c:\windows\System32\esfw54.bin
2008-11-01 09:31 . 2006-10-13 00:00 63,488 --a------ c:\windows\System32\eswia54.dll
2008-11-01 09:31 . 2006-08-25 00:00 9,216 --a------ c:\windows\System32\escdev.dll
2008-11-01 09:31 . 2006-03-10 00:00 3,584 --a------ c:\windows\System32\eswiaml.dll
2008-11-01 09:20 . 2008-11-01 09:21 <DIR> d-------- c:\program files\Common Files\UDL
2008-11-01 09:20 . 2002-10-23 01:00 131,072 --a------ c:\windows\System32\Epcmlib.dll
2008-11-01 09:13 . 2008-11-24 14:10 <DIR> d-------- c:\program files\EPSON
2008-11-01 09:13 . 2003-02-19 01:04 72,825 --a------ c:\windows\System32\EBPMON24.DLL
2008-11-01 09:13 . 2003-05-21 02:25 63,488 --a------ c:\windows\System32\ECBTEG.DLL
2008-11-01 09:13 . 2000-06-07 01:01 34,304 --a------ c:\windows\System32\EBPCHP.DLL
2008-11-01 09:13 . 2003-04-10 05:40 31,744 --a------ c:\windows\System32\E_DCINST.DLL
2008-11-01 09:13 . 2008-11-01 09:19 8,908 --a------ c:\windows\EPSTPLOG.BAK
2008-11-01 09:13 . 2001-09-04 02:04 182 --a------ c:\windows\System32\EBPPORT4.DAT
2008-11-01 09:13 . 2008-11-01 09:13 25 --a------ c:\windows\CDEC84Euro.ini
2008-10-30 14:54 . 2008-10-30 14:54 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-29 14:44 . 2008-10-29 14:44 230,805,718 --a------ c:\windows\MEMORY.DMP
2008-10-29 14:20 . 2008-06-02 18:49 305,688 --a------ c:\windows\System32\drivers\iaStor.sys
2008-10-29 14:20 . 2008-10-29 14:20 1,030 --a------ c:\windows\System32\Support.xml
2008-10-29 14:19 . 2008-10-29 14:19 <DIR> d-------- c:\users\Hilary\AppData\Roaming\InstallShield
2008-10-29 14:17 . 2008-01-08 13:10 98,304 --a------ c:\windows\RTKAUDIOSERVICE.EXE
2008-10-29 14:17 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-10-29 14:16 . 2008-01-15 11:26 4,874,240 --a------ c:\windows\RtHDVCpl.exe
2008-10-29 14:16 . 2008-01-15 19:19 2,047,576 --a------ c:\windows\System32\drivers\RTKVHDA.sys
2008-10-29 14:16 . 2007-11-07 17:31 1,191,936 --a------ c:\windows\RtlUpd.exe
2008-10-29 14:16 . 2008-01-09 18:52 636,416 --a------ c:\windows\System32\RtkPgExt.dll
2008-10-29 14:16 . 2007-11-13 12:35 532,480 --a------ c:\windows\System32\RTSndMgr.cpl
2008-10-29 14:16 . 2006-12-13 10:30 339,968 --a------ c:\windows\System32\SRSTSXT.dll
2008-10-29 14:16 . 2008-10-29 14:16 315,392 --a------ c:\windows\HideWin.exe
2008-10-29 14:16 . 2007-07-25 09:33 135,168 --a------ c:\windows\System32\SRSWOW.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 14:25 --------- d-----w c:\program files\Common Files\Adobe
2008-11-24 14:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 15:06 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-11-07 10:59 --------- d-----w c:\program files\Microsoft Works
2008-11-04 10:03 --------- d-----w c:\program files\Norton 360
2008-11-01 09:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 08:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-29 14:22 --------- d-----w c:\program files\HP
2008-10-29 14:16 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-29 14:16 --------- d-----w c:\program files\Realtek
2008-10-26 09:03 174 --sha-w c:\program files\desktop.ini
2008-10-26 08:56 --------- d-----w c:\program files\Windows Sidebar
2008-10-26 08:56 --------- d-----w c:\program files\Windows Mail
2008-10-26 08:56 --------- d-----w c:\program files\Windows Calendar
2008-10-26 08:55 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-26 08:55 --------- d-----w c:\program files\Windows Journal
2008-10-26 08:55 --------- d-----w c:\program files\Windows Defender
2008-10-26 08:55 --------- d-----w c:\program files\Windows Collaboration
2008-10-22 13:01 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-22 12:59 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-10-22 12:08 --------- d-----w c:\program files\MSBuild
2008-10-22 12:05 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-22 12:01 --------- d-----w c:\program files\Microsoft.NET
2008-10-22 11:19 --------- d-----w c:\users\Hilary\AppData\Roaming\Apple Computer
2008-10-22 11:19 --------- d-----w c:\program files\iTunes
2008-10-22 11:18 --------- d-----w c:\program files\QuickTime
2008-10-22 11:18 --------- d-----w c:\program files\iPod
2008-10-22 11:18 --------- d-----w c:\program files\Bonjour
2008-10-22 11:17 --------- d-----w c:\program files\Common Files\Apple
2008-10-22 11:17 --------- d-----w c:\program files\Apple Software Update
2008-10-22 08:32 --------- d-----w c:\users\Hilary\AppData\Roaming\AdobeUM
2008-10-22 08:07 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-22 08:07 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-22 08:07 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-22 08:07 --------- d-----w c:\program files\Symantec
2008-10-22 07:59 16,480 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-10-22 07:59 1,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-10-22 07:58 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-10-22 07:58 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-10-13 16:30 --------- d-----w c:\users\Hilary\AppData\Roaming\Symantec
2008-10-05 15:03 --------- d-----w c:\program files\Google
2008-10-05 14:36 1,873 --sha-r c:\windows\system32\drivers\103C_HP_CPC_RS921AA-ABU m7775.uk_YC_0Pavi_QCZX703_E71GBv3PrA4_49_ILEONITE_SASUSTek Computer INC._V5.00_B5.08_T061208_WUH0_L409_M2046_J400_7Intel_8Core2 6600_92.4_#070227_N808627DC_Z_G10027181.MRK
2008-10-05 14:16 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-05 14:16 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-05 14:16 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-05 14:16 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-05 14:16 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-05 14:02 29,184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2008-10-05 14:02 220,160 ----a-w c:\windows\system32\drivers\bthport.sys
2008-10-05 14:02 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys
2008-10-05 13:59 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2008-10-05 13:57 --------- d-----w c:\program files\MSXML 4.0
2008-10-05 13:52 --------- d-----w c:\users\Hilary\AppData\Roaming\ATI
2008-10-05 13:47 --------- d-----w c:\users\Hilary\AppData\Roaming\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scribble"="c:\program files\Scribble\Scribble.exe" [2007-09-04 529744]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-27 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-11-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GhostSurf proxy.lnk - c:\program files\GhostSurf Platinum\Proxy.exe [2008-11-07 91568]
SpyCatcher.lnk - c:\program files\GhostSurf Platinum\SpyCatcher.exe [2008-07-11 2123104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C6C2D072-0505-4A36-BE4F-CFB836CAD15E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AE90298F-F853-41BE-A652-8753F792A6A0}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{99B235C9-40E2-413B-8FE9-7ED4566701CC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{D92C5161-414A-4769-85AD-8556D2129B1A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{B9542E67-E4D4-4330-AFEC-BA3A8E8C3AF5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{00FF1A7B-0C94-4AE0-8AEF-D428A9631080}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{30E0A407-1CFA-4589-93AE-293D3A40B6F4}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{0811569F-ACFB-4017-AF7D-9B1DA6A47A2C}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{DF61A664-C4C5-4B05-920B-7BFBD0B09CE4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E4A987F-02F3-4612-80AF-1D679B66F0F2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4576D72B-D376-42C2-8A4B-895591CF0DF1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D6AC1523-CB5B-4214-8FB5-71FAD1C8427D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8DD71F27-4DB1-4F19-9B37-9B20B77C5D40}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61A32223-D612-4C69-8230-B2FFEBA5A679}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A0C89201-AA93-4413-988A-61F7787BADCC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BAC594BB-E44B-4734-954F-B5BCD3DB01FA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{32F7435A-671B-481C-8AEF-AEEFA640A95B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{697F7FF1-AF2B-4A0A-A5A1-F48ECC7BF19F}"= UDP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
"{D0A4E16E-4D93-499E-9C0C-FA6160E4357D}"= TCP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-11-11 28184]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 270384]
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 208896]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-15 3691520]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S2 IntelDHSvcConf;Intel DH Service;"c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 29696]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ    BthServ
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 23:59:12
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\secuload.dll
c:\windows\system32\protector.dll
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\secuload.dll
c:\windows\system32\Protector.dll
- - - - - - - > 'Explorer.exe'(4432)
c:\windows\system32\secuload.dll
c:\windows\system32\Protector.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\windows\system32\wscntfy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\GhostSurf Platinum\TracksCleaner.exe
c:\hp\KBD\kbd.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Scribble\PegRoute.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-11-25  0:04:18 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-25 00:04:03
Pre-Run: 360,628,830,208 bytes free
Post-Run: 361,035,481,088 bytes free
348 --- E O F --- 2008-11-24 17:00:00
Back to Top
 

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-2-2008 9:24 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Hi Forgot to ask, can you help me, or did you want me to use the other one.
Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-2-2008 10:03 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
We´l continue here, just let them know at computer-juice, you are getting help elsewhere ;-)
 
Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter


Reboot. Download newest vesion -
 
 
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-2-2008 1:29 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Hi, I did the uninstall and put in the new one.
I then went to the run page and it would not let me run it, it said I did not have ComboFix on my PC.
So i clicked on the ComboFix icon and had to start it that way.
Hope that was ok.

This is the log from it:

ComboFix 08-12-01.01 - Hilary 2008-12-02 12:15:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1208 [GMT 0:00]
Running from: c:\users\Hilary\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mpg4c32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Protector


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 14:15 . 2008-12-01 14:15 <DIR> d-------- c:\users\Hilary\AppData\Roaming\Malwarebytes
2008-12-01 14:15 . 2008-12-01 14:15 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-01 14:15 . 2008-12-01 14:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 14:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-01 14:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-30 12:32 . 2008-11-30 12:32 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-30 12:30 . 2008-11-30 12:30 <DIR> d-------- c:\users\Hilary\AppData\Roaming\SUPERAntiSpyware.com
2008-11-30 12:30 . 2008-11-30 12:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-30 12:28 . 2008-11-30 12:28 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 11:30 . 2008-11-30 11:30 <DIR> d-------- c:\users\Hilary\AppData\Roaming\Tenebril
2008-11-28 17:00 . 2008-11-28 17:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-28 16:10 . 2008-11-28 16:10 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-28 16:10 . 2008-11-28 16:10 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-28 16:09 . 2008-12-02 08:23 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-28 16:09 . 2008-11-28 16:09 <DIR> d-------- c:\users\All Users\avg8
2008-11-28 16:09 . 2008-11-28 16:09 <DIR> d-------- c:\program files\AVG
2008-11-28 11:59 . 2008-11-28 11:59 <DIR> d-------- c:\users\Hilary\AppData\Roaming\iWin
2008-11-28 11:58 . 2008-11-29 16:14 <DIR> d-------- c:\program files\!!!el Quest 2
2008-11-28 11:38 . 2008-11-28 11:38 <DIR> d-------- c:\program files\!!!el Quest
2008-11-26 22:39 . 2008-11-26 22:40 <DIR> d-------- c:\program files\iTunes
2008-11-26 22:39 . 2008-11-26 22:39 <DIR> d-------- c:\program files\iPod
2008-11-26 22:36 . 2008-11-26 22:38 <DIR> d-------- c:\program files\QuickTime
2008-11-26 15:21 . 2008-11-26 15:30 <DIR> d-------- c:\program files\epson
2008-11-26 15:21 . 2006-05-23 00:00 172,032 --a------ c:\windows\System32\esint54.dll
2008-11-26 15:21 . 2006-10-13 00:00 65,793 --a------ c:\windows\System32\esfw54.bin
2008-11-26 15:21 . 2006-10-13 00:00 63,488 --a------ c:\windows\System32\eswia54.dll
2008-11-26 15:21 . 2006-08-25 00:00 9,216 --a------ c:\windows\System32\escdev.dll
2008-11-26 15:21 . 2006-03-10 00:00 3,584 --a------ c:\windows\System32\eswiaml.dll
2008-11-26 12:55 . 2008-11-26 12:55 <DIR> d-------- c:\windows\System32\Epson
2008-11-26 12:50 . 2008-11-26 12:51 <DIR> d-------- c:\users\All Users\UDL
2008-11-26 12:00 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 12:00 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 12:00 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 12:00 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 12:00 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 16:59 . 2008-11-24 16:59 0 --a------ c:\windows\ativpsrm.bin
2008-11-24 16:55 . 2008-11-24 16:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-24 16:45 . 2008-11-24 16:45 23,600 --a------ c:\windows\System32\drivers\TVICHW32.SYS
2008-11-15 12:17 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-15 12:17 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-15 12:17 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-15 12:17 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-15 12:16 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-15 12:16 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-15 12:16 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 12:16 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-15 12:16 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 18:59 . 2008-11-13 18:59 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 17:08 . 2008-11-13 18:02 <DIR> d-------- c:\program files\RegCure
2008-11-13 13:33 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 13:32 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 13:32 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 15:45 . 2008-11-16 12:36 <DIR> d-------- c:\users\Hilary\AppData\Roaming\Roxio
2008-11-11 15:44 . 2008-11-11 15:44 <DIR> d-------- c:\program files\InterActual
2008-11-11 15:28 . 2008-11-11 15:28 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-11 15:15 . 2008-11-11 15:15 <DIR> d-------- c:\program files\Sonic
2008-11-11 15:14 . 2008-11-11 15:19 <DIR> d-------- c:\windows\System32\DLA
2008-11-11 15:14 . 2006-10-25 08:22 99,816 --a------ c:\windows\System32\drivers\DRVMCDB.SYS
2008-11-11 15:14 . 2006-11-01 08:58 92,920 --a------ c:\windows\DLA.EXE
2008-11-11 15:14 . 2006-11-01 08:58 56,056 --a------ c:\windows\System32\DLAAPI_W.DLL
2008-11-11 15:14 . 2006-09-15 09:42 51,768 --a------ c:\windows\System32\drivers\DRVNDDM.SYS
2008-11-11 15:14 . 2006-09-15 09:45 28,184 --a------ c:\windows\System32\drivers\DLARTL_M.SYS
2008-11-11 15:14 . 2006-09-15 09:45 12,920 --a------ c:\windows\System32\drivers\DLACDBHM.SYS
2008-11-11 15:14 . 2008-11-11 15:14 120 --a------ c:\windows\wininit.ini
2008-11-11 15:12 . 2008-11-11 15:12 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2008-11-11 15:09 . 2008-11-11 15:10 <DIR> d-------- c:\program files\SightSpeed
2008-11-11 15:02 . 2008-11-16 12:36 <DIR> d-------- c:\users\All Users\Roxio
2008-11-11 15:02 . 2008-11-11 15:14 <DIR> d-------- c:\program files\Roxio
2008-11-11 15:02 . 2008-11-25 20:33 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-11-11 15:02 . 2008-11-11 15:04 <DIR> d-------- c:\program files\Common Files\SightSpeed
2008-11-11 15:00 . 2008-11-11 15:00 <DIR> d-------- c:\program files\DivX
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-11-11 14:34 . 2008-11-11 14:34 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-11-11 14:32 . 2008-11-11 14:32 <DIR> d-------- c:\windows\System32\URTTEMP
2008-11-09 16:10 . 2008-11-09 16:10 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-07 13:20 . 2008-11-07 13:20 <DIR> d-------- c:\windows\System32\SpycatcherAgentSetupTemp
2008-11-07 13:20 . 2008-11-07 13:27 <DIR> d-------- c:\users\All Users\Tenebril
2008-11-07 13:19 . 2008-11-07 13:19 <DIR> d-------- c:\windows\System32\tenarchlib
2008-11-07 13:19 . 2008-11-30 11:27 <DIR> d-------- c:\program files\GhostSurf Platinum
2008-11-07 13:19 . 2008-06-17 11:13 185,664 --a-s---- c:\windows\System32\archlib.dll
2008-11-07 13:19 . 2008-06-17 11:13 57,344 --a------ c:\windows\System32\MFC71ENU.DLL
2008-11-07 09:53 . 1999-08-04 12:00 1,294,336 --a------ c:\windows\System32\MGIIpl2A6.dll
2008-11-07 09:53 . 1999-08-04 12:00 1,093,632 --a------ c:\windows\System32\MGIIpl2PX.dll
2008-11-07 09:53 . 1999-09-14 12:00 126,976 --a------ c:\windows\System32\ipubgrnd.dll
2008-11-07 09:53 . 1999-09-14 12:00 86,016 --a------ c:\windows\System32\ImageMosaic.ocx
2008-11-07 09:53 . 1999-08-04 12:00 54,272 --a------ c:\windows\System32\Serial.ocx
2008-11-07 09:53 . 1999-08-04 12:00 53,760 --a------ c:\windows\System32\Infrared.ocx
2008-11-07 09:53 . 1999-08-04 12:00 51,712 --a------ c:\windows\System32\USB.ocx
2008-11-07 09:53 . 1999-08-04 12:00 20,480 --a------ c:\windows\System32\MGIIpl2.dll
2008-11-07 09:53 . 1999-08-04 12:00 5,632 --a------ c:\windows\System32\HELLUT32.DLL
2008-11-07 09:52 . 2008-11-07 09:52 <DIR> d-------- c:\program files\Common Files\MGI Shared
2008-11-07 09:49 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-07 05:10 . 2008-11-07 05:10 <DIR> d-------- c:\users\All Users\Nokia
2008-11-06 21:25 . 2008-11-06 21:25 <DIR> d-------- c:\users\All Users\Installations
2008-11-06 21:25 . 2008-05-07 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-03 16:26 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 16:26 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 16:26 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 16:26 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 16:26 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 22:39 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 14:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 14:25 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 15:06 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-11-07 10:59 --------- d-----w c:\program files\Microsoft Works
2008-11-07 10:25 --------- d-----w c:\program files\MGI
2008-11-04 10:03 --------- d-----w c:\program files\Norton 360
2008-11-01 13:28 --------- d-----w c:\program files\Cradle Of Rome
2008-11-01 13:24 --------- d-----w c:\program files\ReflexiveArcade
2008-11-01 12:17 --------- d-----w c:\users\Hilary\AppData\Roaming\AVSMedia
2008-11-01 12:16 --------- d-----w c:\program files\Common Files\AVSMedia
2008-11-01 12:16 --------- d-----w c:\program files\AVSMedia
2008-11-01 10:59 --------- d-----w c:\program files\Microprose
2008-11-01 10:01 --------- d-----w c:\program files\OLYMPUS
2008-11-01 09:21 --------- d-----w c:\program files\Common Files\UDL
2008-11-01 09:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 08:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-30 14:54 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-29 14:22 --------- d-----w c:\program files\HP
2008-10-29 14:19 --------- d-----w c:\users\Hilary\AppData\Roaming\InstallShield
2008-10-29 14:16 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-29 14:16 315,392 ----a-w c:\windows\HideWin.exe
2008-10-29 14:16 --------- d-----w c:\program files\Realtek
2008-10-29 14:14 --------- d-----w c:\users\Hilary\AppData\Roaming\WinBatch
2008-10-29 07:55 --------- d-----w c:\program files\Vision Objects
2008-10-29 07:51 --------- d-----w c:\program files\Scribble
2008-10-26 20:08 --------- d-----w c:\program files\Xvid
2008-10-26 09:03 174 --sha-w c:\program files\desktop.ini
2008-10-26 08:56 --------- d-----w c:\program files\Windows Sidebar
2008-10-26 08:56 --------- d-----w c:\program files\Windows Mail
2008-10-26 08:56 --------- d-----w c:\program files\Windows Calendar
2008-10-26 08:55 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-26 08:55 --------- d-----w c:\program files\Windows Journal
2008-10-26 08:55 --------- d-----w c:\program files\Windows Defender
2008-10-26 08:55 --------- d-----w c:\program files\Windows Collaboration
2008-10-26 08:34 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-26 08:34 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-24 08:44 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-10-24 08:40 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-24 08:39 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-10-24 08:39 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-10-24 08:36 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-22 13:01 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-22 12:59 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-10-22 12:59 129,784 ------w c:\windows\System32\pxafs.dll
2008-10-22 12:59 118,520 ------w c:\windows\System32\pxinsi64.exe
2008-10-22 12:59 116,472 ------w c:\windows\System32\pxcpyi64.exe
2008-10-22 12:08 --------- d-----w c:\program files\MSBuild
2008-10-22 12:05 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-22 12:01 --------- d-----w c:\program files\Microsoft.NET
2008-10-22 11:19 --------- d-----w c:\users\Hilary\AppData\Roaming\Apple Computer
2008-10-22 11:18 --------- d-----w c:\program files\Bonjour
2008-10-22 11:17 --------- d-----w c:\program files\Apple Software Update
2008-10-22 08:32 --------- d-----w c:\users\Hilary\AppData\Roaming\AdobeUM
2008-10-22 08:07 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-22 08:07 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-22 08:07 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-22 08:07 --------- d-----w c:\program files\Symantec
2008-10-22 07:59 16,480 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-10-22 07:59 1,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-10-22 07:58 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-10-22 07:58 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-10-22 07:42 269,312 ----a-w c:\windows\System32\es.dll
2008-10-13 16:30 --------- d-----w c:\users\Hilary\AppData\Roaming\Symantec
2008-10-05 15:03 --------- d-----w c:\program files\Google
2008-10-05 14:36 1,873 --sha-r c:\windows\system32\drivers\103C_HP_CPC_RS921AA-ABU m7775.uk_YC_0Pavi_QCZX703_E71GBv3PrA4_49_ILEONITE_SASUSTek Computer INC._V5.00_B5.08_T061208_WUH0_L409_M2046_J400_7Intel_8Core2 6600_92.4_#070227_N808627DC_Z_G10027181.MRK
2008-10-05 14:17 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-10-05 14:17 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-10-05 14:17 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-10-05 14:17 272,896 ----a-w c:\windows\System32\polstore.dll
2008-10-05 14:16 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-05 14:16 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-05 14:16 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-05 14:16 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-10-05 14:16 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-05 14:16 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-05 14:16 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-05 14:16 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-10-05 14:11 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-05 14:10 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-10-05 14:05 7,964,672 ----a-w c:\windows\System32\NlsLexicons0024.dll
2008-10-05 14:05 6,224,896 ----a-w c:\windows\System32\NlsLexicons0027.dll
2008-10-05 14:05 5,791,232 ----a-w c:\windows\System32\NlsLexicons0026.dll
2008-10-05 14:05 5,499,904 ----a-w c:\windows\System32\NlsLexicons0022.dll
2008-10-05 14:05 2,136,064 ----a-w c:\windows\System32\NlsLexicons0021.dll
2008-10-05 14:05 1,808,896 ----a-w c:\windows\System32\NlsLexicons0046.dll
2008-10-05 14:05 1,793,536 ----a-w c:\windows\System32\NlsLexicons0045.dll
2008-10-05 14:05 1,782,272 ----a-w c:\windows\System32\NlsLexicons0039.dll
2008-10-05 14:05 1,558,016 ----a-w c:\windows\System32\NlsLexicons0049.dll
2008-10-05 14:05 1,411,072 ----a-w c:\windows\System32\NlsLexicons0047.dll
2008-10-05 14:05 1,236,992 ----a-w c:\windows\System32\NlsLexicons0020.dll
2008-10-05 14:02 29,184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2008-10-05 14:02 220,160 ----a-w c:\windows\system32\drivers\bthport.sys
2008-10-05 14:02 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys
2008-10-05 14:02 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-10-05 14:01 988,216 ----a-w c:\windows\System32\winload.exe
2008-10-05 14:01 927,288 ----a-w c:\windows\System32\winresume.exe
2008-10-05 14:01 615,992 ----a-w c:\windows\System32\ci.dll
2008-10-05 14:01 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-10-05 14:01 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scribble"="c:\program files\Scribble\Scribble.exe" [2007-09-04 529744]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-27 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-11-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

c:\users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GhostSurf proxy.lnk - c:\program files\GhostSurf Platinum\Proxy.exe [2008-11-07 91568]
SpyCatcher.lnk - c:\program files\GhostSurf Platinum\SpyCatcher.exe [2008-07-11 2123104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C6C2D072-0505-4A36-BE4F-CFB836CAD15E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AE90298F-F853-41BE-A652-8753F792A6A0}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{99B235C9-40E2-413B-8FE9-7ED4566701CC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{D92C5161-414A-4769-85AD-8556D2129B1A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{B9542E67-E4D4-4330-AFEC-BA3A8E8C3AF5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{00FF1A7B-0C94-4AE0-8AEF-D428A9631080}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{30E0A407-1CFA-4589-93AE-293D3A40B6F4}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{0811569F-ACFB-4017-AF7D-9B1DA6A47A2C}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{DF61A664-C4C5-4B05-920B-7BFBD0B09CE4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E4A987F-02F3-4612-80AF-1D679B66F0F2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8DD71F27-4DB1-4F19-9B37-9B20B77C5D40}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61A32223-D612-4C69-8230-B2FFEBA5A679}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A0C89201-AA93-4413-988A-61F7787BADCC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BAC594BB-E44B-4734-954F-B5BCD3DB01FA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{32F7435A-671B-481C-8AEF-AEEFA640A95B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{697F7FF1-AF2B-4A0A-A5A1-F48ECC7BF19F}"= UDP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
"{D0A4E16E-4D93-499E-9C0C-FA6160E4357D}"= TCP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
"{F49386F2-9674-4F3F-9D2F-BD0C5FF6CD80}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CC2D2B76-AD9C-4D6A-82E7-8283512A3DF1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{37C63429-40C4-4FD1-AFC8-66DCB2E8B472}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-28 97928]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-11-11 28184]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081127.001\IDSvix86.sys [2008-11-29 270384]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-28 231704]
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 208896]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-15 3691520]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S2 IntelDHSvcConf;Intel DH Service;"c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 29696]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-01 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-GhostSurf Reminder - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 12:21:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3984)
c:\windows\System32\srchadmin.dll
c:\windows\system32\webcheck.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\GhostSurf Platinum\TracksCleaner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Scribble\PegRoute.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\hp\KBD\kbd.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-12-02 12:25:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 12:25:33
ComboFix2.txt 2008-11-25 00:04:22

Pre-Run: 343,025,676,288 bytes free
Post-Run: 343,422,128,128 bytes free

387 --- E O F --- 2008-11-26 14:01:26
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-3-2008 10:40 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
It looks clean. However, it looks like you have installed AVG8 antivirus. It is not a good idea with two antivirus running. Uninstall one of them.

Reboot, post new hijackthis log and tell how things are running ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-3-2008 10:55 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Hi which one should I keep.
I have Norton 360 & AVG.
Thanks
Back to Top
 

Hilary
New Member


Date Joined Nov 2008
Total Posts : 14
  		   Posted 12-3-2008 11:07 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Sorry, also forgot to say, Im having to use another computer to get to this site, as the one with the problems will not let me display it, it just says done at the bottom of the page and the page is white.
I have gone into Internet options and Security and they are all ok.
Do you know what the problem may be?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 12-3-2008 11:32 (GMT +1)    Quote: Please help Trojan.SystemDriver foundAlert an admin about: Please help Trojan.SystemDriver found
Ok. Update Malwarebyte, run a complete scan and post the log it produce.

I´ll suggest you keep AVG8 antivirus

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top