More problems...

Bobbye · Jun 11, 2011

I don't have a uTorrent toolbar installed (or at least I don't see one ever), and I've never used Conduit, so I don't know what it is really.

Actually, you have many entries for both. And the installed programs show: uTorrent, Conduit Engine and uTorrent Toolbar I put them in script for you to run in Combofix. But I did not get the log that is generated after the scrip has been run.

We need to bring this to a close. It was started over 2 months ago. We haven't found malware.
To remove entries your antivirus has quarantined, do a RIGHT Click> Delete.

The Qoobox will be removed when you uninstall Combofix and the infected restore points will be dropped.

Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

Select Yes when the "Begin cleanup Process?" prompt appears.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Go to Start > All Programs > Accessories > System Tools

Click "System Restore".

Choose "Create a Restore Point" on the first screen then click "Next".

Give the Restore Point a name> click "Create".

Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Mazrim · Jun 12, 2011

Sorry to have wasted your time. Here's the log per the previous instructions:

ComboFix 11-06-11.01 - Ed 06/12/2011 14:32:09.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2785 [GMT -4:00]
Running from: c:\documents and settings\Ed.KIDS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed.KIDS\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ed.KIDS\Application Data\PriceGong
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-10 01:57 . 2011-06-10 01:57 -------- d-----w- c:\documents and settings\Ed.KIDS\Local Settings\Application Data\Oblivion
2011-06-10 01:41 . 2011-06-10 01:41 -------- d-----w- c:\program files\Bethesda Softworks
2011-06-10 01:29 . 2011-06-10 01:29 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-10 01:29 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-10 01:29 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-10 01:29 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-10 01:29 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-10 01:29 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-10 01:29 . 2011-06-10 01:29 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2011-06-03 17:50 . 2011-06-03 17:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\windows\system32\AGEIA
2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\program files\AGEIA Technologies
2011-06-03 17:29 . 2011-06-05 03:19 -------- d-----w- c:\program files\Dragon Age
2011-06-03 17:29 . 2011-06-03 17:47 -------- d-----w- c:\program files\Common Files\BioWare
2011-06-01 21:02 . 2011-06-01 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2011-05-29 06:48 . 2011-05-29 06:48 -------- d-sh--w- c:\documents and settings\Ed.KIDS\IECompatCache
2011-05-27 04:01 . 2011-04-20 23:25 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-05-27 04:01 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-05-27 04:01 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-05-27 04:00 . 2011-04-20 23:25 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-27 04:00 . 2011-04-20 23:25 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-05-22 15:47 . 2011-05-22 15:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2011-05-22 15:45 . 2011-05-22 15:45 -------- d-----w- c:\program files\AMD APP
2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 20:07 . 2011-06-09 22:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-03-20 21:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-03-20 21:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 02:41 . 2010-12-19 01:07 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-12-19 01:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-12-19 01:07 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-12-19 01:07 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-12-19 01:07 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-20 02:04 . 2010-12-19 01:07 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-12-19 01:07 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-12-19 01:07 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-04-17 16:02 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-12-19 01:07 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-12-19 01:07 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-12-19 01:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-12-19 01:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-12-19 01:07 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-12-19 01:07 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-19 01:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-12-19 01:07 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-12-19 01:07 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-12-19 01:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-12-19 01:07 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-12-19 01:07 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-17 16:45 . 2011-04-17 16:21 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
2011-04-17 16:44 . 2011-04-17 16:21 327392 ----a-w- c:\program files\ElswordInstaller.exe
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-20 05:51 . 2011-03-20 05:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-20 05:49 . 2011-03-20 05:49 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-03-16 13:31 . 2010-12-18 16:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-27_23.56.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 03:03 . 2011-01-11 03:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2011-01-11 08:05 . 2011-01-11 08:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 08:23 . 2011-01-11 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2011-01-11 01:21 . 2011-01-11 01:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-06-12 18:22 . 2011-06-12 18:22 16384 c:\windows\temp\Perflib_Perfdata_414.dat
+ 2009-04-03 16:39 . 2009-04-03 16:39 70936 c:\windows\system32\PhysXLoader.dll
+ 2008-12-04 13:28 . 2008-12-04 13:28 24344 c:\windows\system32\PhysXDevice.dll
- 2004-08-04 12:00 . 2011-05-27 04:13 71846 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-06-12 18:26 71846 c:\windows\system32\perfc009.dat
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelFrench.dll
+ 2011-06-01 21:02 . 2011-06-01 21:02 21504 c:\windows\Installer\69bfe0a.msi
+ 2011-06-10 01:31 . 2011-06-10 01:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-01-11 08:27 . 2011-01-11 08:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 08:24 . 2011-01-11 08:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 08:08 . 2011-01-11 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 197912 c:\windows\system32\physxcudart_20.dll
+ 2008-11-26 12:55 . 2008-11-26 12:55 288024 c:\windows\system32\PhysXCplUI.exe
+ 2008-11-25 12:38 . 2008-11-25 12:38 288024 c:\windows\system32\PhysXCompatCplUI.exe
- 2004-08-04 12:00 . 2011-05-27 04:13 443588 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-06-12 18:26 443588 c:\windows\system32\perfh009.dat
+ 2011-06-09 22:46 . 2011-06-09 22:46 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2011-06-09 22:44 . 2011-06-09 22:44 240288 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe
+ 2011-06-09 22:44 . 2011-06-09 22:44 321184 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.dll
+ 2008-10-07 13:13 . 2008-10-07 13:13 116977 c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 214629 c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 119473 c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 13:13 . 2008-10-07 13:13 199885 c:\windows\system32\AGEIA\AG1011\app.bin
+ 2011-06-05 03:20 . 2011-06-05 03:20 424960 c:\windows\Installer\7c62d71.msi
+ 2011-06-07 06:04 . 2011-06-07 06:04 459264 c:\windows\Installer\12a99750.msi
+ 2011-06-10 01:31 . 2011-06-10 01:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-04-02 19:53 . 2011-04-02 19:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-06-10 01:31 . 2011-06-10 01:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-12-18 16:33 . 2011-06-09 22:46 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-12-18 16:33 . 2011-05-18 20:07 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-06-03 17:47 . 2011-06-03 17:47 1500160 c:\windows\Installer\94209b.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-12-19 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Runes of Magic\\Client.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Nexon\\Vindictus\\en-US\\Vindictus.exe"=
"c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\rush\\rush.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57788:TCP"= 57788:TCPando Media Booster
"57788:UDP"= 57788:UDPando Media Booster
"56440:TCP"= 56440:TCPando Media Booster
"56440:UDP"= 56440:UDPando Media Booster
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 12:36 PM 136360]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [12/18/2010 11:52 AM 22016]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/18/2010 11:48 AM 1374464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3/25/2011 7:46 PM 14856]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [12/18/2010 11:52 AM 25984]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [12/18/2010 11:52 AM 17408]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 14:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,37,7d,7a,76,93,30,1f,c6,50,e2,66,54,58,5f,03,29,81,d9,d3,1c,6b,fe,
a8,4d,74,17,db,cc,41,96,d8,20,78,ee,e1,5f,8a,1b,3c,98,de,ca,61,96,ee,47,59,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,1a,de,73,c8,29,0e,b1,5a,21,db,66,56,c3,fc,1e,99,59,1b,12,55,
aa,bc,b6,40,79,1a,0a,c1,16,8f,a5,c0,3c,ba,73,39,40,dd,27,2b,3f,dc,17,97,00,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-06-12 14:38:26
ComboFix-quarantined-files.txt 2011-06-12 18:38
ComboFix2.txt 2011-06-07 00:38
ComboFix3.txt 2011-05-27 23:58
.
Pre-Run: 460,815,585,280 bytes free
Post-Run: 460,862,885,888 bytes free
.
- - End Of File - - AC4850C1EE1706B5EB07066DA9A3A973

Bobbye · Jun 14, 2011

Thread closed at members request. Getting new hardware.

TechSpot

Welcome to TechSpot

More problems...

Bobbye Helper on the Fringe Posts: 16,406 +16

Mazrim Newcomer, in training Posts: 99

Bobbye Helper on the Fringe Posts: 16,406 +16

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.