please check my log

[Osiris]

Now I need you to run Cleanup! and then CCleaner

 

[groove]

ok done. i've noticed i've got a file named "vfind.exe" in my windows folder. Is this a virus file? update - found that it's part of combofix. What about "bootstat.dat" video cd movie file 13/5/09?

 

[Osiris]

Delete it, its bad

 

[groove]

ok thanks once again for your help. i've now deleted "bootstat.dat" and have rebooted.

i've checked my windows TEMP folder and i can't delete 3 "Perflib.dat" files (16 KB Video CD Movie files). Also got 2 "JET.tmp" but they are 0 KB size. But this last one i can't delete is strange "sqlite"? Also 0 KB so i don't think it can do any damage?

 

[Osiris]

Can you delete in safemode?

 

[groove]

Unfortunately not. The files don't even show up in my TEMP folder in safe mode. Maybe the files are connected to my Norton Antivirus?

 

[Osiris]

Can you run combofix one more time? I need to see if these file are regenerating

 

[groove]

Got the following error in Combofix :-

"Cannot Export RegRuns00: Error opening the file. There may be a disk or file system error."

Here's my log :-

ComboFix 09-05-13.02 - Hector C 14/05/2009 10:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.447.135 [GMT 1:00]
Running from: c:\documents and settings\Hector C\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-13 18:18 . 2006-12-05 11:53 5173248 ----a-w c:\documents and settings\Hector C\Altdo Convert Mp3 Master.exe
2009-05-10 16:56 . 2009-05-10 16:56 -------- d-----w c:\documents and settings\Hector C\Application Data\Malwarebytes
2009-05-10 16:56 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 16:56 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 16:55 . 2009-05-10 16:55 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 16:55 . 2009-05-10 16:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-09 09:34 . 2005-02-24 19:11 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll
2009-05-09 09:34 . 2005-02-24 18:51 348160 ----a-w c:\windows\system32\NCTWMAFile2.dll
2009-05-09 09:34 . 2005-06-01 04:15 966144 ----a-w c:\windows\system32\NCTAudioInformation2.dll
2009-05-09 09:34 . 2005-03-10 23:00 454656 ----a-w c:\windows\system32\NCTAudioRecord2.dll
2009-05-09 09:34 . 2005-03-12 00:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-05-09 09:34 . 2007-10-12 01:09 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-05-09 09:34 . 2009-05-09 09:35 -------- d-----w c:\program files\Mp3 Convert Master
2009-04-20 16:29 . 2009-04-20 16:29 -------- d-----w c:\program files\Windows Defender
2009-04-18 14:28 . 2009-04-18 14:30 -------- dc-h--w c:\windows\ie8
2009-04-18 08:53 . 2009-05-09 08:42 -------- d-----w c:\program files\NCH Software
2009-04-15 13:17 . 2009-05-07 20:12 -------- d-----w c:\documents and settings\Hector C\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 22:17 . 2008-04-24 12:15 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-13 16:28 . 2009-04-09 21:47 -------- d-----w c:\program files\NCH Swift Sound
2009-04-20 15:27 . 2006-11-08 01:53 -------- d-----w c:\program files\Java
2009-04-18 10:19 . 2008-01-20 17:57 -------- d-----w c:\program files\Yahoo!
2009-04-18 10:17 . 2006-12-10 20:40 -------- d-----w c:\program files\Google
2009-04-13 21:32 . 2008-05-03 18:45 -------- d-----w c:\program files\Common Files\Apple
2009-04-13 21:12 . 2009-04-13 21:12 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-13 18:57 . 2009-04-13 18:57 -------- d-----w c:\program files\VOB
2009-04-13 18:55 . 2009-04-13 13:02 -------- d-----w c:\program files\Steinberg
2009-04-13 13:33 . 2009-04-13 13:33 -------- d-----w c:\program files\VB
2009-04-13 13:33 . 2009-04-13 13:33 -------- d-----w c:\program files\A0 Digital Audio
2009-04-13 13:02 . 2009-04-13 13:02 -------- d-----w c:\program files\iZotope
2009-04-12 12:30 . 2009-04-09 17:06 -------- d-----w c:\program files\Vuze
2009-04-11 14:35 . 2009-04-11 14:35 -------- d-----w c:\program files\SPL Plug-Ins
2009-04-11 14:35 . 2009-04-11 14:35 -------- d-----w c:\program files\Common Files\Digidesign
2009-04-11 13:04 . 2009-04-11 13:04 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-11 13:03 . 2008-05-14 17:51 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 18:34 . 2009-04-09 18:33 -------- d-----w c:\program files\CCleaner
2009-04-09 17:02 . 2008-04-24 13:48 -------- d-----w c:\program files\Azureus
2009-04-09 14:23 . 2006-05-12 23:27 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-09 13:52 . 2009-04-09 13:52 33972 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-09 11:10 . 2009-04-09 11:10 76041392 ----a-w C:\regbkp.reg
2009-04-09 08:48 . 2008-12-09 18:33 -------- d-----w c:\program files\Uniblue
2009-04-09 00:24 . 2007-07-31 12:40 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-08 06:33 . 2009-04-08 06:33 -------- d-----w c:\documents and settings\Hector C\Application Data\SuperAdBlocker.com
2009-04-07 21:23 . 2009-04-07 21:23 -------- d-----r c:\program files\Norton Support
2009-03-22 12:00 . 2008-12-04 19:33 -------- d-----w c:\program files\DVDCoverPrint
2009-03-22 11:41 . 2008-06-13 15:07 -------- d-----w c:\program files\Common Files\Nero
2009-03-22 10:47 . 2008-12-03 18:40 -------- d-----w c:\program files\CdCoverCreator
2009-03-18 21:35 . 2008-02-17 23:50 -------- d-----w c:\program files\Symantec
2009-03-18 21:35 . 2008-10-14 07:02 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-18 21:35 . 2008-10-14 07:02 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-18 21:35 . 2008-10-14 07:02 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-18 21:35 . 2008-10-14 07:02 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-16 07:00 . 2008-09-18 21:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 04:19 . 2008-12-09 17:30 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2006-01-09 18:02 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 07:39 . 2006-11-08 02:09 38136 -c--a-w c:\documents and settings\Hector C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-02 21:15 . 2005-10-20 04:17 1024 ------w c:\windows\system32\NTICDMK7.dll
2009-03-02 21:01 . 2005-10-20 04:17 1024 -c----w c:\windows\system32\NTIMPEG2.dll
2009-03-02 21:01 . 2005-10-20 04:17 1024 -c----w c:\windows\system32\NTIMP3.dll
2009-03-02 21:01 . 2005-10-20 04:17 1024 -c----w c:\windows\system32\NTIFCD3.dll
2009-03-02 21:01 . 2005-10-20 04:16 6144 ------w c:\windows\system32\drivers\NTIDrvr.sys
2009-02-27 11:02 . 2008-10-14 07:02 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-02-12 20:03 . 2008-02-12 19:53 2293848 ----a-w c:\program files\FLV PlayerFCSetup.exe
2008-02-12 19:52 . 2008-02-12 19:40 3955352 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2008-02-12 19:39 . 2008-02-12 19:38 411248 ----a-w c:\program files\FLV PlayerRCSetup.exe
.

(((((((( SnapShot@2009-05-09_10.53.14 ))))))))))
.
+ 2009-05-14 08:00 . 2009-05-14 08:00 16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
+ 2009-05-14 07:59 . 2009-05-14 07:59 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat
+ 2009-05-14 07:59 . 2009-05-14 07:59 16384 c:\windows\temp\Perflib_Perfdata_1ec.dat
+ 2004-08-04 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
+ 2005-10-20 04:22 . 2009-05-09 16:15 63248 c:\windows\system32\perfc009.dat
- 2005-10-20 04:22 . 2009-03-29 22:26 63248 c:\windows\system32\perfc009.dat
+ 2005-07-26 04:39 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2005-07-26 04:39 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2005-07-26 04:39 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2008-08-31 12:21 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2008-08-31 12:21 . 2004-08-04 12:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-08-31 12:21 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-08-31 12:21 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-08-31 12:21 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-08-31 12:21 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-08-31 12:21 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-08-31 12:22 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2008-08-31 12:22 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll
- 2005-07-26 04:39 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2005-07-26 04:39 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
- 2004-08-04 12:00 . 2004-08-04 05:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-04 12:00 . 2009-02-10 17:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-04 12:00 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2008-08-31 12:21 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2005-07-26 04:39 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
+ 2005-10-20 04:22 . 2009-05-09 16:15 403022 c:\windows\system32\perfh009.dat
- 2005-10-20 04:22 . 2009-03-29 22:26 403022 c:\windows\system32\perfh009.dat
+ 2008-08-31 12:21 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2005-07-26 04:39 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2005-07-26 04:39 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2005-07-26 04:39 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2008-08-31 12:21 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll
+ 2008-08-31 12:21 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2008-08-31 12:22 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2008-08-31 12:22 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-08-31 12:22 . 2009-02-10 17:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-08-31 12:22 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2008-08-31 12:22 . 2004-08-04 05:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2008-08-31 12:21 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe
+ 2008-08-31 12:21 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-08-31 12:21 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-08-31 12:21 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
+ 2008-08-31 12:21 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-08-31 12:21 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-08-31 12:21 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-08-31 12:21 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-08-31 12:21 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2008-08-31 12:22 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-08-31 12:21 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
+ 2008-08-31 12:21 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
- 2005-08-30 03:54 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2005-08-30 03:54 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2008-08-31 12:21 . 2009-02-06 10:29 2142720 c:\windows\system32\ntoskrnl.exe
- 2008-08-31 12:21 . 2008-08-14 09:55 2142720 c:\windows\system32\ntoskrnl.exe
+ 2008-08-31 12:21 . 2009-02-06 09:49 2020864 c:\windows\system32\ntkrnlpa.exe
- 2008-08-31 12:21 . 2008-08-14 09:18 2020864 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-31 12:21 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2008-08-31 12:21 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2008-08-31 12:22 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-08-31 12:22 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-31 12:22 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-08-31 12:22 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-31 12:22 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-31 12:22 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-08-31 12:22 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.

 

[groove]

((((( Reg Loading Points ))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-10 1883672]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2009-03-10 1883672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-03-10 07:10 1883672 -c--a-w c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-03-10 07:10 1883672 ----a-w c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-10 1883672]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2009-03-10 1883672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-10 1883672]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso0.dll" [2009-03-10 1883672]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"launchapp"="Alaunch" [X]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"quicktime task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"tkbellexe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 185896]
"remotecontrol"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"phime2002async"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"phime2002a"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"mspy2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"mediasync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"imjpmig8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"erecoveryservice"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"aspireservice"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"applesyncnotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"acer empowering technology monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MCM"="c:\program files\Mp3 Convert Master\Mp3ConvertMaster.exe" [2009-04-29 2434048]
"sispower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-07-13 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-11-8 45056]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer WLAN 11g USB Dongle.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk
backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sabsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\def\\VRQTool.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [18/03/2009 22:35 310320]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [13/04/2009 19:57 11264]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [18/03/2009 22:35 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [18/03/2009 22:34 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [08/05/2009 22:10 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [18/03/2009 22:34 115560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/04/2009 15:39 101936]
S1 248f6d7e;248f6d7e;c:\windows\system32\drivers\248f6d7e.sys --> c:\windows\system32\drivers\248f6d7e.sys [?]
S1 sabkutil;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [27/09/2008 19:42 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-08-07 12:34]

2009-05-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-05-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{CE03F31D-1306-479E-874F-5C4FFE2B466E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
FF - ProfilePath - c:\documents and settings\Hector C\Application Data\Mozilla\Firefox\Profiles\5m3b3ngq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-14 11:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2644)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-14 11:07
ComboFix-quarantined-files.txt 2009-05-14 10:07
ComboFix2.txt 2009-05-09 11:00

Pre-Run: 27,611,414,528 bytes free
Post-Run: 27,596,615,680 bytes free

308 --- E O F --- 2009-05-11 18:07

 

[Osiris]

Have you tried rebooting yet?