Hi there,
I am really not too knowledgeable about computers but my Symantic antivirus tells me that I have Backdoor.tidserv!inf (filename: ahcix86s.sys) on my computer and it can't fix it. I don't know if this is right but I downloaded Malwarebytes and got this log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4025
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
23/04/2010 12:08:30 PM
mbam-log-2010-04-23 (12-08-30).txt
Scan type: Full scan (C:\|)
Objects scanned: 246188
Time elapsed: 1 hour(s), 59 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\User\AppData\Local\Temp\0000324b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\SPSS folder\KEYGEN\keygen.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
I also downloaded combofix and got this log:
ComboFix 10-05-04.06 - User 05/05/2010 11:59:59.1.1 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.1789.1078 [GMT -4:00]
Running from: c:\users\User\Pictures\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-948558897-1585649047-789922506-500
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.
2010-05-05 16:09 . 2010-05-05 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-04 16:07 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVENG.SYS
2010-05-04 16:07 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVEX15.SYS
2010-05-04 16:07 . 2009-09-17 06:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVENG32.DLL
2010-05-04 16:07 . 2009-09-17 06:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVEX32A.DLL
2010-05-04 16:07 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\CCERASER.DLL
2010-05-04 16:07 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\ECMSVR32.DLL
2010-05-04 16:07 . 2009-09-17 06:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\EECTRL.SYS
2010-05-04 16:07 . 2009-09-17 06:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\ERASER.SYS
2010-05-04 16:01 . 2010-05-05 03:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-04 15:02 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-04 15:02 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-04 15:02 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-23 13:49 . 2010-04-23 13:49 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-04-23 13:49 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 13:48 . 2010-04-23 13:48 -------- d-----w- c:\programdata\Malwarebytes
2010-04-23 13:48 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 13:48 . 2010-04-23 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 01:24 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVEX15.SYS
2010-04-21 01:24 . 2009-09-17 06:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVEX32A.DLL
2010-04-21 01:24 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVENG.SYS
2010-04-21 01:24 . 2009-09-17 06:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\EECTRL.SYS
2010-04-21 01:24 . 2009-09-17 06:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVENG32.DLL
2010-04-21 01:24 . 2009-09-17 06:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\ERASER.SYS
2010-04-21 01:24 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\CCERASER.DLL
2010-04-21 01:24 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\ECMSVR32.DLL
2010-04-15 17:34 . 2010-04-15 17:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-15 15:43 . 2010-04-15 15:43 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 15:43 . 2010-04-15 15:43 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-14 03:03 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 03:03 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 03:03 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 03:02 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 03:02 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 03:02 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 03:02 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 20:23 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 20:22 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 16:00 . 2010-01-25 15:03 104992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-04 15:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-04 15:31 . 2009-05-28 04:29 -------- d-----w- c:\programdata\Microsoft Help
2010-04-22 16:54 . 2010-01-27 04:20 -------- d-----w- c:\users\User\AppData\Roaming\BitTorrent
2010-04-22 16:51 . 2010-03-12 04:50 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-04-15 17:35 . 2010-03-25 04:17 -------- d-----w- c:\programdata\DivX
2010-04-15 15:43 . 2010-03-25 04:18 -------- d-----w- c:\program files\DivX
2010-04-15 15:42 . 2010-03-25 04:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-15 15:36 . 2010-03-25 04:21 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-15 15:35 . 2010-03-25 04:21 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-07 22:26 . 2010-01-25 05:31 -------- d-----w- c:\program files\ApexDC++
2010-04-05 02:55 . 2010-04-05 02:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 02:55 . 2009-05-28 04:50 -------- d-----w- c:\programdata\Symantec
2010-04-05 02:53 . 2010-04-05 02:48 -------- d-----w- c:\program files\Symantec
2010-04-05 02:53 . 2010-04-05 02:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-05 02:53 . 2010-04-05 02:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-05 02:53 . 2010-04-05 02:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-05 02:40 . 2009-05-28 04:50 -------- d-----w- c:\programdata\Norton
2010-03-30 13:05 . 2010-03-30 13:05 0 ----a-w- c:\windows\system32\cd.dat
2010-03-29 08:00 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2010-03-29 08:00 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2010-03-29 08:00 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2010-03-29 08:00 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2010-03-29 04:02 . 2010-02-05 04:15 -------- d-----w- c:\program files\SPSS
2010-03-25 04:21 . 2010-03-25 04:21 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-25 04:21 . 2010-03-25 04:21 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-25 04:21 . 2010-03-25 04:21 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2010-03-25 04:20 . 2010-03-25 04:20 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-25 04:20 . 2010-03-25 04:20 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-25 04:19 . 2010-03-25 04:19 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-24 13:29 . 2009-05-28 04:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 05:17 . 2010-03-13 21:58 -------- d-----w- c:\program files\Java
2010-03-15 05:14 . 2010-03-15 05:14 -------- d-----w- c:\program files\Common Files\Java
2010-03-13 21:58 . 2010-03-13 21:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-11 05:36 . 2010-03-11 05:30 -------- d-----w- c:\program files\Hotspot Shield
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-24 14:16 . 2010-01-27 16:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 18:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 18:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 18:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 18:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-14 00:33 . 2010-02-14 00:33 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 04:19 . 2010-02-05 04:19 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-02-05 04:19 . 2010-02-05 04:19 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-02-05 04:14 . 2010-02-05 04:14 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-02-04 05:00 . 2010-02-04 05:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-01-13 16:32 157168 ----a-w- c:\programdata\Partner\partner.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 15:34 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-03-11 05:30 220208 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-04-03 698912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-10 862728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-13 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
R1 mhekxrev;mhekxrev;c:\windows\system32\drivers\mhekxrev.sys [x]
R2 EraserSvc10923;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-09 108392]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2010-01-13 110576]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-09-17 102448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15450&l=dis
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=2&o=vp32&d=0110&m=e625
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gho04mjk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT4&o=15447&locale=en_US&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 12:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-05-05 12:17:20
ComboFix-quarantined-files.txt 2010-05-05 16:17
Pre-Run: 42,558,828,544 bytes free
Post-Run: 44,821,078,016 bytes free
- - End Of File - - 95B4EEBE13D1E2E269840F6C04744AC0
Any help with this would be sooo sooo greatly appreciated. Thanks.
I am really not too knowledgeable about computers but my Symantic antivirus tells me that I have Backdoor.tidserv!inf (filename: ahcix86s.sys) on my computer and it can't fix it. I don't know if this is right but I downloaded Malwarebytes and got this log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4025
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
23/04/2010 12:08:30 PM
mbam-log-2010-04-23 (12-08-30).txt
Scan type: Full scan (C:\|)
Objects scanned: 246188
Time elapsed: 1 hour(s), 59 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\User\AppData\Local\Temp\0000324b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\SPSS folder\KEYGEN\keygen.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
I also downloaded combofix and got this log:
ComboFix 10-05-04.06 - User 05/05/2010 11:59:59.1.1 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.1789.1078 [GMT -4:00]
Running from: c:\users\User\Pictures\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-948558897-1585649047-789922506-500
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.
2010-05-05 16:09 . 2010-05-05 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-04 16:07 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVENG.SYS
2010-05-04 16:07 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVEX15.SYS
2010-05-04 16:07 . 2009-09-17 06:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVENG32.DLL
2010-05-04 16:07 . 2009-09-17 06:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\NAVEX32A.DLL
2010-05-04 16:07 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\CCERASER.DLL
2010-05-04 16:07 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\ECMSVR32.DLL
2010-05-04 16:07 . 2009-09-17 06:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\EECTRL.SYS
2010-05-04 16:07 . 2009-09-17 06:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100504.004\ERASER.SYS
2010-05-04 16:01 . 2010-05-05 03:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-04 15:02 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-04 15:02 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-04 15:02 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-23 13:49 . 2010-04-23 13:49 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-04-23 13:49 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 13:48 . 2010-04-23 13:48 -------- d-----w- c:\programdata\Malwarebytes
2010-04-23 13:48 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 13:48 . 2010-04-23 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 01:24 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVEX15.SYS
2010-04-21 01:24 . 2009-09-17 06:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVEX32A.DLL
2010-04-21 01:24 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVENG.SYS
2010-04-21 01:24 . 2009-09-17 06:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\EECTRL.SYS
2010-04-21 01:24 . 2009-09-17 06:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\NAVENG32.DLL
2010-04-21 01:24 . 2009-09-17 06:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\ERASER.SYS
2010-04-21 01:24 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\CCERASER.DLL
2010-04-21 01:24 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100420.024\ECMSVR32.DLL
2010-04-15 17:34 . 2010-04-15 17:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-15 15:43 . 2010-04-15 15:43 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 15:43 . 2010-04-15 15:43 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-15 15:42 . 2010-04-15 15:42 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-14 03:03 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 03:03 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 03:03 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 03:02 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 03:02 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 03:02 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 03:02 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 20:23 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 20:22 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 16:00 . 2010-01-25 15:03 104992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-04 15:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-04 15:31 . 2009-05-28 04:29 -------- d-----w- c:\programdata\Microsoft Help
2010-04-22 16:54 . 2010-01-27 04:20 -------- d-----w- c:\users\User\AppData\Roaming\BitTorrent
2010-04-22 16:51 . 2010-03-12 04:50 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-04-15 17:35 . 2010-03-25 04:17 -------- d-----w- c:\programdata\DivX
2010-04-15 15:43 . 2010-03-25 04:18 -------- d-----w- c:\program files\DivX
2010-04-15 15:42 . 2010-03-25 04:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-15 15:36 . 2010-03-25 04:21 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-15 15:35 . 2010-03-25 04:21 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-07 22:26 . 2010-01-25 05:31 -------- d-----w- c:\program files\ApexDC++
2010-04-05 02:55 . 2010-04-05 02:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 02:55 . 2009-05-28 04:50 -------- d-----w- c:\programdata\Symantec
2010-04-05 02:53 . 2010-04-05 02:48 -------- d-----w- c:\program files\Symantec
2010-04-05 02:53 . 2010-04-05 02:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-05 02:53 . 2010-04-05 02:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-05 02:53 . 2010-04-05 02:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-05 02:40 . 2009-05-28 04:50 -------- d-----w- c:\programdata\Norton
2010-03-30 13:05 . 2010-03-30 13:05 0 ----a-w- c:\windows\system32\cd.dat
2010-03-29 08:00 . 2010-03-29 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2010-03-29 08:00 . 2010-03-29 08:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2010-03-29 08:00 . 2010-03-29 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2010-03-29 08:00 . 2010-03-29 08:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2010-03-29 04:02 . 2010-02-05 04:15 -------- d-----w- c:\program files\SPSS
2010-03-25 04:21 . 2010-03-25 04:21 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-25 04:21 . 2010-03-25 04:21 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-25 04:21 . 2010-03-25 04:21 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2010-03-25 04:20 . 2010-03-25 04:20 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:20 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-25 04:20 . 2010-03-25 04:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-25 04:20 . 2010-03-25 04:20 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-25 04:19 . 2010-03-25 04:19 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-24 13:29 . 2009-05-28 04:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 05:17 . 2010-03-13 21:58 -------- d-----w- c:\program files\Java
2010-03-15 05:14 . 2010-03-15 05:14 -------- d-----w- c:\program files\Common Files\Java
2010-03-13 21:58 . 2010-03-13 21:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-11 05:36 . 2010-03-11 05:30 -------- d-----w- c:\program files\Hotspot Shield
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-24 14:16 . 2010-01-27 16:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 18:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 18:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 18:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 18:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-14 00:33 . 2010-02-14 00:33 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 04:19 . 2010-02-05 04:19 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-02-05 04:19 . 2010-02-05 04:19 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-02-05 04:14 . 2010-02-05 04:14 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-02-04 05:00 . 2010-02-04 05:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-01-13 16:32 157168 ----a-w- c:\programdata\Partner\partner.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 15:34 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-03-11 05:30 220208 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-04-03 698912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-10 862728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-13 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
R1 mhekxrev;mhekxrev;c:\windows\system32\drivers\mhekxrev.sys [x]
R2 EraserSvc10923;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-09 108392]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-04 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2010-01-13 110576]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-04-03 723488]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-09-17 102448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15450&l=dis
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=2&o=vp32&d=0110&m=e625
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gho04mjk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT4&o=15447&locale=en_US&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 12:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-05-05 12:17:20
ComboFix-quarantined-files.txt 2010-05-05 16:17
Pre-Run: 42,558,828,544 bytes free
Post-Run: 44,821,078,016 bytes free
- - End Of File - - 95B4EEBE13D1E2E269840F6C04744AC0
Any help with this would be sooo sooo greatly appreciated. Thanks.