Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> Virus Slowdown (hijack log)
tonyprime
post May 12 2009, 01:10 PM
Post #1


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
Lately ive tried to fix my friends computer but no matter what i do its slow and i dont know what else to do

here is a hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:00 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6060920
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - (no file)
O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - \iesplg.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Nwubu] rundll32.exe "C:\WINDOWS\ozubeyitamewiga.dll",e
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E4D10AC-60C4-4CF8-9852-7E3B8A35A569}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E4D10AC-60C4-4CF8-9852-7E3B8A35A569}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E4D10AC-60C4-4CF8-9852-7E3B8A35A569}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8997 bytes
Go to the top of the page
 
+Quote Post
tonyprime
post May 13 2009, 12:48 AM
Post #2


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
oh and i dont get why when i click a link, it'll just take me to a different one.
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

This post has been edited by Orange Blossom: May 13 2009, 08:02 PM
Go to the top of the page
 
+Quote Post
tonyprime
post May 20 2009, 11:37 AM
Post #3


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
anyone?
Go to the top of the page
 
+Quote Post
tonyprime
post May 24 2009, 02:39 PM
Post #4


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
now the pc is starting to freeze
Go to the top of the page
 
+Quote Post
KoanYorel
post May 26 2009, 12:08 PM
Post #5


Bleepin' Conundrum
******

Group: Emeritus
Posts: 19,461
Joined: 26-April 04
From: 65 miles due East of the "Logic Free Zone", in Md, USA
Member No.: 235
Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K


--------------------
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)
Go to the top of the page
 
+Quote Post
tonyprime
post May 27 2009, 09:23 PM
Post #6


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
here is a DDS log file


DDS (Ver_09-05-14.01) - NTFSx86
Run by Donny at 21:18:30.77 on Wed 05/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\PC Tools Firewall Plus\FWService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\oodag.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Donny\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
BHO: {53707962-6f74-2d53-2644-206d7942484f} -
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - No File
{cfee97a3-4911-444d-8be8-e243a23d3de2}
BHO: {d61d7e1a-6613-49ca-b6f9-51db248e209d} - \iesplg.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - No File
TB: Internet Service: {144a6b24-0ebc-4d89-bf09-a06a718e57b5} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {147D6308-0614-4112-89B1-31402F9B82C4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Nwubu] rundll32.exe "c:\windows\ozubeyitamewiga.dll",e
mRun: [QuickTime Task] "c:\program files\qt lite\qttask.exe" -atboottime
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [start] c:\program files\applications\iebtm.exe
mExplorerRun: [smile] c:\program files\applications\wcs.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ierenewals.com/redirect.php
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: iesafetylist.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.19,85.255.112.120
TCP: {0E4D10AC-60C4-4CF8-9852-7E3B8A35A569} = 85.255.112.19,85.255.112.120
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {44e670f2-d57b-4815-a576-955d17dbbf2d}: auditioned
STS: {27cb634d-c84e-4c00-9b53-f5523601dbad} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli cmshant.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\donny\applic~1\mozilla\firefox\profiles\578mfmpc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: XUL Cache: {C8B15E37-603F-4950-A956-953A3F8A8434} - c:\documents and settings\donny\local settings\application data\{C8B15E37-603F-4950-A956-953A3F8A8434}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-28 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-3 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-28 107272]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-1-17 159600]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-4-28 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-4-28 231704]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-1-17 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2008-3-3 146800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-8 24652]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-1-17 95640]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]

=============== Created Last 30 ================

2009-05-21 19:19 20,320 a------- c:\windows\system32\oodbs.lor
2009-05-21 19:17 <DIR> --d----- c:\windows\system32\oodag
2009-05-21 19:14 <DIR> --d----- c:\program files\OO Software
2009-05-12 13:09 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2008-03-07 17:57 0 a------- c:\program files\temp01
2007-02-23 17:33 290 ac------ c:\docume~1\donny\applic~1\wklnhst.dat
2006-11-28 18:14 81,920 ac------ c:\docume~1\donny\applic~1\ezpinst.exe
2006-11-28 18:14 47,360 ac------ c:\docume~1\donny\applic~1\pcouffin.sys
2005-05-13 18:12 217,073 ac-shr-- c:\windows\meta4.exe
2005-10-24 12:13 66,560 ac-shr-- c:\windows\MOTA113.exe
2005-10-13 22:27 422,400 ac-shr-- c:\windows\x2.64.exe
2005-10-07 20:14 308,224 ac-shr-- c:\windows\system32\avisynth.dll
2005-07-14 13:31 27,648 ac-shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 16:32 616,448 ac-shr-- c:\windows\system32\cygwin1.dll
2005-06-21 23:37 45,568 ac-shr-- c:\windows\system32\cygz.dll
2006-04-27 11:24 2,945,024 ac-shr-- c:\windows\system32\Smab.dll
2005-02-28 14:16 240,128 ac-shr-- c:\windows\system32\x.264.exe

============= FINISH: 21:19:14.91 ===============

and an attach file attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/21/2006 5:57:20 PM
System Uptime: 5/27/2009 1:28:56 PM (8 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel® Pentium® D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 6.81 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP846: 12/24/2008 5:36:20 AM - System Checkpoint
RP847: 12/25/2008 6:13:00 AM - System Checkpoint
RP848: 12/26/2008 6:37:49 AM - System Checkpoint
RP849: 12/27/2008 6:41:42 AM - System Checkpoint
RP850: 12/28/2008 12:42:28 PM - System Checkpoint
RP851: 12/29/2008 1:01:08 PM - System Checkpoint
RP852: 12/30/2008 5:36:21 PM - System Checkpoint
RP853: 12/31/2008 7:30:12 PM - System Checkpoint
RP854: 1/1/2009 7:41:27 PM - System Checkpoint
RP855: 1/2/2009 6:17:59 PM - Installed Yugioh Virtual Dueling
RP856: 1/3/2009 8:06:12 PM - System Checkpoint
RP857: 1/4/2009 8:25:05 PM - System Checkpoint
RP858: 1/5/2009 9:09:36 PM - System Checkpoint
RP859: 1/6/2009 11:42:35 PM - System Checkpoint
RP860: 1/8/2009 4:50:48 AM - System Checkpoint
RP861: 1/9/2009 5:00:35 AM - System Checkpoint
RP862: 1/10/2009 5:58:43 PM - System Checkpoint
RP863: 1/12/2009 12:58:41 AM - System Checkpoint
RP864: 1/13/2009 1:23:59 AM - System Checkpoint
RP865: 1/14/2009 2:48:23 AM - System Checkpoint
RP866: 1/14/2009 5:00:17 PM - Software Distribution Service 3.0
RP867: 1/15/2009 10:33:24 PM - System Checkpoint
RP868: 1/17/2009 12:39:36 AM - System Checkpoint
RP869: 1/18/2009 2:44:10 AM - System Checkpoint
RP870: 1/19/2009 4:36:07 AM - System Checkpoint
RP871: 1/20/2009 5:10:39 AM - System Checkpoint
RP872: 1/21/2009 5:11:03 AM - System Checkpoint
RP873: 1/22/2009 6:10:59 AM - System Checkpoint
RP874: 1/23/2009 7:10:48 AM - System Checkpoint
RP875: 1/24/2009 1:59:20 PM - System Checkpoint
RP876: 1/25/2009 2:09:13 PM - System Checkpoint
RP877: 1/26/2009 2:41:18 PM - System Checkpoint
RP878: 1/27/2009 3:08:59 PM - System Checkpoint
RP879: 1/28/2009 3:29:38 PM - System Checkpoint
RP880: 1/29/2009 6:13:03 PM - System Checkpoint
RP881: 1/30/2009 6:33:58 PM - System Checkpoint
RP882: 1/31/2009 9:09:19 PM - System Checkpoint
RP883: 2/1/2009 8:11:20 AM - Avg8 Update
RP884: 2/2/2009 9:29:33 AM - Avg8 Update
RP885: 2/3/2009 10:13:17 AM - System Checkpoint
RP886: 2/4/2009 9:36:13 AM - Avg8 Update
RP887: 2/5/2009 10:01:51 AM - System Checkpoint
RP888: 2/6/2009 12:02:49 PM - System Checkpoint
RP889: 2/7/2009 12:22:59 PM - System Checkpoint
RP890: 2/8/2009 2:17:50 PM - System Checkpoint
RP891: 2/9/2009 4:44:48 PM - System Checkpoint
RP892: 2/10/2009 5:24:43 PM - System Checkpoint
RP893: 2/12/2009 2:12:50 AM - System Checkpoint
RP894: 2/12/2009 5:00:17 PM - Software Distribution Service 3.0
RP895: 2/13/2009 5:41:34 PM - System Checkpoint
RP896: 2/14/2009 5:42:08 PM - System Checkpoint
RP897: 2/15/2009 9:16:13 PM - System Checkpoint
RP898: 2/16/2009 11:31:14 PM - System Checkpoint
RP899: 2/17/2009 11:57:20 PM - System Checkpoint
RP900: 2/19/2009 12:00:05 AM - System Checkpoint
RP901: 2/19/2009 6:23:26 PM - HOTLLAMA Media Player Installation
RP902: 2/20/2009 8:50:48 PM - System Checkpoint
RP903: 2/22/2009 3:48:13 AM - System Checkpoint
RP904: 2/23/2009 4:00:00 AM - System Checkpoint
RP905: 2/24/2009 5:27:15 AM - System Checkpoint
RP906: 2/25/2009 1:41:42 PM - System Checkpoint
RP907: 2/25/2009 5:00:16 PM - Software Distribution Service 3.0
RP908: 2/26/2009 6:50:38 PM - System Checkpoint
RP909: 2/27/2009 11:52:07 PM - System Checkpoint
RP910: 3/1/2009 3:14:50 AM - System Checkpoint
RP911: 3/2/2009 7:25:18 AM - System Checkpoint
RP912: 3/3/2009 7:50:57 AM - System Checkpoint
RP913: 3/4/2009 10:02:52 AM - System Checkpoint
RP914: 3/5/2009 4:38:48 PM - System Checkpoint
RP915: 3/6/2009 6:27:32 PM - System Checkpoint
RP916: 3/7/2009 7:12:10 PM - System Checkpoint
RP917: 3/9/2009 1:46:04 AM - System Checkpoint
RP918: 3/10/2009 6:11:07 AM - System Checkpoint
RP919: 3/11/2009 6:36:41 AM - System Checkpoint
RP920: 3/11/2009 4:00:16 PM - Software Distribution Service 3.0
RP921: 3/12/2009 11:36:47 PM - System Checkpoint
RP922: 3/14/2009 12:48:01 AM - System Checkpoint
RP923: 3/15/2009 2:42:56 AM - System Checkpoint
RP924: 3/15/2009 5:00:16 PM - Software Distribution Service 3.0
RP925: 3/16/2009 7:40:10 PM - System Checkpoint
RP926: 3/17/2009 10:55:06 PM - System Checkpoint
RP927: 3/19/2009 12:17:42 AM - System Checkpoint
RP928: 3/20/2009 1:16:40 AM - System Checkpoint
RP929: 3/21/2009 2:16:40 AM - System Checkpoint
RP930: 3/22/2009 2:35:20 AM - System Checkpoint
RP931: 3/23/2009 3:35:24 AM - System Checkpoint

==== Installed Programs ======================

Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced SystemCare 3
Ahead Nero Burning ROM
Ahead NeroVision Express
AIM 6
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoCAD 2008 - English
AVG Free 8.0
Battle.net
Big Fish Games Client
BitLord 1.1
Brain Challenge
Browser Protection Volume
Build Your Own Net Dream (remove only)
CCleaner (remove only)
CDisplay 1.8
Combined Community Codec Pack 2007-07-22
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 2.1.5.173
Counter-Strike
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Diablo
Digital Content Portal
Digital Line Detect
DigitalHQ
DivX Web Player
Documentation & Support Launcher
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EducateU
ELIcon
ESPNMotion
GTK+ Runtime 2.6.9 rev a (remove only)
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IEBrowse Tool
IExplorer Bar
ijji
ijji FireFox Launcher 1.0
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
InterActual Player
Internet Explorer Secure Plug-in
Internet Service Offers Launcher
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Learning Essentials for Microsoft Office
Lexmark X1100 Series
LimeWire PRO 4.12.3
MapleStory
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
O&O Defrag Professional
Octoshape add-in for Adobe Flash Player
Outspark Launcher
Pack Vista Inspirat 2 1.0
Pando Media Booster
PC Tools Firewall Plus 5.0
PictoWords (remove only)
Portal
PowerISO
Punch! Master Landscape Pro
QT Lite 1.1.1
Qualxserve Service Agreement
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sandlot Games Client Services
Security Messenger
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Solid State ION Mozilla Plugin
Sonic Activation Module
Sonic Encoders
Steam
Tomb Raider: Underworld Demo
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
USB Storage Driver
Ventrilo Client
VeohTV BETA
Viewpoint Media Player
Warning Center
WebFldrs XP
Winamp
Winamp Remote
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/25/2009 7:08:55 PM, error: Service Control Manager [7034] - The PC Tools Firewall Plus service terminated unexpectedly. It has done this 1 time(s).
5/22/2009 11:58:22 AM, error: Dhcp [1002] - The IP address lease 72.191.158.225 for the Network Card with network address 001372E5749C has been denied by the DHCP server 10.242.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
Go to the top of the page
 
+Quote Post
Hoov
post May 28 2009, 06:16 PM
Post #7


Forum Addict
******

Group: HJT Team
Posts: 3,478
Joined: 5-January 09
From: Mikado Michigan
Member No.: 278,689
Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.


In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


--------------------
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families
Go to the top of the page
 
+Quote Post
tonyprime
post May 30 2009, 09:01 PM
Post #8


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
i got both programs and install but both wont open up
Go to the top of the page
 
+Quote Post
Hoov
post May 31 2009, 10:47 AM
Post #9


Forum Addict
******

Group: HJT Team
Posts: 3,478
Joined: 5-January 09
From: Mikado Michigan
Member No.: 278,689
rename mbam.exe to ncbn.exe and try to run the scan. If it still won't run, reboot to safe mode and try running it from there.


--------------------
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families
Go to the top of the page
 
+Quote Post
Hoov
post Jun 13 2009, 11:33 PM
Post #10


Forum Addict
******

Group: HJT Team
Posts: 3,478
Joined: 5-January 09
From: Mikado Michigan
Member No.: 278,689
tonyprime, do you still need help?


--------------------
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families
Go to the top of the page
 
+Quote Post
tonyprime
post Jun 14 2009, 06:00 PM
Post #11


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
im truly sorry about not responding... ive been out for quiet a while due to personal issues, but as of now i'll be on following everything you tell me to do. right now i rename the malwarebytes program and it opens... as for CCleaner it still closes while is scans.

here is the log from Malwarebytes

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/14/2009 5:59:00 PM
mbam-log-2009-06-14 (17-59-00).txt

Scan type: Quick Scan
Objects scanned: 94825
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 11
Registry Data Items Infected: 6
Folders Infected: 5
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DigitalHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwubu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0e4d10ac-60c4-4cf8-9852-7e3b8a35a569}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0e4d10ac-60c4-4cf8-9852-7e3b8a35a569}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0e4d10ac-60c4-4cf8-9852-7e3b8a35a569}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.19,85.255.112.120 -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Donny\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Program Files\Sotfone (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\Start Menu\Programs\DigitalHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DigitalHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Donny\application data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\home.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\application data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\start menu\Programs\digitalhq\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\digitalhq\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Donny\favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
Go to the top of the page
 
+Quote Post
Hoov
post Jun 16 2009, 07:45 PM
Post #12


Forum Addict
******

Group: HJT Team
Posts: 3,478
Joined: 5-January 09
From: Mikado Michigan
Member No.: 278,689
No worries, I understand personal problems. I have been having internet problems myself. It would be nice to go thru life with no problems wouldn't it?

Ok with the problems that you showed up with in the scan, could you please update Malwarebytes' Anti-Malware and run a full scan and post the log?


--------------------
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families
Go to the top of the page
 
+Quote Post
tonyprime
post Jun 16 2009, 11:14 PM
Post #13


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
ok i updated and here is the log

Malwarebytes' Anti-Malware 1.37
Database version: 2291
Windows 5.1.2600 Service Pack 3

6/16/2009 10:57:00 PM
mbam-log-2009-06-16 (22-57-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227434
Time elapsed: 34 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
Go to the top of the page
 
+Quote Post
Hoov
post Jun 18 2009, 02:51 PM
Post #14


Forum Addict
******

Group: HJT Team
Posts: 3,478
Joined: 5-January 09
From: Mikado Michigan
Member No.: 278,689
I think the infection is still there, so lets dig deeper.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


--------------------
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families
Go to the top of the page
 
+Quote Post
tonyprime
post Jun 24 2009, 10:26 PM
Post #15


Member
**

Group: Members
Posts: 19
Joined: 27-April 09
Member No.: 325,749
ComboFix 09-06-23.01 - Donny 06/24/2009 22:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.627 [GMT -5:00]
Running from: c:\documents and settings\Donny\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Helper
c:\windows\system32\drivers\gaopdxpwuoemayuoglaquowqlwpamjkvpisflm.sys
c:\windows\system32\gaopdxnccservpendmxnhngoarowejdhwroqvu.dll
C:\Autorun.inf
c:\windows\kb913800.exe
c:\windows\system32\drivers\gaopdxpwuoemayuoglaquowqlwpamjkvpisflm.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxnccservpendmxnhngoarowejdhwroqvu.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 01:21 . 2009-06-25 01:21 -------- d-----w- c:\docume~1\Donny\APPLIC~1\GlarySoft
2009-06-25 01:14 . 2009-06-25 01:14 -------- d-----w- c:\program files\Glary Utilities
2009-06-25 00:36 . 2009-06-25 00:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-25 00:36 . 2009-06-25 00:36 -------- d-----w- c:\program files\Reference Assemblies
2009-06-25 00:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-25 00:35 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-25 00:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-25 00:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-25 00:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-25 00:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-25 00:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-25 00:35 . 2009-06-25 00:35 -------- d-----w- C:\d40d7fc0a9cc1d0fc87f2ef40e
2009-06-25 00:34 . 2009-06-25 00:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-25 00:15 . 2009-06-25 00:25 1472 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-25 00:14 . 2009-06-25 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-06-25 00:14 . 2009-06-25 00:14 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-06-25 00:14 . 2009-06-25 00:14 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-06-25 00:14 . 2009-06-25 00:14 168208 ----a-w- c:\windows\system32\guard32.dll
2009-06-25 00:14 . 2009-06-25 00:14 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-06-25 00:14 . 2009-06-25 00:14 -------- d-----w- c:\program files\COMODO
2009-06-23 18:38 . 2009-06-25 00:07 -------- d-----w- c:\program files\AIMTunes
2009-06-23 18:38 . 2009-06-23 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-23 05:56 . 2009-06-23 05:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-17 12:03 . 2009-06-17 12:03 -------- d-sh--w- c:\documents and settings\Donny\PrivacIE
2009-06-17 04:09 . 2009-06-17 04:09 -------- d-sh--w- c:\documents and settings\Donny\IETldCache
2009-06-17 01:15 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 01:15 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-17 01:15 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-17 01:15 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 01:15 . 2009-06-17 01:15 -------- d-----w- c:\windows\ie8updates
2009-06-17 01:15 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-17 01:13 . 2009-06-17 01:14 -------- dc-h--w- c:\windows\ie8
2009-06-15 01:40 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-15 01:40 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-15 01:40 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-06-15 01:40 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-15 01:40 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-06-15 01:40 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-15 01:40 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-15 01:40 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-06-15 01:40 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-06-15 01:39 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-15 01:39 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-14 22:53 . 2009-06-14 22:53 -------- d-----w- c:\docume~1\Donny\APPLIC~1\Malwarebytes
2009-06-14 22:42 . 2009-06-14 22:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-31 01:49 . 2009-05-31 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-31 01:49 . 2009-06-25 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 02:56 . 2009-02-07 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-25 02:36 . 2006-09-21 23:33 116472 -c--a-w- c:\documents and settings\Donny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 01:10 . 2008-03-24 23:49 -------- d-----w- c:\program files\Steam
2009-06-25 00:36 . 2008-11-26 01:24 -------- d-----w- c:\program files\MSBuild
2009-06-25 00:11 . 2007-12-02 18:44 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-25 00:05 . 2008-03-04 00:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-25 00:05 . 2008-03-04 00:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-06-25 00:02 . 2007-08-16 03:47 -------- d--h--w- c:\docume~1\Donny\APPLIC~1\ijjigame
2009-06-25 00:01 . 2007-04-23 15:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 18:38 . 2007-10-08 19:41 1144808 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-06-23 18:38 . 2006-09-20 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-23 18:38 . 2006-09-20 18:34 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-06-23 18:38 . 2007-10-08 19:39 -------- d-----w- c:\program files\AIM6
2009-05-13 05:15 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 18:09 . 2009-05-12 18:09 -------- d-----w- c:\program files\Trend Micro
2009-05-07 15:32 . 2005-08-16 09:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2005-08-16 09:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 21:57 . 2009-04-14 21:22 408 ----a-w- c:\windows\Cbiluyiro.dat
2009-04-15 14:51 . 2005-08-16 09:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-03-07 22:57 . 2008-03-07 22:57 0 ----a-w- c:\program files\temp01
2007-08-09 18:08 . 2006-09-22 03:13 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2006-09-22 03:13 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 . 2005-05-13 23:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 17:13 . 2005-10-24 17:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 03:27 . 2005-10-14 03:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 01:14 . 2005-10-08 01:14 308224 -csha-r- c:\windows\system32\avisynth.dll
2005-07-14 18:31 . 2005-07-14 18:31 27648 -csha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 21:32 . 2005-06-26 21:32 616448 -csha-r- c:\windows\system32\cygwin1.dll
2005-06-22 04:37 . 2005-06-22 04:37 45568 -csha-r- c:\windows\system32\cygz.dll
2006-04-27 16:24 . 2006-04-27 16:24 2945024 -csha-r- c:\windows\system32\Smab.dll
2005-02-28 19:16 . 2005-02-28 19:16 240128 -csha-r- c:\windows\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-25 1794320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Donny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Donny^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nwubu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\tonyprime\\team fortress 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17801:TCP"= 17801:TCP:*:Disabled:SolidNetworkManager
"17801:UDP"= 17801:UDP:*:Disabled:SolidNetworkManager
"17081:TCP"= 17081:TCP:*:Disabled:SolidNetworkManager
"17081:UDP"= 17081:UDP:*:Disabled:SolidNetworkManager
"56557:TCP"= 56557:TCP:*:Disabled:SolidNetworkManager
"56557:UDP"= 56557:UDP:*:Disabled:SolidNetworkManager
"56265:TCP"= 56265:TCP:Pando Media Booster
"56265:UDP"= 56265:UDP:Pando Media Booster
"57236:TCP"= 57236:TCP:Pando Media Booster
"57236:UDP"= 57236:UDP:Pando Media Booster

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/24/2009 7:14 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/24/2009 7:14 PM 24096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/8/2007 2:40 PM 24652]
S0 vfotpgax;vfotpgax;c:\windows\system32\drivers\daprknor.sys --> c:\windows\system32\drivers\daprknor.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-06-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-25 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: iesafetylist.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 22:17
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="092C697BEE308F6A0A901F4AD902AE78A8AFC0155904C1AA303525CDCA8FE14E65A91AC2FD8
1A409A4294811EAFE6505C4A8D99ACDBB55B4524E77107F6062A719561A8E2BF16BE8FB8820C54A5
6437697413FB7785E0A40FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC3
8DE3DA6171C11EC38DE3DD7D9D5737113BDA339F95C99052283F20690278FA6295933E9B49730C2D
F0EA1307541122242AC9769D9D4463524528465FCDB1BB6C7D00AFE32C7021B972795AD3CCBEDD1D
74199F2128BD5D4FE11CC113896BD8991ED7D1624B44DF18ECEF130B50181AD6DC960D8BB5B5EC5B
16AE9CE0B9EC2D48459B4D924B13AF2E3C90867EB61ECF3634682F2F01019FD7ABEDCBA41AC1DE45
EEEB94C4F8612DCF8930A5C6E61F37B5DEFFDEBD26AE2065D200C452C6F6415A83FFAC248EB4582F
4588E65CFE780AAC031B2C184213BFBA458BEB12009CFDAA98ECBE4B394E4CCC07913B225529B7E3
B2664472D5B499059E0A398760FBFB870D6E0AF3C20A9358B8D75C40A6EF707B9A33BA3F8B654094
FE9CCE38A8B34CCCB4355F48FA76ECBC7DCF9729E8266696F2F45D11744C9BE96572ED43E7D5443D
1B4A8D75EB4B0342A65C76403C561DB5504719FBB893A1F8ABFA2FE76D568DDDD403BD15F4894A42
DD86998DFE4042CA58F15B11FFEDA2B46EFE54A1A7A60F38AAD5530CAD360E9111D4F61DD7E0EBBD
EF5E7FC7B9284F8A8669BF217464DF0B8792013DFBEFEE1D4CACC642EA762FBC30C07CC1024B3B0D
7574686DD07E4508F55AAEEDE637F804131981B81680B775EDDF13FA2880A10BB2952EA637E81A67
624678E8E92944D5FCECFD30F3BB24AF5A88D49F9894CE87F798BD7A0E120989C7FAC8C388D96637
CDB6F2F929329231DDE23AFE0E4631F9396A358105D63627033B4D9290DFDF02CC15C2548D1E3C72
529DC8EA84ADBAD2C83AFCCB58D115029C09DBC33B9EA3AC41C5EFC74CFF78FA4DF4C53A3DE66A0C
17829E7930513C5BFDBE94D2CB42197DEBD1FD5DD5923E7789167C1A83DD8991160ED33B34978387
16E8077ED118571D92DAFA0CF2EC4D03F8205EF16702B4E985B3F88A15470333D932B7C55D3A54A5
7A183251703E15D5BA760C949F9FA071D3DC119ED14D2D36B9B197145F92E34BD0AEF7A86FEA0B6F
42C9C0C275089A2270D00E6AFEB99CD038BDBBE2371F1D4B688B21076BECD1AF56EBCCB96DABA908
30767CCFB3061E4529CEA22D71EE96931F06AA7C0D2D9D40F81A86E83F69657C098C773F2ABEDF56
93A1FAA50562FC05FCD1AD643BD58CEB1AAADAF5D764C10B467D85DB29C236E9D85B7BE0065813EB
65CA987E1787F7E96E47B9C189CABE7F54BB1DB60B30DCF0A5358"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-25 22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 03:21

Pre-Run: 13,000,228,864 bytes free
Post-Run: 12,923,850,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

252 --- E O F --- 2009-06-25 01:02
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 08:43 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.