i think i have a hacker or virus!! please help

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

i think i have a hacker or virus!! please help

Options

kshoney44 View Member Profile	Jan 1 2010, 04:54 AM Post #1
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	first time here..... i've been having a ton of problems and i think maybe someone is accessing my computer.here is a few of MANY problems....slow, crashing, freezing, visual c++ errors, many different antivirus progams not updating or starting or they close mid scan. someone recommended doing a hijack this scan so here it is!! any help you can offer would be greatly appreciated!! i'm ripping my hair out and about to throw my computer out the window!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:24:53 AM, on 1/1/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe c:Program FilesMicrosoft Security EssentialsMsMpEng.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32hkcmd.exe C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe C:Program FilesJavajre1.6.0_06binjusched.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32rundll32.exe C:Program FilesMicrosoft Security Essentialsmsseces.exe c:PROGRA~1COMMON~1MICROS~1DWDW20.EXE C:WINDOWSsystem32rundll32.exe C:Program FilesInternet ExplorerIEXPLORE.EXE C:WINDOWSsystem32rundll32.exe C:Program FilesInternet ExplorerIEXPLORE.EXE C:WINDOWSpchealthhelpctrbinarieshelpctr.exe C:WINDOWSPCHealthHelpCtrBinariesHelpSvc.exe C:Documents and SettingsOwnerDesktopHiJackThis2HijackThis.exe C:WINDOWSsystem32spider.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_06binssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe O4 - HKLM..Run: [Motive SmartBridge] C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_06binjusched.exe" O4 - HKLM..Run: [MSSE] "c:Program FilesMicrosoft Security Essentialsmsseces.exe" -hide O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing) O15 - Trusted Zone: .att.net O15 - Trusted Zone: http://.att.net O15 - Trusted Zone: www.ebay.com O15 - Trusted Zone: http://.mcafee.com O15 - Trusted Zone: .sbcglobal.net O15 - Trusted Zone: http://.sbcglobal.net O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211409827093 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:Program FilesMicrosoft Windows OneCare Livewinss.exe (file missing) -- End of file - 4756 bytes DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 23:54:39.78 on Fri 01/01/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.126.21 [GMT -5:00] AV: Microsoft Security Essentials On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:WINDOWSsystem32svchost -k DcomLaunch svchost.exe c:Program FilesMicrosoft Security EssentialsMsMpEng.exe C:WINDOWSSystem32svchost.exe -k netsvcs svchost.exe svchost.exe C:WINDOWSsystem32spoolsv.exe svchost.exe C:WINDOWSExplorer.EXE C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe C:Program FilesJavajre1.6.0_06binjusched.exe C:Program FilesMicrosoft Security Essentialsmsseces.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32taskmgr.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Documents and SettingsOwnerDesktopdds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_06binssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpnYTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe mRun: [IgfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Motive SmartBridge] c:progra~1sbcsel~1smartb~1MotiveSB.exe mRun: [SunJavaUpdateSched] "c:program filesjavajre1.6.0_06binjusched.exe" mRun: [MSSE] "c:program filesmicrosoft security essentialsmsseces.exe" -hide IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_06binssv.dll Trusted Zone: att.net Trusted Zone: ebay.comwww Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com Trusted Zone: yahoo.compn1.adserver DPF: DirectAnimation Java Classes - file://c:windowsjavaclassesdajava.cab DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196a.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211409827093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2009-6-18 142832] R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-11-23 74480] R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-11-23 7408] =============== Created Last 30 ================ 2010-01-01 22:21:19 0 d-----w- c:program filescommon filesWise Installation Wizard 2010-01-01 22:10:40 0 d-----w- c:program filesMalwarebytes' Anti-Malware 2010-01-01 06:53:06 0 d-s---w- c:documents and settingsowner%USERPROFILE% 2009-12-29 13:20:24 274288 ----a-w- c:windowssystem32mucltui.dll 2009-12-29 13:20:24 215920 ----a-w- c:windowssystem32muweb.dll 2009-12-29 13:20:24 16736 ----a-w- c:windowssystem32mucltui.dll.mui 2009-12-29 09:43:37 0 d-----w- C:8d1f879bc5941325460c55907fa7 2009-12-29 09:34:09 195456 ------w- c:windowssystem32MpSigStub.exe 2009-12-29 09:28:25 0 d-----w- c:program filesMicrosoft Security Essentials 2009-12-29 05:06:31 25992 ----a-w- c:windowssystem32pgdfgsvc.exe 2009-12-29 04:55:52 8832 -c--a-w- c:windowssystem32dllcachewmiacpi.sys 2009-12-29 04:54:55 98304 -c--a-w- c:windowssystem32dllcacheverifier.exe 2009-12-29 04:53:57 149376 -c--a-w- c:windowssystem32dllcachetffsport.sys 2009-12-29 04:52:29 58368 -c--a-w- c:windowssystem32dllcachesmiminib.sys 2009-12-29 04:51:51 18400 -c--a-w- c:windowssystem32dllcachesgsmld.sys 2009-12-29 04:50:57 20992 -c--a-w- c:windowssystem32dllcachertl8139.sys 2009-12-29 04:50:57 19017 -c--a-w- c:windowssystem32dllcachertl8029.sys 2009-12-29 04:50:56 30720 -c--a-w- c:windowssystem32dllcacherthwcls.sys 2009-12-29 04:50:54 132608 -c--a-w- c:windowssystem32dllcachersvp.exe 2009-12-29 04:50:53 9216 -c--a-w- c:windowssystem32dllcachersmgrstr.dll 2009-12-29 04:50:52 3840 -c--a-w- c:windowssystem32dllcacherpfun.sys 2009-12-29 04:50:48 79104 -c--a-w- c:windowssystem32dllcacherocket.sys 2009-12-29 04:50:47 37563 -c--a-w- c:windowssystem32dllcacherlnet5.sys 2009-12-29 04:50:46 9728 -c--a-w- c:windowssystem32dllcachereset.exe 2009-12-29 04:50:46 86097 -c--a-w- c:windowssystem32dllcachereslog32.dll 2009-12-29 04:50:02 19584 -c--a-w- c:windowssystem32dllcacherasirda.sys 2009-12-29 04:50:00 899146 -c--a-w- c:windowssystem32dllcacher2mdkxga.sys 2009-12-29 04:50:00 714762 -c--a-w- c:windowssystem32dllcacher2mdmkxx.sys 2009-12-29 04:48:59 39424 -c--a-w- c:windowssystem32dllcacheovcoms.exe 2009-12-29 04:47:59 91488 -c--a-w- c:windowssystem32dllcachen9i3disp.dll 2009-12-29 04:46:56 6528 -c--a-w- c:windowssystem32dllcacheminiqic.sys 2009-12-29 04:45:55 37376 -c--a-w- c:windowssystem32dllcachekousd.dll 2009-12-29 04:45:52 253952 -c--a-w- c:windowssystem32dllcachekdsusd.dll 2009-12-29 04:45:51 48640 -c--a-w- c:windowssystem32dllcachekdsui.dll 2009-12-29 04:44:50 8192 -c--a-w- c:windowssystem32dllcachekbdkor.dll 2009-12-29 04:44:49 8704 -c--a-w- c:windowssystem32dllcachekbdjpn.dll 2009-12-29 04:44:10 14592 -c--a-w- c:windowssystem32dllcachekbdhid.sys 2009-12-29 04:44:00 6144 -c--a-w- c:windowssystem32dllcachekbd106.dll 2009-12-29 04:44:00 5632 -c--a-w- c:windowssystem32dllcachekbd103.dll 2009-12-29 04:42:52 102463 -c--a-w- c:windowssystem32dllcacheimepadsm.dll 2009-12-29 04:41:55 10129408 -c--a-w- c:windowssystem32dllcachehwxkor.dll 2009-12-29 04:40:59 322432 -c--a-w- c:windowssystem32dllcacheg400m.sys 2009-12-29 04:39:11 24618 -c--a-w- c:windowssystem32dllcachefa410nd5.sys 2009-12-29 04:39:10 16074 -c--a-w- c:windowssystem32dllcachefa312nd5.sys 2009-12-29 04:39:08 12362 -c--a-w- c:windowssystem32dllcachef3ab18xi.sys 2009-12-29 04:39:08 11850 -c--a-w- c:windowssystem32dllcachef3ab18xj.sys 2009-12-29 04:39:01 7040 -c--a-w- c:windowssystem32dllcacheexabyte2.sys 2009-12-29 04:39:01 16998 -c--a-w- c:windowssystem32dllcacheex10.sys 2009-12-29 04:37:59 334208 -c--a-w- c:windowssystem32dllcacheds1wdm.sys 2009-12-29 04:36:55 91305 -c--a-w- c:windowssystem32dllcachedimaint.sys 2009-12-29 04:35:55 49792 -c--a-w- c:windowssystem32dllcachecyzport.sys 2009-12-29 04:34:59 49182 -c--a-w- c:windowssystem32dllcachecem56n5.sys 2009-12-29 04:33:57 54271 -c--a-w- c:windowssystem32dllcachebcm42xx5.sys 2009-12-29 04:29:55 101888 -c--a-w- c:windowssystem32dllcacheadpu160m.sys 2009-12-29 04:28:59 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll 2009-12-24 19:52:13 0 d-sh--w- c:documents and settingsownerIECompatCache 2009-12-24 18:39:53 0 d-sh--w- c:documents and settingsownerPrivacIE 2009-12-24 18:26:31 0 d-sh--w- c:documents and settingsownerIETldCache 2009-12-24 17:54:52 12800 -c----w- c:windowssystem32dllcachexpshims.dll 2009-12-24 17:54:49 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll 2009-12-24 17:54:48 594432 -c----w- c:windowssystem32dllcachemsfeeds.dll 2009-12-24 17:54:48 246272 -c----w- c:windowssystem32dllcacheieproxy.dll 2009-12-24 17:54:48 1985536 -c----w- c:windowssystem32dllcacheiertutil.dll 2009-12-24 17:54:45 11069952 -c----w- c:windowssystem32dllcacheieframe.dll 2009-12-24 17:54:14 0 d-----w- c:windowsie8updates 2009-12-24 17:53:24 92160 -c----w- c:windowssystem32dllcacheiecompat.dll 2009-12-24 17:49:59 0 dc-h--w- c:windowsie8 2009-12-24 09:39:55 1089593 -c----w- c:windowssystem32dllcachentprint.cat 2009-12-14 14:34:39 0 ----a-w- c:windowsCyoyoxo.bin 2009-12-14 14:34:36 120 ----a-w- c:windowsLyeseburi.dat 2009-12-14 14:27:23 0 ----a-w- c:windowssystem32driversbvszpf.sys 2009-12-13 22:50:36 0 d-----w- c:docume~1alluse~1applic~1McAfee Security Scan 2009-12-10 00:44:41 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com 2009-12-10 00:43:29 0 d-----w- c:program filesSUPERAntiSpyware 2009-12-10 00:43:28 0 d-----w- c:docume~1ownerapplic~1SUPERAntiSpyware.com 2009-12-10 00:29:13 0 d-----w- c:docume~1ownerapplic~1Malwarebytes 2009-12-10 00:28:54 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes 2009-12-06 07:21:37 235520 ----a-w- c:documents and settingsownersysdump.tar ==================== Find3M ==================== 2009-11-30 05:45:03 61224 ----a-w- c:documents and settingsownerGoToAssistDownloadHelper.exe 2009-10-29 07:45:38 916480 ----a-w- c:windowssystem32wininet.dll 2009-10-29 04:48:52 499712 ----a-w- c:windowssystem32msvcp71.dll 2009-10-29 04:48:52 348160 ----a-w- c:windowssystem32msvcr71.dll 2009-10-21 05:38:36 75776 ----a-w- c:windowssystem32strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:windowssystem32httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:windowssystem32oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:windowssystem32rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:windowssystem32raschap.dll ============= FINISH: 23:55:51.98 =============== ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/01/01 23:44 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:WINDOWSSystem32Driversdump_atapi.sys Address: 0xF3A2A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS Address: 0xFCA6B000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:WINDOWSsystem32driversrootrepeal.sys Address: 0xF3378000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaresupportmpwpptracing.bin Status: Allocation size mismatch (API: 1048576, Raw: 65536) SSDT ------------------- #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:Program FilesSUPERAntiSpywareSASKUTIL.sys" at address 0xf30510b0 ==EOF== here is the other scan! also, just so you know i came across a file citrix online go to assist. i'm not sure if thats a windows thing or what?? but i don't have a wireless router and i never added that. i was debating deleting it but i'll wait til i hear back from you! This post has been edited by garmanma: Jan 6 2010, 11:50 AM Attached File(s) Attach.txt ( 69.84k ) Number of downloads: 16

elise025 View Member Profile	Jan 10 2010, 10:18 AM Post #2
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems. I will be working on your malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer. You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. ----------------------------------------------------------- If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt). Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. ------------------------------------------------------------- *Please be patient and I'd be grateful if you would note the following* The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one. In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem If you still need help, please include the following in your next reply A detailed description of your problems A new DDS log (don't forget attach.txt) GMER log Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box. Thanks and again sorry for the delay. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 10 2010, 03:11 PM Post #3
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 15:01:41.54 on Sun 01/10/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.126.19 [GMT -5:00] AV: Microsoft Security Essentials On-access scanning enabled (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe" mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll Trusted Zone: att.net Trusted Zone: ebay.com\www Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\www Trusted Zone: popcap.com\www Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d196a.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211409827093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2010-01-05 02:10:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-05 02:09:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 02:09:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-01 22:21:19 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-01-01 06:53:06 0 d-s---w- c:\documents and settings\owner\%USERPROFILE% 2009-12-29 13:20:24 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-29 13:20:24 215920 ----a-w- c:\windows\system32\muweb.dll 2009-12-29 13:20:24 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-12-29 09:43:37 0 d-----w- C:\8d1f879bc5941325460c55907fa7 2009-12-29 09:34:09 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-29 09:28:25 0 d-----w- c:\program files\Microsoft Security Essentials 2009-12-29 05:06:31 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-12-29 04:55:52 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-12-29 04:54:55 98304 -c--a-w- c:\windows\system32\dllcache\verifier.exe 2009-12-29 04:53:57 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-12-29 04:52:29 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2009-12-29 04:51:51 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2009-12-29 04:50:57 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys 2009-12-29 04:50:57 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys 2009-12-29 04:50:56 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys 2009-12-29 04:50:54 132608 -c--a-w- c:\windows\system32\dllcache\rsvp.exe 2009-12-29 04:50:53 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll 2009-12-29 04:50:52 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys 2009-12-29 04:50:48 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys 2009-12-29 04:50:47 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys 2009-12-29 04:50:46 9728 -c--a-w- c:\windows\system32\dllcache\reset.exe 2009-12-29 04:50:46 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll 2009-12-29 04:50:02 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys 2009-12-29 04:50:00 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2009-12-29 04:50:00 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-12-29 04:48:59 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe 2009-12-29 04:47:59 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll 2009-12-29 04:46:56 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys 2009-12-29 04:45:55 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll 2009-12-29 04:45:52 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll 2009-12-29 04:45:51 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll 2009-12-29 04:44:50 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-12-29 04:44:49 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-12-29 04:44:10 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-12-29 04:44:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-12-29 04:44:00 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2009-12-29 04:42:52 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll 2009-12-29 04:41:55 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll 2009-12-29 04:40:59 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys 2009-12-29 04:39:11 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys 2009-12-29 04:39:10 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys 2009-12-29 04:39:08 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys 2009-12-29 04:39:08 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys 2009-12-29 04:39:01 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2009-12-29 04:39:01 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2009-12-29 04:37:59 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2009-12-29 04:36:55 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys 2009-12-29 04:35:55 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys 2009-12-29 04:34:59 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys 2009-12-29 04:33:57 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys 2009-12-29 04:29:55 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2009-12-29 04:28:59 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-12-24 19:52:13 0 d-sh--w- c:\documents and settings\owner\IECompatCache 2009-12-24 18:39:53 0 d-sh--w- c:\documents and settings\owner\PrivacIE 2009-12-24 18:26:31 0 d-sh--w- c:\documents and settings\owner\IETldCache 2009-12-24 17:54:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 17:54:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-24 17:54:48 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-24 17:54:48 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 17:54:48 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-24 17:54:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-24 17:54:14 0 d-----w- c:\windows\ie8updates 2009-12-24 17:53:24 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-12-24 17:49:59 0 dc----w- c:\windows\ie8 2009-12-24 09:39:55 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat 2009-12-14 14:34:39 0 ----a-w- c:\windows\Cyoyoxo.bin 2009-12-14 14:34:36 120 ----a-w- c:\windows\Lyeseburi.dat 2009-12-14 14:27:23 0 ----a-w- c:\windows\system32\drivers\bvszpf.sys ==================== Find3M ==================== 2009-11-30 05:45:03 61224 ----a-w- c:\documents and settings\owner\GoToAssistDownloadHelper.exe 2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll ============= FINISH: 15:03:48.03 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/8/2008 07:37:35 PM System Uptime: 1/7/2010 09:59:32 PM (66 hours ago) Motherboard: Dell Computer Corporation \| \| Processor: Intel® Pentium® 4 CPU 1.80GHz \| Socket 478 \| 1794/400mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 37 GiB total, 27.997 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== Installed Programs ====================== Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Shockwave Player 11.5 AusLogics Disk Defrag AusLogics Registry Defrag Auto Care B44Inst BCM V.92 56K Modem Broadcom 440x Driver Installer BroadJump Client Foundation CCleaner (remove only) CheckIt Diagnostics Dell ResourceCD HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Intel® Extreme Graphics Driver Software Java™ 6 Update 6 LimeWire 4.16.7 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Easy Assist Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Windows Live OneCare Resources v2.0.2500.32 Microsoft Windows OneCare Live v2.0.2500.32 PerformanceTest Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) SoundMAX SUPERAntiSpyware Free Edition Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows XP Service Pack 3 Yahoo! Toolbar ==== End Of File =========================== thank you elise so much for taking the time to help me. i hope that i did the log thing right!! i will follow your instuctions but the may be in seperate posts. my computer stops responding constantly so while i have it working i'm just going to send itquickly before it crashes again!!

elise025 View Member Profile	Jan 10 2010, 03:33 PM Post #4
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Okay, see if you can post the GMER log. Try to run GMER with Devices unchecked if it is giving you troubles. If you are not able to complete it, just let me know. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 10 2010, 03:57 PM Post #5
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-10 15:31:09 Windows 5.1.2600 Service Pack 3 Running: yhn41ggb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfqcqaog.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF39460B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [60, 94, F3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- here is the gmer log. i'm not sure if this one is right. i did not see a prompt saying automatic quick scan....just scan!let me know if i did something wrong and if you need me to redo it!! THANKS AGAIN!!!

elise025 View Member Profile	Jan 10 2010, 04:10 PM Post #6
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello kshoney44, P2P WARNING ------------------- Going over your logs I noticed that you have LimeWire installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. It is pretty much certain that if you continue to use P2P programs, you will get infected again. I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via *Start > Control Panel > Add/Remove Programs.* If you wish to keep it, please do not use it until your computer is cleaned. COMBOFIX --------------- Please download ComboFix from one of these locations: Bleepingcomputer ForoSpyware Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link* to see a list of programs that should be disabled. The list is not all inclusive.) Double click on Combofix.exe* and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. In your next reply, please include the following: Combofix.txt -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 10 2010, 06:13 PM Post #7
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	ComboFix 10-01-04.01 - Owner 01/10/2010 17:16:24.1.1 - x86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe . ((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 ))))))))))))))))))))))))))))))) . 2010-01-08 15:13 . 2010-01-08 15:13 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-03 03:33 . 2010-01-03 03:33 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-03 03:33 . 2010-01-03 03:33 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-03 03:33 . 2010-01-03 03:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-12-21 21:14 . 2010-01-10 19:02 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-16 18:55 . 2009-12-16 18:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-16 18:54 . 2009-12-16 18:54 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-13 22:49 . 2009-12-13 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-10 18:53 . 2009-12-10 00:46 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-08 15:18 . 2010-01-05 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-07 21:07 . 2010-01-05 02:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2010-01-05 02:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 02:18 . 2008-05-22 06:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-01-03 06:07 . 2009-12-10 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-01 22:21 . 2010-01-01 22:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-29 23:19 . 2009-12-29 23:19 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-29 09:29 . 2009-12-29 09:28 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-12-29 05:06 . 2009-12-29 05:06 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-12-16 19:00 . 2008-05-22 03:39 -------- d-----w- c:\program files\Java 2009-12-16 18:51 . 2008-05-22 03:29 -------- d-----w- c:\program files\LimeWire 2009-12-14 15:32 . 2009-12-14 14:27 0 ----a-w- c:\windows\system32\drivers\bvszpf.sys 2009-12-14 14:34 . 2009-12-14 14:34 0 ----a-w- c:\windows\Cyoyoxo.bin 2009-12-14 14:34 . 2009-12-14 14:34 120 ----a-w- c:\windows\Lyeseburi.dat 2009-12-13 22:49 . 2009-12-13 22:49 -------- d-----w- c:\program files\NOS 2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-10 00:43 . 2009-12-10 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-12-10 00:29 . 2009-12-10 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-12-10 00:28 . 2009-12-10 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-07 05:10 . 2008-06-05 20:55 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-01 17:46 . 2008-05-22 03:09 13104 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-01 16:25 . 2009-12-01 16:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\MSBuild 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\Reference Assemblies 2009-11-30 05:45 . 2009-11-30 05:45 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe 2009-11-30 05:30 . 2009-11-30 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-11-30 01:31 . 2009-11-30 01:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 2009-11-03 01:42 . 2009-12-29 09:34 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 07:45 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2002-09-03 16:50 270336 ----a-w- c:\windows\system32\oakley.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-20 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-20 114688] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0pgdfgsvc C 1 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408] --- Other Services/Drivers In Memory --- NewlyCreated* - KFQCQAOG Deregistered - kfqcqaog [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: att.net Trusted Zone: ebay.com\www Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\www Trusted Zone: popcap.com\www Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-10 17:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-01-10 18:07:11 ComboFix-quarantined-files.txt 2010-01-10 23:06 Pre-Run: 29,973,143,552 bytes free Post-Run: 30,075,691,008 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 3EAA32719776B61936061E9919EF27B1

elise025 View Member Profile	Jan 11 2010, 03:21 AM Post #8
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello again, we need to export a service key in order to see if it is bad or not. Click start > run, type notepad in the runbox and press enter. Copy/paste the text in the codebox below in Notepad and save it as export.bat to your desktop. CODE @echo off regedit /e "export.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kfqcqaog" start export.txt del %0 Exit Notepad and doubleclick on export.bat to run it. A text file (export.txt) will open. Please post its contents in your next reply. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 11 2010, 10:53 AM Post #9
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	export.txt will not run. i recieved the following error message. windows cannot find 'export.txt'. make sure you typed the name correctly, and then try again. to search a file, click the start button, and then click search. i tried it three times????

elise025 View Member Profile	Jan 11 2010, 01:24 PM Post #10
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello kshoney44, UPDATE JAVA ------------------ Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Look for "Java Runtime Environment (JRE)" JRE 6 Update 17. Click the Download button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version. -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it. -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. CF-SCRIPT ------------- We need to execute a CF-script. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it: CODE File:: c:\windows\Cyoyoxo.bin c:\windows\Lyeseburi.dat c:\windows\system32\drivers\bvszpf.sys DDS:: Trusted Zone: att.net Trusted Zone: ebay.com\www Trusted Zone: facebook.com\apps Trusted Zone: facebook.com\www Trusted Zone: popcap.com\www Trusted Zone: sbcglobal.net Trusted Zone: yahoo.com Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. In your next reply, please include the following: Combofix.txt A description of the remaining problems. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 11 2010, 02:15 PM Post #11
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	i was able to download JRE 6 update 17 but not java runtime. i think i have 6. in my add/remove programs, mine says java 6?? what to do???

elise025 View Member Profile	Jan 11 2010, 02:26 PM Post #12
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	JRE stands for Jave Runtime Environment Install JRE 6 update 17 as instructed and remove all earlier updates afterwards as instructed. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 11 2010, 04:39 PM Post #13
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	sorry...i am a total computer idiot!!! here is the combo fix log ComboFix 10-01-04.01 - Owner 01/11/2010 15:21:38.2.1 - x86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FILE :: "c:\windows\Cyoyoxo.bin" "c:\windows\Lyeseburi.dat" "c:\windows\system32\drivers\bvszpf.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Cyoyoxo.bin c:\windows\Lyeseburi.dat c:\windows\system32\drivers\bvszpf.sys . ((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 ))))))))))))))))))))))))))))))) . 2010-01-11 19:22 . 2010-01-11 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-08 15:13 . 2010-01-08 15:13 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-05 02:10 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-05 02:09 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 02:09 . 2010-01-08 15:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-04 15:40 . 2010-01-04 15:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth 2010-01-04 09:01 . 2010-01-04 09:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-03 04:18 . 2010-01-03 04:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2010-01-03 03:33 . 2010-01-03 03:33 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-03 03:33 . 2010-01-03 03:33 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-03 03:33 . 2010-01-03 03:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-01-01 22:21 . 2010-01-01 22:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-01 06:53 . 2010-01-01 06:53 -------- d-s---w- c:\documents and settings\Owner\%USERPROFILE% 2009-12-29 23:31 . 2009-12-29 23:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-12-29 23:19 . 2009-12-29 23:19 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-29 23:18 . 2009-12-29 23:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-29 13:20 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-29 13:20 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-12-29 09:43 . 2009-12-29 09:44 -------- d-----w- C:\8d1f879bc5941325460c55907fa7 2009-12-29 09:34 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-12-29 09:28 . 2009-12-29 09:29 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-12-29 05:31 . 2009-12-29 05:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-29 05:06 . 2009-12-29 05:06 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-12-29 04:55 . 2008-04-13 19:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-12-29 04:54 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-12-29 04:53 . 2008-04-13 19:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-12-29 04:52 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2009-12-29 04:51 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2009-12-29 04:50 . 2004-08-04 06:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys 2009-12-29 04:50 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys 2009-12-29 04:50 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys 2009-12-29 04:50 . 2002-09-03 16:56 132608 -c--a-w- c:\windows\system32\dllcache\rsvp.exe 2009-12-29 04:50 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll 2009-12-29 04:50 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys 2009-12-29 04:50 . 2008-04-13 19:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys 2009-12-29 04:50 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys 2009-12-29 04:50 . 2002-09-03 16:56 9728 -c--a-w- c:\windows\system32\dllcache\reset.exe 2009-12-29 04:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll 2009-12-29 04:50 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys 2009-12-29 04:50 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-12-29 04:50 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2009-12-29 04:48 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe 2009-12-29 04:47 . 2008-04-13 19:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2009-12-29 04:46 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys 2009-12-29 04:45 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll 2009-12-29 04:45 . 2008-04-14 01:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll 2009-12-29 04:45 . 2008-04-14 01:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll 2009-12-29 04:44 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-12-29 04:44 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-12-29 04:44 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-12-29 04:44 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-12-29 04:44 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2009-12-29 04:42 . 2002-09-03 16:24 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll 2009-12-29 04:41 . 2002-09-03 16:24 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll 2009-12-29 04:40 . 2001-08-17 19:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll 2009-12-29 04:39 . 2001-08-17 17:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys 2009-12-29 04:39 . 2001-08-17 17:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys 2009-12-29 04:39 . 2001-08-17 17:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys 2009-12-29 04:39 . 2001-08-17 17:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys 2009-12-29 04:39 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2009-12-29 04:39 . 2001-08-17 17:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2009-12-29 04:37 . 2001-08-17 17:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2009-12-29 04:36 . 2001-08-17 17:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys 2009-12-29 04:35 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll 2009-12-29 04:34 . 2001-08-17 17:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys 2009-12-29 04:33 . 2001-08-17 17:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys 2009-12-29 04:29 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2009-12-29 04:28 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-12-24 19:52 . 2009-12-24 19:52 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-12-24 18:39 . 2009-12-24 18:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-12-24 18:26 . 2009-12-24 18:26 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-12-24 17:54 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 17:54 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-24 17:54 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-24 17:54 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 17:54 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-24 17:54 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-24 17:54 . 2009-12-29 06:32 -------- d-----w- c:\windows\ie8updates 2009-12-24 17:53 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-12-24 17:49 . 2009-12-24 17:52 -------- dc----w- c:\windows\ie8 2009-12-21 21:14 . 2010-01-11 15:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-16 18:55 . 2009-12-16 18:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-16 18:54 . 2009-12-16 18:54 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-13 22:49 . 2009-12-13 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-12-13 22:49 . 2009-12-13 22:49 -------- d-----w- c:\program files\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-11 19:26 . 2008-05-22 03:39 -------- d-----w- c:\program files\Java 2010-01-11 15:10 . 2009-12-10 00:46 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-06 02:18 . 2008-05-22 06:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-01-03 06:07 . 2009-12-10 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-12-16 18:51 . 2008-05-22 03:29 -------- d-----w- c:\program files\LimeWire 2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-10 00:43 . 2009-12-10 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-12-10 00:29 . 2009-12-10 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-12-10 00:28 . 2009-12-10 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-07 05:10 . 2008-06-05 20:55 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-01 17:46 . 2008-05-22 03:09 13104 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-01 16:25 . 2009-12-01 16:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\MSBuild 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\Reference Assemblies 2009-11-30 05:45 . 2009-11-30 05:45 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe 2009-11-30 05:30 . 2009-11-30 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-11-30 01:31 . 2009-11-30 01:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 2009-10-29 07:45 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-20 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-20 114688] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0pgdfgsvc C 1 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/search?q=internet+explorer&rls=com.microsoft:en-us:IE-Address&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7ADBF_en uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 15:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-01-11 16:05:33 ComboFix-quarantined-files.txt 2010-01-11 21:05 ComboFix2.txt 2010-01-10 23:07 Pre-Run: 29,880,143,872 bytes free Post-Run: 29,904,666,624 bytes free - - End Of File - - FD18480C89FB4EC6901EB3ADDE5B5023

elise025 View Member Profile	Jan 12 2010, 06:09 AM Post #14
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello kshoney44, No problem, just ask if you are not sure, better safe than sorry MALWAREBYTES ANTIMALWARE ------------------------------------------- Please launch MBAM and update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave *all the drives* selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done. Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. In your next reply, please include the following: MBAM log -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 12 2010, 10:45 AM Post #15
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	ok well i tried to update the mbam definitions from the link that you provided me and recieved the following message.... the setup files are corrupted. please obtain a new copy of the program. while i able to connect to the internet let me tell you whats been going on with this crappy computer since yeasterday. i haven't been able to get online it just says connecting for hours.or when i do get on it says errors on page. windows application errors...1 said failed to initialize properly, next one said insufficient system resources ( and nothing was running), and one said the link no longer existed. i couldn't open task manager, programs wouldn't close.my pages didn't look right -there were little squares in place of some letters.still "not responding" and very slow! sorry to overload you with questions just trying to put them down in writing before i forget!! i have windows NT in my program files but my computer has XP? also, microsoft NET framework, i have 3 versions in my add/ remove programs as well as 2 versions of visual c++ , should i only have 1 of each?? lastly (for now ) what is a smart card and why is my access denied?? well thanks again !! and sorry in advance!!( i know you are kicking yourself for taking on my problem LOL!!!)

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides