Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus Xp 2008, Virtumonde, Trojans, Etc


  • This topic is locked This topic is locked
31 replies to this topic

#1 nonmiannoiare23

nonmiannoiare23

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 14 August 2008 - 07:55 PM

I have been trying to clean my computer for over a week and I cannot get rid of these infections. I have ran Panda, ad-aware, stinger, malwarebytes, spybot, and numerous online scans but the infections always come back after reboot and I always have the blue background on the desktop that is associated with the infection.

It seems the more programs I run to get rid of the infections the worst the computer gets. I cannot open most programs, anti-virus has been disabled, and I can mainly only run programs in safe mode. If I download a spyware program to the desktop and immediately try to open it and install it will do nothing. I am posting the last malwarebytes log and the last hijack log. Please help me get rid of the infections, I cannot even use to computer anymore. If wont even let me connect to my modem. Also my scans take hours to finish. Panda take 8 hours to fully scan the hard drive!!! Thank you


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:15 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\IFACE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVJOBS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljji.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F9B3BDAE-467A-4FF6-9BE0-C085D87B51E3} - C:\WINDOWS\system32\mljji.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon .exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [e4c909ef] rundll32.exe "C:\WINDOWS\system32\ossxigdu.dll",b
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c885ed393dae4c69b882f1e0d62023dd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c885ed393dae4c69b882f1e0d62023dd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\npjpi150_12.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 27 missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: ddcBRheC - ddcBRheC.dll (file missing)
O20 - Winlogon Notify: ddcyyab - ddcyyab.dll (file missing)
O20 - Winlogon Notify: jnuwougk - jnuwougk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11811 bytes




Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 3

7:40:53 PM 8/13/2008
mbam-log-8-13-2008 (19-40-44).txt

Scan type: Quick Scan
Objects scanned: 369838
Time elapsed: 1 hour(s), 46 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 16 August 2008 - 04:21 PM

Hi

1. Download LSPfix from here: http://www.cexx.org/lspfix.htm

Save it to your desktop.

2. Click the Lspfix.exe file

3. if there is anything in the REMOVE side Make a note of name(s) ...

4. Exit the program with the X in the top right hand corner (do NOT click finish)

5. Past the names of those files in your next post here...

If there is nothing in the REMOVE side ... click finish

Try to connect to the net again ...

THEN ...

Run Malwarebytes' Anti-Malware again & have it remove all it finds ... post the new log.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 17 August 2008 - 10:54 PM

Thanks for helping Steam

LSPfix found the following

mswsock.dll tcpip
winrnr.dll NTDS
PCTLsp.dll protocol handler
pavlsp.dll protocol handler
rsvps.dll protocol handler


Malwarebytes' Anti-Malware did not find anything



ComboFix 08-08-17.03 - Maria 2008-08-17 21:32:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.269 [GMT -5:00]
Running from: C:\Documents and Settings\Maria\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maria\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.GODFATHER\UserData
C:\Documents and Settings\Administrator.GODFATHER\UserData\0AN2YAK0\sn[1].xml
C:\Documents and Settings\Administrator.GODFATHER\UserData\index.dat
C:\Documents and Settings\Janelle\Cookies\janelle@facebook[1].txt
C:\Documents and Settings\Janelle\UserData
C:\Documents and Settings\Janelle\UserData\0DQ34X63\YL[1].xml
C:\Documents and Settings\Janelle\UserData\index.dat
C:\Documents and Settings\Janelle\UserData\K9AJWXQ7\oXMLStoreUnit[1].xml
C:\Documents and Settings\Janelle\UserData\KDIBG9U3\oXMLStore[1].xml
C:\Documents and Settings\Maria\Application Data\macromedia\Flash Player\#SharedObjects\NEHY5DNY\interclick.com
C:\Documents and Settings\Maria\Application Data\macromedia\Flash Player\#SharedObjects\NEHY5DNY\interclick.com\ud.sol
C:\Documents and Settings\Maria\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Maria\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Maria\Cookies\maria@antispywaresuite[2].txt
C:\Documents and Settings\Maria\UserData
C:\Documents and Settings\Maria\UserData\GG7EPIRA\oXMLStoreUnit[1].xml
C:\Documents and Settings\Maria\UserData\index.dat
C:\Documents and Settings\Maria\UserData\QQ5ALI2M\cfTag_DivPersistentData[1].xml
C:\Documents and Settings\Maria\UserData\U5W3TCLD\YL[1].xml
C:\Documents and Settings\Michelle\Application Data\FunWebProducts
C:\Documents and Settings\Michelle\Application Data\macromedia\Flash Player\#SharedObjects\2A2CRQ9Q\interclick.com
C:\Documents and Settings\Michelle\Application Data\macromedia\Flash Player\#SharedObjects\2A2CRQ9Q\interclick.com\ud.sol
C:\Documents and Settings\Michelle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Michelle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Michelle\Cookies\michelle@antispywaremaster[2].txt
C:\Documents and Settings\Michelle\Cookies\michelle@cubics[1].txt
C:\Documents and Settings\Michelle\Cookies\michelle@ehg-allegisgroup.hitbox[1].txt
C:\Documents and Settings\Michelle\Cookies\michelle@facebook[1].txt
C:\Documents and Settings\Michelle\Cookies\michelle@GOOGLE_ISSUE_ID[1].txt
C:\Documents and Settings\Michelle\Cookies\michelle@insightexpressai[2].txt
C:\Documents and Settings\Michelle\Cookies\michelle@myspace[2].txt
C:\Documents and Settings\Michelle\Cookies\michelle@portfolio[2].txt
C:\Documents and Settings\Michelle\Cookies\michelle@specificclick[1].txt
C:\Documents and Settings\Michelle\Cookies\michelle@systemerrorfixer[1].txt
C:\Documents and Settings\Michelle\UserData
C:\Documents and Settings\Michelle\UserData\4F23GFI1\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\Michelle\UserData\83O30D61\oXMLStoreUnit[1].xml
C:\Documents and Settings\Michelle\UserData\A9O3MLMT\sn[1].xml
C:\Documents and Settings\Michelle\UserData\CPWVUZO5\YL[1].xml
C:\Documents and Settings\Michelle\UserData\index.dat
C:\Documents and Settings\Noelle\Application Data\FunWebProducts
C:\Documents and Settings\Noelle\Application Data\FunWebProducts\Data\Noelle\avatar.dat
C:\Documents and Settings\Noelle\UserData
C:\Documents and Settings\Noelle\UserData\4LYV4LYR\YL[2].xml
C:\Documents and Settings\Noelle\UserData\4T23C16B\oWindowsUpdate[1].xml
C:\Documents and Settings\Noelle\UserData\hpothb07.dat
C:\Documents and Settings\Noelle\UserData\hpothb07.tif
C:\Documents and Settings\Noelle\UserData\index.dat
C:\Documents and Settings\Noelle\UserData\KHA38TMJ\oXMLStoreUnit[1].xml
C:\Documents and Settings\Noelle\UserData\SD6RGLA7\IsOnIE6tbPromo[1].xml
C:\Documents and Settings\Noelle\UserData\SD6RGLA7\oWindowsUpdate[1].xml
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\CSB655ZM\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\CSB655ZM\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Cookies\owner@a.davidsbridal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[10].txt
C:\Documents and Settings\Owner\Cookies\owner@delb.opt.fimserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@delb.opt.fimserve[2].txt
C:\Documents and Settings\Owner\Cookies\owner@demr.opt.fimserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imiclk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@myspace[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[1].txt
C:\Documents and Settings\Owner\Cookies\owner@peoplefinders[2].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[10].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[11].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[12].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[13].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[14].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[4].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[6].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[7].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[8].txt
C:\Documents and Settings\Owner\Cookies\owner@photobucket[9].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[10].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[11].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[12].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[13].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[14].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[15].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[5].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[6].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[8].txt
C:\Documents and Settings\Owner\Cookies\owner@rtm[9].txt
C:\Documents and Settings\Owner\Cookies\owner@shopzilla[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\UserData
C:\Documents and Settings\Owner\UserData\index.dat
C:\Documents and Settings\Owner\UserData\MTJ0Q9HB\k[1].xml
C:\Documents and Settings\Owner\UserData\MTJ0Q9HB\oWindowsUpdate[1].xml
C:\Documents and Settings\Owner\UserData\MTJ0Q9HB\oXMLStoreUnit[1].xml
C:\Documents and Settings\Owner\UserData\PTDNUSP0\oWindowsUpdate[1].xml
C:\Documents and Settings\Owner\UserData\PTDNUSP0\oWindowsUpdate[2].xml
C:\Documents and Settings\Owner\UserData\PTDNUSP0\YL[1].xml
C:\Documents and Settings\Owner\UserData\UV3SJW8R\cfTag_DivPersistentData[1].xml
C:\Documents and Settings\Owner\UserData\UV3SJW8R\sn[1].xml
C:\Documents and Settings\Owner\UserData\UV3SJW8R\YL[1].xml
C:\Documents and Settings\Owner\UserData\XA99FJK7\cfTag_DivPersistentData[1].xml
C:\Documents and Settings\Owner\UserData\XA99FJK7\dmtstore[1].xml
C:\Documents and Settings\Owner\UserData\XA99FJK7\oWindowsUpdate[1].xml
C:\Program Files\internet explorer\msimg32.dll
C:\temp\tn3
C:\WINDOWS\asks~1
C:\WINDOWS\asks~1\?asks\
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bfjcrrdv.ini
C:\WINDOWS\system32\bhctylcg.ini
C:\WINDOWS\system32\bucmgwws.ini
C:\WINDOWS\system32\ccwoebvn.ini
C:\WINDOWS\system32\chelklqk.ini
C:\WINDOWS\system32\croodtmb.ini
C:\WINDOWS\system32\cswdqdca.ini
C:\WINDOWS\system32\cvvumxsh.ini
C:\WINDOWS\system32\drivers\core.cache(10)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(100).dsk
C:\WINDOWS\system32\drivers\core.cache(101).dsk
C:\WINDOWS\system32\drivers\core.cache(102).dsk
C:\WINDOWS\system32\drivers\core.cache(103).dsk
C:\WINDOWS\system32\drivers\core.cache(104).dsk
C:\WINDOWS\system32\drivers\core.cache(105).dsk
C:\WINDOWS\system32\drivers\core.cache(106).dsk
C:\WINDOWS\system32\drivers\core.cache(107).dsk
C:\WINDOWS\system32\drivers\core.cache(108).dsk
C:\WINDOWS\system32\drivers\core.cache(109).dsk
C:\WINDOWS\system32\drivers\core.cache(11)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(110).dsk
C:\WINDOWS\system32\drivers\core.cache(111).dsk
C:\WINDOWS\system32\drivers\core.cache(112).dsk
C:\WINDOWS\system32\drivers\core.cache(113).dsk
C:\WINDOWS\system32\drivers\core.cache(114).dsk
C:\WINDOWS\system32\drivers\core.cache(115).dsk
C:\WINDOWS\system32\drivers\core.cache(116).dsk
C:\WINDOWS\system32\drivers\core.cache(117).dsk
C:\WINDOWS\system32\drivers\core.cache(118).dsk
C:\WINDOWS\system32\drivers\core.cache(119).dsk
C:\WINDOWS\system32\drivers\core.cache(12)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(120).dsk
C:\WINDOWS\system32\drivers\core.cache(121).dsk
C:\WINDOWS\system32\drivers\core.cache(122).dsk
C:\WINDOWS\system32\drivers\core.cache(123).dsk
C:\WINDOWS\system32\drivers\core.cache(124).dsk
C:\WINDOWS\system32\drivers\core.cache(125).dsk
C:\WINDOWS\system32\drivers\core.cache(126).dsk
C:\WINDOWS\system32\drivers\core.cache(127).dsk
C:\WINDOWS\system32\drivers\core.cache(128).dsk
C:\WINDOWS\system32\drivers\core.cache(129).dsk
C:\WINDOWS\system32\drivers\core.cache(13)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(130).dsk
C:\WINDOWS\system32\drivers\core.cache(131).dsk
C:\WINDOWS\system32\drivers\core.cache(132).dsk
C:\WINDOWS\system32\drivers\core.cache(133).dsk
C:\WINDOWS\system32\drivers\core.cache(134).dsk
C:\WINDOWS\system32\drivers\core.cache(135).dsk
C:\WINDOWS\system32\drivers\core.cache(136).dsk
C:\WINDOWS\system32\drivers\core.cache(137).dsk
C:\WINDOWS\system32\drivers\core.cache(138).dsk
C:\WINDOWS\system32\drivers\core.cache(139).dsk
C:\WINDOWS\system32\drivers\core.cache(14)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(140).dsk
C:\WINDOWS\system32\drivers\core.cache(141).dsk
C:\WINDOWS\system32\drivers\core.cache(142).dsk
C:\WINDOWS\system32\drivers\core.cache(143).dsk
C:\WINDOWS\system32\drivers\core.cache(144).dsk
C:\WINDOWS\system32\drivers\core.cache(145).dsk
C:\WINDOWS\system32\drivers\core.cache(146).dsk
C:\WINDOWS\system32\drivers\core.cache(147).dsk
C:\WINDOWS\system32\drivers\core.cache(148).dsk
C:\WINDOWS\system32\drivers\core.cache(149).dsk
C:\WINDOWS\system32\drivers\core.cache(15)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(150).dsk
C:\WINDOWS\system32\drivers\core.cache(16)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(25)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(25).dsk
C:\WINDOWS\system32\drivers\core.cache(26)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(26).dsk
C:\WINDOWS\system32\drivers\core.cache(27)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(27).dsk
C:\WINDOWS\system32\drivers\core.cache(28)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(28).dsk
C:\WINDOWS\system32\drivers\core.cache(29)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(29).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(30)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(30).dsk
C:\WINDOWS\system32\drivers\core.cache(31)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(31).dsk
C:\WINDOWS\system32\drivers\core.cache(32)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(32).dsk
C:\WINDOWS\system32\drivers\core.cache(33)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(33).dsk
C:\WINDOWS\system32\drivers\core.cache(34).dsk
C:\WINDOWS\system32\drivers\core.cache(35).dsk
C:\WINDOWS\system32\drivers\core.cache(36).dsk
C:\WINDOWS\system32\drivers\core.cache(37).dsk
C:\WINDOWS\system32\drivers\core.cache(38).dsk
C:\WINDOWS\system32\drivers\core.cache(39).dsk
C:\WINDOWS\system32\drivers\core.cache(4)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(40).dsk
C:\WINDOWS\system32\drivers\core.cache(41).dsk
C:\WINDOWS\system32\drivers\core.cache(42).dsk
C:\WINDOWS\system32\drivers\core.cache(43).dsk
C:\WINDOWS\system32\drivers\core.cache(44).dsk
C:\WINDOWS\system32\drivers\core.cache(45).dsk
C:\WINDOWS\system32\drivers\core.cache(46).dsk
C:\WINDOWS\system32\drivers\core.cache(47).dsk
C:\WINDOWS\system32\drivers\core.cache(48).dsk
C:\WINDOWS\system32\drivers\core.cache(49).dsk
C:\WINDOWS\system32\drivers\core.cache(5)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(50).dsk
C:\WINDOWS\system32\drivers\core.cache(51).dsk
C:\WINDOWS\system32\drivers\core.cache(52).dsk
C:\WINDOWS\system32\drivers\core.cache(53).dsk
C:\WINDOWS\system32\drivers\core.cache(54).dsk
C:\WINDOWS\system32\drivers\core.cache(55).dsk
C:\WINDOWS\system32\drivers\core.cache(56).dsk
C:\WINDOWS\system32\drivers\core.cache(57).dsk
C:\WINDOWS\system32\drivers\core.cache(58).dsk
C:\WINDOWS\system32\drivers\core.cache(59).dsk
C:\WINDOWS\system32\drivers\core.cache(6)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(60).dsk
C:\WINDOWS\system32\drivers\core.cache(61).dsk
C:\WINDOWS\system32\drivers\core.cache(62).dsk
C:\WINDOWS\system32\drivers\core.cache(63).dsk
C:\WINDOWS\system32\drivers\core.cache(64).dsk
C:\WINDOWS\system32\drivers\core.cache(65).dsk
C:\WINDOWS\system32\drivers\core.cache(66).dsk
C:\WINDOWS\system32\drivers\core.cache(67).dsk
C:\WINDOWS\system32\drivers\core.cache(68).dsk
C:\WINDOWS\system32\drivers\core.cache(69).dsk
C:\WINDOWS\system32\drivers\core.cache(7)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(70).dsk
C:\WINDOWS\system32\drivers\core.cache(71).dsk
C:\WINDOWS\system32\drivers\core.cache(72).dsk
C:\WINDOWS\system32\drivers\core.cache(73).dsk
C:\WINDOWS\system32\drivers\core.cache(74).dsk
C:\WINDOWS\system32\drivers\core.cache(75).dsk
C:\WINDOWS\system32\drivers\core.cache(76).dsk
C:\WINDOWS\system32\drivers\core.cache(77).dsk
C:\WINDOWS\system32\drivers\core.cache(78).dsk
C:\WINDOWS\system32\drivers\core.cache(79).dsk
C:\WINDOWS\system32\drivers\core.cache(8)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(80).dsk
C:\WINDOWS\system32\drivers\core.cache(81).dsk
C:\WINDOWS\system32\drivers\core.cache(82).dsk
C:\WINDOWS\system32\drivers\core.cache(83).dsk
C:\WINDOWS\system32\drivers\core.cache(84).dsk
C:\WINDOWS\system32\drivers\core.cache(85).dsk
C:\WINDOWS\system32\drivers\core.cache(86).dsk
C:\WINDOWS\system32\drivers\core.cache(87).dsk
C:\WINDOWS\system32\drivers\core.cache(88).dsk
C:\WINDOWS\system32\drivers\core.cache(89).dsk
C:\WINDOWS\system32\drivers\core.cache(9)(2).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache(90).dsk
C:\WINDOWS\system32\drivers\core.cache(91).dsk
C:\WINDOWS\system32\drivers\core.cache(92).dsk
C:\WINDOWS\system32\drivers\core.cache(93).dsk
C:\WINDOWS\system32\drivers\core.cache(94).dsk
C:\WINDOWS\system32\drivers\core.cache(95).dsk
C:\WINDOWS\system32\drivers\core.cache(96).dsk
C:\WINDOWS\system32\drivers\core.cache(97).dsk
C:\WINDOWS\system32\drivers\core.cache(98).dsk
C:\WINDOWS\system32\drivers\core.cache(99).dsk
C:\WINDOWS\system32\dtbdqxbi.ini
C:\WINDOWS\system32\eekuecjo.ini
C:\WINDOWS\system32\egcctula.ini
C:\WINDOWS\system32\eufrqrdf.ini
C:\WINDOWS\system32\evgisbnb.ini
C:\WINDOWS\system32\gfimacue.ini
C:\WINDOWS\system32\gssgrcnb.ini
C:\WINDOWS\system32\gvhkfdxu.ini
C:\WINDOWS\system32\gwdvpsud.ini
C:\WINDOWS\system32\gwgimeha.ini
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\juiusygo.ini
C:\WINDOWS\system32\lyhtlbvp.ini
C:\WINDOWS\system32\mcmbjofb.ini
C:\WINDOWS\system32\mlbiparw.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nmnnstwu.ini
C:\WINDOWS\system32\ofwwkmig.ini
C:\WINDOWS\system32\qoybraue.ini
C:\WINDOWS\system32\rbpurwsr.ini
C:\WINDOWS\system32\rlqfhwde.ini
C:\WINDOWS\system32\sikpwmvj.ini
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\srprjyfj.ini
C:\WINDOWS\system32\ucbuckvy.ini
C:\WINDOWS\system32\udgixsso.ini
C:\WINDOWS\system32\uvnjqiqb.ini
C:\WINDOWS\system32\vfbpbpbp.ini
C:\WINDOWS\system32\wffacuiy.ini
C:\WINDOWS\system32\xoeapgfs.ini
C:\WINDOWS\system32\xxblqsyd.ini
C:\WINDOWS\system32\xxubqqwu.ini
C:\WINDOWS\system32\xydyggmj.ini
C:\WINDOWS\system32\ycesmdar.ini
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\yyguecri.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 21:32 . 2008-08-17 21:32 <DIR> d-------- C:\cmdcons
2008-08-17 21:32 . 2008-08-17 21:32 <DIR> d-------- C:\cmdcons
2008-08-17 21:32 . 2008-08-17 21:32 <DIR> d-------- C:\cmdcons
2008-08-17 21:32 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-08-17 21:32 . 2008-01-24 09:35 211 --a------ C:\Boot.bak
2008-08-17 21:29 . 2008-08-17 22:29 <DIR> d-------- C:\QooBox
2008-08-17 21:29 . 2008-08-17 22:29 <DIR> d-------- C:\QooBox
2008-08-17 21:29 . 2008-08-17 22:35 <DIR> d-------- C:\ComboFix
2008-08-17 21:29 . 2008-08-17 22:35 <DIR> d-------- C:\ComboFix
2008-08-12 17:04 . 2008-08-12 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 17:04 . 2008-08-12 17:04 <DIR> d-------- C:\Documents and Settings\Administrator.GODFATHER\Application Data\Malwarebytes
2008-08-12 17:04 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 17:04 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 21:05 . 2008-08-11 21:05 209 --a------ C:\WINDOWS\wininit.ini
2008-08-11 17:20 . 2008-08-11 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 21:33 . 2008-08-10 21:34 <DIR> d-------- C:\Documents and Settings\Administrator.GODFATHER\.housecall6.6
2008-08-10 21:01 . 2008-08-12 16:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-10 20:37 . 2008-08-10 20:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-10 19:08 . 2008-04-13 13:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-10 19:07 . 2008-04-13 19:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-10 19:07 . 2008-04-13 12:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-10 19:04 . 2008-04-13 11:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-10 19:04 . 2006-12-28 14:01 19,569 --a------ C:\WINDOWS\005337_.tmp
2008-08-10 14:58 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-10 10:48 . 2008-08-10 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 10:47 . 2008-08-12 18:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 01:16 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-09 01:15 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-08 22:56 . 2008-08-17 22:33 233,960 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-08-08 22:56 . 2008-08-17 22:33 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-08-02 23:10 . 2008-08-17 22:32 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-08-02 23:08 . 2008-08-02 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-08-02 23:07 . 2007-06-06 04:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-08-02 23:06 . 2008-08-17 22:33 233,960 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-08-02 23:06 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-08-02 23:06 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-08-02 23:06 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-08-02 23:06 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-08-02 23:06 . 2008-08-17 22:33 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-08-02 23:05 . 2008-08-02 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-08-02 23:05 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-08-02 23:05 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-08-02 23:05 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-08-02 23:03 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-08-02 23:03 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-08-02 23:03 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-08-02 23:00 . 2008-08-02 23:00 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-08-02 23:00 . 2007-07-12 07:49 178,872 -ra------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-08-02 23:00 . 2007-05-23 09:40 38,968 -ra------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
<pre>
----a-w		   446,464 2008-08-10 12:31:04  C:\Program Files\2Wire\Gateway\2PortalMon   .exe
----a-w		   446,464 2008-08-10 06:01:52  C:\Program Files\2Wire\Gateway\2portalmon  .exe
----a-w		   446,464 2008-08-10 12:31:06  C:\Program Files\2Wire\Gateway\2PortalMon .exe
----a-w				 0 2008-08-10 06:01:40  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w			50,736 2008-03-28 03:56:46  C:\Program Files\AIM6\aim6  .exe
-c--a-w		   290,816 2008-01-24 16:03:24  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
-c--a-w			28,672 2008-01-24 16:03:32  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
-c--a-w		   135,264 2008-01-24 16:04:58  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w		   267,048 2008-01-24 16:03:36  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			75,520 2008-08-09 05:49:32  C:\Program Files\Java\jre1.5.0_12\bin\jusched .exe
----a-w		 1,289,000 2008-07-13 17:06:53  C:\Program Files\Microsoft ActiveSync\wcescomm						  .exe
----a-w		 1,289,000 2008-08-10 12:44:35  C:\Program Files\Microsoft ActiveSync\wcescomm						 .exe
----a-w		 1,289,000 2008-08-10 12:44:38  C:\Program Files\Microsoft ActiveSync\wcescomm						.exe
----a-w		 1,289,000 2008-08-10 12:44:39  C:\Program Files\Microsoft ActiveSync\wcescomm					   .exe
----a-w		 1,289,000 2008-08-10 12:44:43  C:\Program Files\Microsoft ActiveSync\wcescomm					  .exe
----a-w		 1,289,000 2008-08-10 12:44:44  C:\Program Files\Microsoft ActiveSync\wcescomm					 .exe
----a-w		 1,289,000 2008-08-10 12:44:45  C:\Program Files\Microsoft ActiveSync\wcescomm					.exe
----a-w		 1,289,000 2008-08-10 12:44:48  C:\Program Files\Microsoft ActiveSync\wcescomm				   .exe
----a-w		 1,289,000 2008-08-10 12:44:50  C:\Program Files\Microsoft ActiveSync\wcescomm				  .exe
----a-w		 1,289,000 2008-08-10 12:44:53  C:\Program Files\Microsoft ActiveSync\wcescomm				 .exe
----a-w		 1,289,000 2008-08-10 12:44:56  C:\Program Files\Microsoft ActiveSync\wcescomm				.exe
----a-w		 1,289,000 2008-08-10 12:44:59  C:\Program Files\Microsoft ActiveSync\wcescomm			   .exe
----a-w		 1,289,000 2008-08-10 12:45:02  C:\Program Files\Microsoft ActiveSync\wcescomm			  .exe
----a-w		 1,289,000 2008-08-10 12:45:05  C:\Program Files\Microsoft ActiveSync\wcescomm			 .exe
----a-w		 1,289,000 2008-08-10 12:45:07  C:\Program Files\Microsoft ActiveSync\wcescomm			.exe
----a-w		 1,289,000 2008-08-10 12:45:08  C:\Program Files\Microsoft ActiveSync\wcescomm		   .exe
----a-w		 1,289,000 2008-08-10 12:45:10  C:\Program Files\Microsoft ActiveSync\wcescomm		  .exe
----a-w		 1,289,000 2008-08-10 12:45:12  C:\Program Files\Microsoft ActiveSync\wcescomm		 .exe
----a-w		 1,289,000 2008-08-10 12:45:13  C:\Program Files\Microsoft ActiveSync\wcescomm		.exe
----a-w		 1,289,000 2008-08-10 12:45:13  C:\Program Files\Microsoft ActiveSync\wcescomm	   .exe
----a-w		 1,289,000 2008-08-10 12:45:14  C:\Program Files\Microsoft ActiveSync\wcescomm	  .exe
----a-w		 1,289,000 2008-08-10 12:45:16  C:\Program Files\Microsoft ActiveSync\wcescomm	 .exe
----a-w		 1,289,000 2008-08-10 12:45:16  C:\Program Files\Microsoft ActiveSync\wcescomm	.exe
----a-w		 1,289,000 2008-08-10 12:45:17  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w		 1,289,000 2008-08-10 12:45:18  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
-c--a-w		   200,767 2008-01-21 05:27:25  C:\Program Files\Microsoft Money\System\mnyexpr .exe
----a-w		 5,674,352 2008-03-28 03:32:51  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w			11,776 2008-01-24 16:03:29  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot .exe
-c--a-w		   286,720 2008-03-28 03:56:41  C:\Program Files\QuickTime\QTTask							.exe
----a-w		   286,720 2008-08-10 12:51:42  C:\Program Files\QuickTime\QTTask						   .exe
----a-w		   286,720 2008-08-10 12:51:42  C:\Program Files\QuickTime\QTTask						  .exe
----a-w		   286,720 2008-08-10 12:51:43  C:\Program Files\QuickTime\QTTask						 .exe
----a-w		   286,720 2008-08-10 12:51:44  C:\Program Files\QuickTime\QTTask						.exe
----a-w		   286,720 2008-08-10 12:51:45  C:\Program Files\QuickTime\QTTask					   .exe
----a-w		   286,720 2008-08-10 12:51:46  C:\Program Files\QuickTime\QTTask					  .exe
----a-w		   286,720 2008-08-10 12:51:48  C:\Program Files\QuickTime\QTTask					 .exe
----a-w		   286,720 2008-08-10 12:51:49  C:\Program Files\QuickTime\QTTask					.exe
----a-w		   286,720 2008-08-10 12:51:49  C:\Program Files\QuickTime\QTTask				   .exe
----a-w		   286,720 2008-08-10 12:51:52  C:\Program Files\QuickTime\QTTask				  .exe
----a-w		   286,720 2008-08-10 12:51:52  C:\Program Files\QuickTime\QTTask				 .exe
----a-w		   286,720 2008-08-10 12:51:53  C:\Program Files\QuickTime\QTTask				.exe
----a-w		   286,720 2008-08-10 12:51:54  C:\Program Files\QuickTime\QTTask			   .exe
----a-w		   286,720 2008-08-10 12:51:55  C:\Program Files\QuickTime\QTTask			  .exe
----a-w		   286,720 2008-08-10 12:51:57  C:\Program Files\QuickTime\QTTask			 .exe
----a-w		   286,720 2008-08-10 12:51:58  C:\Program Files\QuickTime\QTTask		   .exe
----a-w		   286,720 2008-08-10 12:51:58  C:\Program Files\QuickTime\QTTask		  .exe
----a-w		   286,720 2008-08-10 12:51:59  C:\Program Files\QuickTime\QTTask		.exe
----a-w		   286,720 2008-08-10 12:52:02  C:\Program Files\QuickTime\QTTask	   .exe
----a-w		   286,720 2008-08-10 12:52:05  C:\Program Files\QuickTime\QTTask	  .exe
----a-w		   286,720 2008-08-10 12:52:07  C:\Program Files\QuickTime\QTTask	 .exe
----a-w		   286,720 2008-08-10 12:52:08  C:\Program Files\QuickTime\QTTask	.exe
----a-w		   286,720 2008-08-10 12:52:08  C:\Program Files\QuickTime\QTTask   .exe
----a-w		   286,720 2008-08-10 12:52:11  C:\Program Files\QuickTime\QTTask  .exe
----a-w		   286,720 2008-08-10 12:52:13  C:\Program Files\QuickTime\QTTask .exe
-c--a-w		   684,032 2008-01-24 16:03:27  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
-c--a-w		 1,103,752 2008-03-28 03:57:04  C:\Program Files\Spyware Doctor\pctsTray  .exe
-c--a-w		 1,103,752 2008-08-10 12:55:54  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w		 4,670,704 2008-06-06 15:25:39  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w		 4,670,704 2008-07-14 16:55:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w		 4,670,704 2008-08-10 12:57:55  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		 4,670,704 2008-06-06 02:48:23  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w		 4,670,704 2008-06-06 15:27:38  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w		   223,984 2008-06-15 14:02:27  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
-c--a-w			90,112 2008-01-24 16:03:26  C:\WINDOWS\UpdReg .EXE
</pre>


------- Sigcheck -------

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [N/A]
"msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\Gateway\2PortalMon .exe" [2008-08-10 07:31 446464]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [N/A]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [N/A]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-08-10 01:01 57344]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2008-08-10 01:01 75520]
"Antivirus"="C:\Program Files\VAV\vav.exe" [N/A]
"e4c909ef"="C:\WINDOWS\system32\ossxigdu.dll" [N/A]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\Administrator.GODFATHER\Start Menu\Programs\Startup\
hpothb07.dat [2008-01-25 21:00:54 0]
hpothb07.tif [2008-01-25 21:00:54 0]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-03 20:23:30 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YAHOOM~1 .EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr .exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger .exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger .exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

*Newly Created Service* - COMFILTR
.
Contents of the 'Scheduled Tasks' folder

2008-07-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-18 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 10:04]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F9B3BDAE-467A-4FF6-9BE0-C085D87B51E3} - C:\WINDOWS\system32\mljji.dll


.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
O8 -: &Search -
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c885ed393dae4c69b882f1e0d62023dd
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c885ed393dae4c69b882f1e0d62023dd


**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-17 22:45:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 03:44:31

Pre-Run: 38,921,072,640 bytes free
Post-Run: 43,580,153,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

LastSuccessTime REG_SZ 2008-08-12 10:45:37

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 18 August 2008 - 04:32 PM

Hi

LSPfix found the following

mswsock.dll tcpip
winrnr.dll NTDS
PCTLsp.dll protocol handler
pavlsp.dll protocol handler
rsvps.dll protocol handler


1. I presume they were all in the KEEP side ? ...
2. with NOTHING in the REMOVE side ? ...
3. so you DID click the finish button ? ...

4. Were you then able to connect to the internet OK ? ...

Please answer the 4 questions above ...

How's the computer running now ? What problems do you still have ?

Please try to run these for me now ...

Download Deckard's System Scanner (formerly Comboscan) to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Then do the same with extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

THEN ..

Please run a Kaspersky Online Scan ( it may take many hours - this is normal)

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 19 August 2008 - 05:08 PM

Yes they were all on the keep side
nothing was on the other side
yes I did click the finish button
and for awhile I had access to the internet


While I was checking the computer out and had access to the computer, updates were downloaded and installed automatically and I do not know if it is a coincidence but now my comp will not load. When I try to start up the computer I get a black screen saying NTLDR is missing and to press ctrl alt del to restart. I tried restarting a couple of times but it just keeps doing the same thing. I now have no access to my computer.

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 20 August 2008 - 04:51 PM

HI

There are a lot of things which could cause that error ...

I had it come up on my computer about a year ago ... in my case I removed and then re-inserted the IDE cable which connects the Hard drive to the motherboard, it was not obviously loose, but I guess vibration over the years had caused it to become slightly loose ...

Have look at these links & see if it helps you resolve it ...

By the way, you will see the boot.ini file mentioned ... yours is fine.

http://pcsupport.about.com/od/findbyerrorm...drmissingxp.htm
http://www.computerhope.com/issues/ch000465.htm

Lots more links which may help here :-

http://www.google.com/search?sourceid=navc...l+to+restart%22

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 August 2008 - 02:25 AM

One of the suggestions is to use the installation cd and to hit r for repair and then type fixmbr and then use fixboot is this smart? When I tried to hit fixmbr it said caution this computer appears to have a non-standard or invalid master boot record. Fixmbr may damage your partition tables is you proceed. This could cause all the partitions on the current hard disk to become inaccessible. Should I do it? If I can get my comp running right again I will give a donation, I just want my comp to work properly again.

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 23 August 2008 - 02:37 PM

HI

I would not do the fixmbr just yet ... so say you can ignore that error message, others say it could totally stop you accessing any hard drives if the mbr was not the problem ... + it looks like a security program may have written to your mbr, or it may be because malware has written to it. but I would try everything else first ....

What have you tried so far ?

Do you hear any noise from the hard drive when booting ?

Does the hard drive light flash at all ?

I don't believe this has anything to do with the malware we have removed, but is a coincidence, that's why I think the first thing you should do is open the case, then remove & re-seat the IDE cable for the hard drive.

EDIT .. obviously make sure the power is off, & touch the side of the case to discharge any static before doing this.

steam

Edited by steamwiz, 23 August 2008 - 02:39 PM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 25 August 2008 - 06:48 PM

I have not really tried anything so far. I do not really hear anything going on when the comp starts but the error message comes up pretty quick. The only lights that I see blinking are the ones for the cd drives. I am not sure what an IDE cable for the hard drive is could you be a little more specific. I opened the comp and I see this flat wire that says IDE 1 is that what it would be? I have attached some pics if it would help.

Attached Files



#10 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 26 August 2008 - 04:28 PM

Hi

Have a look here for what an IDE cable looks like :-

http://club.cdfreaks.com/1106644-post2.html

One end fits in the motherboard, the connection half way down is the "slave" & the connection at the other end is the

"master"

Some IDE cables do not have a slave connector...

Normally You would have 2 IDE slots on the motherboard, one is the PRIMARY IDE & the other the SECONDARY IDE ...

Looking at your picture, you appear to have 3 IDE cables + floppy (smaller) cable

It looks like the Primary Hard drive (you only appear to have one) is the one in the enclosure at the bottom of your

picture (with room for an additional hard drive if required)

Make sure the connections to this are firmly pushed in, both to the drive & the motherboard.

Your computer also shows a lot of dust, you should get a can of compressed air & clean it out.

The IDE cable also has a mark on it (is it damaged ?)

steam

Attached Files

  • Attached File  IDE2.JPG   146.09KB   10 downloads

Edited by steamwiz, 26 August 2008 - 04:31 PM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 26 August 2008 - 05:07 PM

Hi

One more thing ... when you attempt to boot, before it goes to the black screen with the NTLDR error, do you get a black screen ( for 2 seconds) asking if you want to boot to your normal operating system, or the recovery console ?

I believe you booted to the recovery console with the XP CD ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 August 2008 - 09:07 PM

Well I do not know if it is damaged or not but it looks like a stain of some kind or maybe an electrical burn is that is possible but I am not sure what it is. It is definately on the cable. When I turn the comp on the normal dell screen with enter F2=setup and F12=bootmenu in the top right corner comes up with a progress bar that is loading and when that is finished 3-5 seconds then I get the black screen with the NTLDR message.

#13 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 27 August 2008 - 02:43 PM

HI

If the cable is damaged, then that could well be the cause of the problem ...

When you attempt to boot, Don't press F2 .. that will put you into the BIOS setup, & you don't want that ...

Press F12 ... This should access the DELL Utility partition, from there Run diagnostics on the RAM, Harddrive, Processor and motherboard.... let me know what results you get...

steam

EDIT > extra info ...

F12 -> Boot Menu -> Diagnostics

How to run hardware diagnostics:
1. At startup press F12
2. Select Diagnostics from menu choices
3. Press enter and watch for any test to fail (take note of failures)
4. Press Y at color bar display
5. When test is finished it will ask to boot into diagnostics partition
6. Select either Express or thorough test and take note of any errors (if it finds any errors - take note and select yes to continue to test)

Edited by steamwiz, 27 August 2008 - 02:54 PM.
to add extra info

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#14 nonmiannoiare23

nonmiannoiare23
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 27 August 2008 - 08:31 PM

When I ran the diagnostic I did not see any of these things 4. Press Y at color bar display
5. When test is finished it will ask to boot into diagnostics partition
6. Select either Express or thorough test and take note of any errors (if it finds any errors - take note and select yes to continue to test). The test just finished and said test complete, press enter to reboot.

Results

Primary drive
Drive 0: ST380011A-PASS
Drive 1: No IDE Device
Secondary drive
Drive 0: Samsung dvd-rom-sd-616t-diagnostic not supported
Drive 1: No IDE Device

#15 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 28 August 2008 - 03:20 PM

Hi

The instructions I gave you were posted by a DELL technician, I assumed they were current but evidently they have changed a little ... This link may have been better :-

http://dcse.dell.com/selfstudy/Associates_...icutilities.htm

So you have an 80 GB Seagate Barracuda Hard drive, which passed the diagnostics test, which was run from the diagnostics partition, so the hard drive is being seen & OK, therefore it would appear that the IDE cable is attached OK & most probably not damaged...

So lets get back to your original error... "NTLDR is missing"

First we'll replace the NTLDR file ...

How to install and use the Recovery Console in Windows XP > http://support.microsoft.com/kb/307654

You have the Recovery Console installed on your computer by Combofix, But we need to access the Recovery Console from the windows XP CD, because we are going to copy files from the XP CD to the hard drive ...

You know how to boot to the Recovery Console, so please do that, once there ...

Copy the two files below to the root directory of the primary hard disk. C:\

We are assuming that your CD-ROM drive letter "e" (the drive with the XP CD in it) if your drive is a different letter then change it to whatever it is.

So copy exactly what is on the next line at the Recovery Console prompt, including the word copy ...

copy e:\i386\ntldr c:\

Press enter ...

then copy this & once again press enter ...

copy e:\i386\ntdetect.com c:\


Once both these files have been successfully copied, remove the CD from the computer and reboot.

Let me know if it boots OK ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users