Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with virus


  • Please log in to reply
1 reply to this topic

#1 kcdave42

kcdave42

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 19 January 2009 - 03:23 PM

I believe my computer is infected with virus 'Troj/Rustok-N' I was given this information by another website which I have forgotten which one. Regardless my pc will not update at all, I have set to automatic updates with no luck. I can not defragment sysem or do a system restore. i have a hard time getting to certain sites, it's as if the pc randomly picks a site. I do not know how to fix or what to do.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/7/2007 4:26:53 AM
System Uptime: 1/19/2009 11:00:16 AM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0CG566
Processor: IntelŪ PentiumŪ 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 416.261 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP119: 10/20/2008 12:34:22 AM - System Checkpoint
RP120: 10/21/2008 1:22:23 AM - System Checkpoint
RP121: 10/22/2008 3:22:23 AM - System Checkpoint
RP122: 10/23/2008 4:13:42 AM - System Checkpoint
RP123: 10/24/2008 4:45:14 AM - System Checkpoint
RP124: 10/25/2008 6:02:30 AM - System Checkpoint
RP125: 10/26/2008 6:27:27 AM - System Checkpoint
RP126: 10/27/2008 7:03:26 AM - System Checkpoint
RP127: 10/28/2008 3:43:10 AM - Restore Operation
RP128: 10/29/2008 7:35:54 AM - System Checkpoint
RP129: 10/30/2008 3:32:28 PM - System Checkpoint
RP130: 10/31/2008 3:49:54 PM - System Checkpoint
RP131: 10/31/2008 6:55:21 PM - Software Distribution Service 3.0
RP132: 11/1/2008 2:24:15 AM - Software Distribution Service 3.0
RP133: 11/1/2008 9:22:25 AM - Removed Java™ 6 Update 7
RP134: 11/1/2008 2:28:40 PM - Software Distribution Service 3.0
RP135: 11/2/2008 3:17:09 PM - System Checkpoint
RP136: 11/3/2008 3:38:49 PM - System Checkpoint
RP137: 11/4/2008 6:56:07 PM - System Checkpoint
RP138: 11/4/2008 10:34:24 PM - Software Distribution Service 3.0
RP139: 11/6/2008 4:49:26 AM - System Checkpoint
RP140: 11/6/2008 2:16:51 PM - Software Distribution Service 3.0
RP141: 11/7/2008 2:55:35 PM - System Checkpoint
RP142: 11/7/2008 4:23:23 PM - Software Distribution Service 3.0
RP143: 11/9/2008 12:55:16 AM - System Checkpoint
RP144: 11/10/2008 3:46:17 AM - System Checkpoint
RP145: 11/10/2008 1:24:54 PM - Software Distribution Service 3.0
RP146: 11/10/2008 9:39:40 PM - Shockwave Player
RP147: 11/12/2008 12:37:16 AM - System Checkpoint
RP148: 11/13/2008 3:00:16 AM - Software Distribution Service 3.0
RP149: 11/14/2008 5:45:51 AM - System Checkpoint
RP150: 11/15/2008 5:58:04 AM - System Checkpoint
RP151: 11/16/2008 1:38:12 AM - Software Distribution Service 3.0
RP152: 11/17/2008 3:30:59 AM - System Checkpoint
RP153: 11/18/2008 6:17:05 AM - System Checkpoint
RP154: 11/18/2008 6:18:34 PM - Removed Netflix Movie Viewer
RP155: 11/18/2008 6:19:04 PM - Removed Rhapsody Player Engine
RP156: 11/20/2008 4:04:47 AM - System Checkpoint
RP157: 11/20/2008 8:07:20 PM - Software Distribution Service 3.0
RP158: 11/21/2008 11:29:05 AM - Software Distribution Service 3.0
RP159: 11/22/2008 12:33:04 PM - System Checkpoint
RP160: 11/23/2008 6:34:12 AM - Removed Java™ 6 Update 10
RP161: 11/23/2008 6:35:34 AM - Installed Java™ 6 Update 10
RP162: 11/24/2008 8:42:38 AM - System Checkpoint
RP163: 11/24/2008 11:02:44 PM - Software Distribution Service 3.0
RP164: 11/26/2008 12:47:28 AM - System Checkpoint
RP165: 11/26/2008 2:02:04 AM - Software Distribution Service 3.0
RP166: 11/27/2008 2:26:31 AM - System Checkpoint
RP167: 11/27/2008 9:34:34 AM - Software Distribution Service 3.0
RP168: 11/27/2008 1:33:43 PM - Software Distribution Service 3.0
RP169: 11/28/2008 3:08:26 PM - System Checkpoint
RP170: 11/29/2008 3:37:10 PM - System Checkpoint
RP171: 11/30/2008 4:13:03 PM - System Checkpoint
RP172: 12/2/2008 4:20:02 AM - System Checkpoint
RP173: 12/2/2008 5:22:51 AM - Software Distribution Service 3.0
RP174: 12/3/2008 5:59:05 AM - System Checkpoint
RP175: 12/4/2008 7:25:02 AM - System Checkpoint
RP176: 12/4/2008 12:45:28 PM - Software Distribution Service 3.0
RP177: 12/5/2008 2:12:44 PM - System Checkpoint
RP178: 12/5/2008 3:35:36 PM - Installed PurePlay Poker.
RP179: 12/6/2008 4:37:46 PM - System Checkpoint
RP180: 12/7/2008 9:50:41 AM - Windows Defender Checkpoint
RP181: 12/8/2008 10:38:38 AM - System Checkpoint
RP182: 12/8/2008 5:45:05 PM - Software Distribution Service 3.0
RP183: 12/9/2008 7:07:24 PM - System Checkpoint
RP184: 12/10/2008 8:01:16 PM - System Checkpoint
RP185: 12/10/2008 9:59:02 PM - Software Distribution Service 3.0
RP186: 12/11/2008 7:44:50 AM - Software Distribution Service 3.0
RP187: 12/13/2008 11:29:40 AM - System Checkpoint
RP188: 12/13/2008 8:08:47 PM - Installed Java™ 6 Update 11
RP189: 12/14/2008 1:33:13 AM - Software Distribution Service 3.0
RP190: 12/15/2008 3:06:58 AM - System Checkpoint
RP191: 12/16/2008 4:10:55 AM - System Checkpoint
RP192: 12/16/2008 11:42:22 PM - Software Distribution Service 3.0
RP193: 12/18/2008 2:04:43 AM - System Checkpoint
RP194: 12/18/2008 3:00:15 AM - Software Distribution Service 3.0
RP195: 12/18/2008 4:47:35 PM - Software Distribution Service 3.0
RP196: 12/19/2008 6:53:14 PM - System Checkpoint
RP197: 12/21/2008 9:54:26 AM - System Checkpoint
RP198: 12/22/2008 10:18:17 AM - System Checkpoint
RP199: 12/22/2008 3:55:10 PM - Software Distribution Service 3.0
RP200: 12/23/2008 5:42:18 PM - System Checkpoint
RP201: 12/24/2008 7:46:03 PM - System Checkpoint
RP202: 12/25/2008 8:08:41 PM - System Checkpoint
RP203: 12/26/2008 12:18:35 AM - Software Distribution Service 3.0
RP204: 12/27/2008 12:43:03 PM - System Checkpoint
RP205: 1/19/2009 11:03:13 AM - System Checkpoint

==== Installed Programs ======================

Acala DVD Creator 3.1.1
Acrobat.com
Actiontec Gateway
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
Apple Mobile Device Support
Apple Software Update
CA Yahoo! Anti-Spy (remove only)
Canon iP1600
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
ClientTools
DIGOpt
Driver Detective
Easy-WebPrint
FoxyTunes for Firefox
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GTOneCare
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IntelŪ Extreme Graphics 2 Driver
IntelŪ PRO Network Connections Drivers
iTunes
Java™ 6 Update 11
Last.fm 1.5.2.38918
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Protection Service
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
MobileMe Control Panel
Mouse Suite
Mozilla Firefox (3.0.5)
MSN
MSN Toolbar
MSXML 6.0 Parser (KB933579)
OpenOffice.org 2.1
PowerDVD
PurePlay Poker
PX Engine
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Qwest Quickcare 2.5
RealArcade
Rhapsody
Rhapsody Player Engine
Safari
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Solitaire Master 3
SoundMAX
Spy Sweeper for MSN
StumbleUpon IE Toolbar
Super GameHouse Solitaire Volume 3
Symantec Ghost Console Client
Tiger Woods 99 PGA TOUR Golf
Unix Utilities for Yahoo! Widgets
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WLTB Custom Buttons
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
Yahoo! Widgets
ZC DVD Creator Platinum 6.2.5
ZC Video Converter 1.8.9

==== Event Viewer Messages From Past Week ========

1/16/2009 11:17:42 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/16/2009 11:17:13 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/16/2009 11:03:04 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/16/2009 3:15:06 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 960 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/15/2009 7:15:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/15/2009 3:15:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/15/2009 1:15:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/15/2009 12:15:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/16/2009 11:33:50 AM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
1/16/2009 11:34:18 AM, error: NetDDE [206] - Listen failed: 15:
1/19/2009 4:03:37 AM, error: Service Control Manager [7031] - The OneCare AntiSpyware and AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/19/2009 4:03:51 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the OneCare AntiSpyware and AntiVirus service, but this action failed with the following error: An instance of the service is already running.

DDS (Ver_09-01-18.01) - NTFSx86
Run by Administrator at 13:07:21.87 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1436 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.0621.0\msntask.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A1ALC4SG\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uWindow Title = Windows Internet Explorer provided by Qwest
uDefault_Page_URL = hxxp://qwest.live.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Search Protection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
uRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickCare] "c:\program files\qwest\quickcare\bin\sprtcmd.exe" /P QuickCare
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
IE: &Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TCP: {04653755-D63C-4476-8698-5B32C66F1B80} = 205.171.3.65,205.171.2.65
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\smxwn08p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff3&p=
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff3&p=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\smxwn08p.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\smxwn08p.default\extensions\npmozax@real.com\plugins\npmozax.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R4 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2007-4-19 632456]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R4 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-7-16 3509616]
S3 GoogleDesktopManager-032008-165311;Google Desktop Manager 5.2.803.20506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-29 29744]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-12-7 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2007-12-7 9216]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-01-18 21:34 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy
2009-01-17 08:35 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-16 16:09 <DIR> --d----- c:\documents and settings\administrator\Contacts
2009-01-16 16:07 216,266 a------- c:\windows\wl.ico
2009-01-16 16:06 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-01-16 16:00 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-01-16 16:00 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-16 15:58 287,934 a------- c:\windows\ConnectWait.ico
2009-01-16 10:43 <DIR> --d----- c:\program files\Qwest
2009-01-16 10:42 <DIR> --d----- c:\program files\Actiontec
2009-01-16 10:42 <DIR> --d----- c:\program files\2Wire
2009-01-16 10:42 143,360 a------- c:\windows\GTRemove.exe
2009-01-05 03:17 <DIR> --d----- c:\program files\common files\supportsoft
2009-01-04 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-01-04 14:19 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-01-04 14:19 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-01-04 14:18 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-01-04 14:11 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-01-04 14:11 <DIR> --d----- C:\3d5b2674a34501feb3b8e6e62ee1
2009-01-01 08:32 61,224 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2008-12-27 12:13 <DIR> --d----- C:\ZCVideoConverter
2008-12-24 23:45 <DIR> --d----- c:\program files\Smilebox

==================== Find3M ====================

2008-12-27 22:06 44,944 -------- c:\windows\system32\drivers\PxHelp20.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-04 03:01 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-03 05:42 262,144 a------- C:\ntuser.dat
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-05-22 12:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052220080523\index.dat

============= FINISH: 13:08:19.95 ===============

==== End Of File ===========================

Edited by kcdave42, 19 January 2009 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:19 AM

Posted 30 January 2009 - 08:19 AM

Hello kcdave42

Welcome to BleepingComputer :thumbup2:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users