Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All sorts of problems


  • This topic is locked This topic is locked
37 replies to this topic

#1 smiley1124

smiley1124

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 25 January 2009 - 12:59 PM

I have been having problems and was being helped out on here and they redirected me and hoped that you would be able to help me more....here is a link to what has already been done http://www.bleepingcomputer.com/forums/t/195852/having-problems-please-help/

DDs.txt log:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Nakisha at 13:02:12.28 on Sun 01/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.524 [GMT -5:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSsystem32svchost -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltpspd.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesiWin GamesiWinGamesInstaller.exe
C:Program FilesiWin GamesiWinTrusted.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSonicDigitalMedia Plus v7MyDVD PlusUSBDeviceService.exe
c:WINDOWSsystem32ZuneBusEnum.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesSonicDigitalMedia Plus v7MyDVD PlusDetectorApp.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSSystem32alg.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesHPQQuick Launch ButtonsEabServr.exe
C:Program FilesCommon FilesAOL1218262548eeAOLSoftware.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:PROGRA~1HPQSHAREDHPQTOA~1.EXE
c:program filescommon filesaol1218262548eeservicesantiSpywareAppver2_0_32_1AOLSP Scheduler.exe
C:Program FilesCommon FilesAOL1218262548EEaolsoftware.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32drwtsn32.exe
C:WINDOWSsystem32drwtsn32.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32drwtsn32.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32drwtsn32.exe
C:Program FilesAOL 9.1waol.exe
C:Program FilesAOL 9.1shellmon.exe
C:Program FilesCommon FilesAOLTopspeed3.0aoltpsd3.exe
C:Documents and SettingsNakisha.KISHALocal SettingsTemporary Internet FilesContent.IE5DWLGRCPZdds[1].scr
C:WINDOWSsystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:program filesaol toolbaraoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpn1yt.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:program filesaol toolbaraoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpn1yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 6.0readeractivexAcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:program filesyahoo!searchsuggestYSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:program filesaol toolbaraoltb.dll
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:progra~1oovoot~1OOVOOT~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.0.926.3450swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpn1yt.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:progra~1oovoot~1OOVOOT~1.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:program filesaol toolbaraoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
uRun: [AOL Fast Start] "c:program filesaol 9.1AOL.EXE" -b
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [DetectorApp] c:program filessonicdigitalmedia plus v7mydvd plusDetectorApp.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [hpWirelessAssistant] c:program fileshpqhp wireless assistantHP Wireless Assistant.exe
mRun: [eabconfg.cpl] c:program fileshpqquick launch buttonsEabServr.exe /Start
mRun: [Cpqset] c:program fileshpqdefault settingscpqset.exe
mRun: [RecGuard] c:windowssminstRecGuard.exe
mRun: [HostManager] c:program filescommon filesaol1218262548eeAOLSoftware.exe
mRun: [AOLDialer] c:program filescommon filesaolacsAOLDial.exe
mRun: [Pure Networks Port Magic] "c:progra~1purene~1portma~1PortAOL.exe" -Run
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [LXBUCATS] rundll32 c:windowssystem32spooldriversw32x863LXBUtime.dll,_RunDLLEntry@16
mRun: []
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1isuspm.exe -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
IE: &AOL Toolbar Search - c:documents and settingsall usersapplication dataaolietoolbarresourcesen-uslocalsearch.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:program filesjavajre6binjp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218263049693
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218263041553
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2008-12-26 38496]
R4 iWinGamesInstaller;iWinGamesInstaller;c:program filesiwin gamesiWinGamesInstaller.exe [2008-5-29 78104]
R4 iWinTrusted;iWinTrusted;c:program filesiwin gamesiWinTrusted.exe [2008-12-17 78104]
S0 sclisuvv;sclisuvv;c:windowssystem32driversdddh.sys --> c:windowssystem32driversdddh.sys [?]

=============== Created Last 30 ================

2009-01-25 00:34 --d----- c:windowssystem32CatRoot2
2009-01-21 19:13 9,216 a------- c:windowssystem32dllcacheibmsgnet.dll
2009-01-21 19:13 28,700 a------- c:windowssystem32dllcacheibmexmp.sys
2009-01-21 19:11 324,608 a------- c:windowssystem32dllcachehpojwia.dll
2009-01-21 19:10 1,733,120 a------- c:windowssystem32dllcacheg400d.dll
2009-01-21 19:09 57,856 a------- c:windowssystem32dllcacheesuimgd.dll
2009-01-21 19:08 24,653 a------- c:windowssystem32dllcacheel574nd4.sys
2009-01-21 19:07 110,592 a------- c:windowssystem32dllcachedc260usd.dll
2009-01-21 19:06 39,680 a------- c:windowssystem32dllcachecb325.sys
2009-01-21 19:05 28,672 a------- c:windowssystem32dllcacheatinsnxx.sys
2009-01-21 19:04 66,048 a------- c:windowssystem32dllcaches3legacy.dll
2009-01-21 18:42 10,920 a------- C:aolconnfix.exe
2009-01-20 10:59 --d----- c:windowspss
2009-01-16 19:08 --d----- C:eb52b75148a3233bc060ddf9
2009-01-16 02:40 --d----- c:docume~1alluse~1applic~11Click DVD Converter
2009-01-16 02:39 87,608 a------- c:docume~1nakish~1.kisapplic~1inst.exe
2009-01-16 02:39 47,360 a------- c:windowssystem32driverspcouffin.sys
2009-01-16 02:39 47,360 a------- c:docume~1nakish~1.kisapplic~1pcouffin.sys
2009-01-15 21:25 0 a---h--- c:windowssystem32driversMsft_User_ZuneDriver_01_07_00.Wdf
2009-01-15 21:25 0 a---h--- c:windowssystem32driversMsft_Kernel_WinUSB_01007.Wdf
2009-01-15 21:24 0 a---h--- c:windowssystem32driversMsftWdf_user_01_07_00.Wdf
2009-01-14 12:00 118 a------- c:windowssystem32MRT.INI
2009-01-13 12:07 --d----- C:MIRRORS_SPECIAL_EDITION_UNRATED
2009-01-12 23:03 12,160 a------- c:windowssystem32driversmouhid.sys
2009-01-12 23:03 12,160 a------- c:windowssystem32dllcachemouhid.sys
2009-01-06 19:28 35,328 a------- c:windowssystem32winchat.exe
2009-01-02 21:11 --d----- c:program filescommon filesxing shared
2009-01-02 20:51 --d----- c:program filescommon filesSoftware Update Utility
2009-01-02 20:50 --d----- c:program filesAOL Toolbar
2009-01-02 20:49 --d----- c:windowsaolshare
2009-01-02 20:49 --d----- c:program filesAOL 9.1
2009-01-02 20:20 173,184 a------- c:windowssystem32ygpss.scr
2009-01-02 20:12 7,680 a--sh--- c:windowsThumbs.db
2008-12-31 00:52 --d----- c:docume~1nakish~1.kisapplic~1ViquaSoft
2008-12-28 22:36 107,368 a------- c:windowssystem32GEARAspi.dll
2008-12-28 22:36 15,464 a------- c:windowssystem32driversGEARAspiWDM.sys
2008-12-28 22:35 --d----- c:docume~1alluse~1applic~1{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-28 22:05 464,384 -------- c:windowssystem32imapi2fs.dll
2008-12-28 22:05 464,384 -------- c:windowssystem32dllcacheimapi2fs.dll
2008-12-28 22:05 317,952 -------- c:windowssystem32imapi2.dll
2008-12-28 22:05 317,952 -------- c:windowssystem32dllcacheimapi2.dll
2008-12-27 15:07 --d----- c:program filesDVD Decrypter
2008-12-26 19:49 15,504 a------- c:windowssystem32driversmbam.sys
2008-12-26 19:49 38,496 a------- c:windowssystem32driversmbamswissarmy.sys
2008-12-26 19:49 --d----- c:program filesMalwarebytes' Anti-Malware

==================== Find3M ====================

2009-01-13 23:47 814 a------- c:docume~1nakish~1.kisapplic~1wklnhst.dat
2008-12-16 12:26 410,984 a------- c:windowssystem32deploytk.dll
2008-12-13 01:40 3,593,216 a------- c:windowssystem32dllcachemshtml.dll
2008-12-11 06:57 333,184 a------- c:windowssystem32driverssrv.sys
2008-12-11 06:57 333,184 -------- c:windowssystem32dllcachesrv.sys
2008-11-10 12:23 243,840 a------- c:windowssystem32ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:windowssystem32ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:windowssystem32ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:windowssystem32ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:windowssystem32ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:windowssystem32ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:windowssystem32ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:windowssystem32ZuneMTPZ.dll
2008-11-06 06:42 499,712 a------- c:windowssystem32msvcp71.dll
2008-11-06 06:42 348,160 a------- c:windowssystem32msvcr71.dll

============= FINISH: 13:03:26.26 ===============

Merge posts. ~ OB

Attached Files


Edited by Orange Blossom, 25 January 2009 - 09:35 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 04 February 2009 - 04:33 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
If you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).

Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

In your next reply include:
-the ComboFix log
-a new HijackThis or DDS log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#3 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 05 February 2009 - 02:43 AM

yes my computer has changes made since i started this topic.My computer was recently recovered other than someone besides myself. so i did a new scan and that would be here
http://www.bleepingcomputer.com/forums/t/199743/new-kaspersky-online-scanner-report/
i am able to use everything but still getting things in the scan as you can see

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 05 February 2009 - 08:14 AM

Hello.

Please go ahead with running ComboFix.

With Regards,
The Panda

#5 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 05 February 2009 - 05:42 PM

combo fix log:

ComboFix 09-02-05.01 - Nakisha 2009-02-05 17:27:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.676 [GMT -8:00]
Running from: c:\documents and settings\Nakisha.KISHA.000\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kisha.YOUR-4105E587B6\Application Data\inst.exe
c:\documents and settings\Nakisha.KISHA\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\_000111_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-02 12:36 . 2008-04-13 10:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2009-02-02 01:30 . 2009-02-02 01:30 <DIR> d-------- c:\windows\system32\xlive
2009-02-02 01:30 . 2009-02-02 01:30 <DIR> d-------- c:\windows\Logs
2009-02-02 01:30 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-02-02 01:30 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-02-02 01:30 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-02-02 01:30 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-02-02 01:30 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-02-02 01:30 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2009-02-02 01:30 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-02-02 01:30 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-02-02 01:30 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-02-02 01:30 . 2007-07-20 00:54 18,280 --a------ c:\windows\system32\x3daudio1_2.dll
2009-02-02 01:29 . 2009-02-02 01:29 <DIR> d-------- c:\program files\Microsoft XNA
2009-02-02 01:10 . 2009-02-02 01:10 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-02-02 01:10 . 2009-02-02 01:10 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 01:10 . 2009-02-02 01:10 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-02 01:07 . 2009-02-02 01:07 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-02 01:07 . 2009-02-02 01:10 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-02-02 01:07 . 2009-02-02 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-02 01:06 . 2009-02-02 01:06 <DIR> d-------- c:\program files\Microsoft SDKs
2009-02-02 01:05 . 2009-02-02 01:05 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-02 01:05 . 2009-02-02 01:05 <DIR> d-------- c:\program files\MSBuild
2009-02-02 01:04 . 2009-02-02 01:04 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-02 01:04 . 2009-02-02 01:04 <DIR> d-------- C:\b35fcb1545f76ba1e18752a0
2009-02-02 01:04 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-02 01:04 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-02 01:04 . 2008-07-06 02:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-02 01:04 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-02 01:04 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-02 01:04 . 2008-07-06 04:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-02 01:04 . 2008-07-06 04:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-01 23:31 . 2009-02-01 23:31 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\AdobeUM
2009-02-01 21:36 . 2009-02-01 21:36 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Simple Star
2009-02-01 21:35 . 2009-02-01 21:36 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Nero
2009-02-01 21:33 . 2009-02-01 21:33 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Ahead
2009-02-01 21:29 . 2009-02-01 21:34 <DIR> d-------- c:\program files\Nero
2009-02-01 13:37 . 2009-02-01 13:37 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Template
2009-02-01 13:37 . 2009-02-01 14:18 144 --a------ c:\documents and settings\Nakisha.KISHA.000\Application Data\wklnhst.dat
2009-01-31 14:01 . 2009-01-31 14:01 0 --ah----- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-01-31 14:01 . 2009-01-31 14:01 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-01-31 14:00 . 2009-01-31 14:00 0 --ah----- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-01-31 13:51 . 2009-01-31 13:52 <DIR> d-------- c:\program files\Zune
2009-01-29 12:59 . 2009-01-29 12:59 <DIR> d-------- c:\documents and settings\Jayla\Application Data\Yahoo!
2009-01-28 21:17 . 2009-01-28 21:17 <DIR> d-------- c:\documents and settings\Jayla\Application Data\AOL
2009-01-28 21:11 . 2009-01-27 16:12 <DIR> d-------- c:\documents and settings\Jayla\Application Data\Symantec
2009-01-28 21:11 . 2009-01-27 16:12 <DIR> d-------- c:\documents and settings\Jayla\Application Data\Intuit
2009-01-28 21:11 . 2009-01-28 21:11 <DIR> d-------- c:\documents and settings\Jayla
2009-01-28 15:49 . 2009-01-28 15:49 <DIR> d-------- c:\program files\DVD Decrypter
2009-01-28 15:45 . 2009-01-28 15:45 <DIR> d-------- c:\program files\DVD Shrink
2009-01-28 15:38 . 2009-01-28 15:38 <DIR> d-------- c:\program files\IrfanView
2009-01-28 15:31 . 2009-01-28 15:31 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Yahoo!
2009-01-28 12:46 . 2009-01-28 12:46 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-28 12:46 . 2009-01-28 12:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 01:53 . 2009-01-28 01:53 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\iWinArcade
2009-01-27 20:10 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-27 20:10 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-27 18:06 . 2004-08-04 00:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-27 18:06 . 2009-01-27 18:06 1,781 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (ET738UA#ABA)_YN_0Pavi_QCNF6160CLD_E396559001_46_I30A0_SQuanta_V55.0F_BF.09_T060216_WXH2_L409_M1015_J100_7Intel_8T2300_91.66_#051228_N80861092_(ET738UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-27 18:05 . 2009-01-27 16:12 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\Intuit
2009-01-27 18:05 . 2009-02-05 17:14 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000
2009-01-27 17:19 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-27 17:19 . 2009-01-27 17:19 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-27 17:19 . 2009-01-27 17:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-01-27 17:17 . 2009-01-27 17:17 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-27 17:17 . 2009-01-31 14:00 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-27 17:17 . 2009-01-27 17:17 <DIR> d-------- C:\75c45e9402c39554cd9e47e0ef49
2009-01-27 17:16 . 2009-01-27 17:17 <DIR> d-------- C:\d51e94b80f6c0fd8c71288485b00
2009-01-27 16:44 . 2008-10-16 12:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-27 16:44 . 2007-04-17 01:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-27 16:44 . 2007-03-07 21:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-27 16:44 . 2008-10-16 12:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-27 16:44 . 2008-10-16 12:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-27 16:44 . 2008-10-16 12:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-27 16:44 . 2008-10-16 12:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-27 16:44 . 2008-10-16 12:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-27 16:44 . 2008-10-16 05:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-27 16:43 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-27 16:43 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-27 16:43 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-27 16:43 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-27 16:43 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-27 16:43 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-27 16:42 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-27 16:42 . 2008-05-08 06:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-27 16:41 . 2008-09-04 09:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-01-27 16:41 . 2008-04-11 11:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-27 16:41 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-27 16:41 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-27 16:41 . 2008-05-01 06:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-27 16:41 . 2008-10-03 02:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-01-27 16:40 . 2004-08-07 04:56 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-27 16:40 . 2004-08-07 04:56 488 -rah----- c:\windows\system32\WindowsLogon.manifest
2009-01-27 16:38 . 2004-08-07 04:56 749 -rah----- c:\windows\system32\cdplayer.exe.manifest
2009-01-27 16:31 . 2009-01-27 16:31 <DIR> d-------- c:\windows\system32\scripting
2009-01-27 16:31 . 2009-01-27 16:31 <DIR> d-------- c:\windows\system32\en
2009-01-27 16:31 . 2009-01-27 16:31 <DIR> d-------- c:\windows\system32\bits
2009-01-27 16:31 . 2009-01-27 16:31 <DIR> d-------- c:\windows\l2schemas
2009-01-27 16:29 . 2009-01-27 16:29 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-27 16:25 . 2009-01-27 16:25 <DIR> d-------- c:\windows\EHome
2009-01-27 16:21 . 2008-04-13 16:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2009-01-27 16:19 . 2009-01-27 16:19 <DIR> d-------- c:\program files\Microsoft Money 2006
2009-01-27 16:09 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-01-27 16:09 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-01-27 16:09 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-01-27 16:09 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-27 16:09 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-01-27 15:12 . 2003-01-10 13:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys
2009-01-27 15:12 . 2007-10-11 03:20 24,960 -ra------ c:\windows\system32\drivers\ATWPKT2.SYS
2009-01-27 15:11 . 2009-01-27 15:11 <DIR> d-------- c:\documents and settings\Nakisha.KISHA.000\Application Data\AOL
2009-01-27 15:09 . 2009-01-27 15:09 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-21 15:42 . 2009-01-21 15:42 10,920 --a------ C:\aolconnfix.exe
2009-01-16 18:49 . 2008-08-09 00:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-01-16 18:49 . 2008-08-09 00:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2009-01-16 18:49 . 2009-01-16 18:49 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 16:08 . 2009-01-16 16:08 <DIR> d-------- C:\eb52b75148a3233bc060ddf9
2009-01-15 23:40 . 2009-01-15 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\1Click DVD Converter
2009-01-15 23:39 . 2009-01-16 16:03 <DIR> d-------- c:\documents and settings\Nakisha.KISHA\Application Data\Vso
2009-01-15 23:39 . 2009-01-16 16:03 47,360 --a------ c:\documents and settings\Nakisha.KISHA\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 01:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-06 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-01 21:03 --------- d-----w c:\program files\BearShare
2009-01-28 23:33 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-28 02:01 --------- d-----w c:\program files\HPQ
2009-01-28 00:20 --------- d-----w c:\program files\music_now
2009-01-28 00:20 --------- d-----w c:\program files\MSN Encarta Plus
2009-01-28 00:20 --------- d-----w c:\program files\Microsoft Works
2009-01-28 00:19 --------- d-----w c:\program files\Microsoft Office Trial Wizard
2009-01-28 00:18 --------- d-----w c:\program files\HP Rhapsody
2009-01-28 00:17 --------- d-----w c:\program files\CONEXANT
2009-01-28 00:16 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-28 00:16 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-28 00:16 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-28 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\hpqwmi
2009-01-27 23:56 --------- d-----w c:\program files\Hewlett-Packard
2009-01-27 22:04 814 ----a-w c:\documents and settings\Nakisha.KISHA\Application Data\wklnhst.dat
2009-01-25 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-25 05:17 --------- d-----w c:\program files\Google
2009-01-17 17:25 --------- d-----w c:\program files\Common Files\AOL
2009-01-15 08:01 --------- d-----w c:\program files\iWin Games
2009-01-13 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-13 04:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-11 18:33 --------- d-----w c:\program files\iWin.com
2009-01-11 06:16 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Pogo Games
2009-01-07 00:06 --------- d-----w c:\program files\Java
2009-01-03 19:12 --------- d-----w c:\program files\AOL 9.1
2009-01-03 17:54 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Download Manager
2009-01-03 02:27 --------- d-----w c:\program files\Common Files\aolshare
2009-01-03 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-03 02:11 --------- d-----w c:\program files\Common Files\xing shared
2009-01-03 02:11 --------- d-----w c:\program files\Common Files\Real
2009-01-03 01:52 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\AOL
2009-01-03 01:51 --------- d-----w c:\program files\Common Files\Software Update Utility
2009-01-03 01:50 --------- d-----w c:\program files\AOL Toolbar
2009-01-03 01:40 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-01-01 07:06 --------- d-----w c:\program files\Lx_cats
2008-12-31 05:52 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\ViquaSoft
2008-12-29 03:36 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Apple Computer
2008-12-29 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 03:35 --------- d-----w c:\program files\QuickTime
2008-12-29 03:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-29 03:35 --------- d-----w c:\program files\Bonjour
2008-12-29 03:34 --------- d-----w c:\program files\Apple Software Update
2008-12-25 10:01 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Malwarebytes
2008-12-25 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 05:02 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Ahead
2008-12-24 03:28 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\CD-DVDBurner
2008-12-23 03:04 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\FaxCtr
2008-12-22 00:36 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-22 00:34 --------- d-----w c:\program files\InstallShield Installation Information
2008-12-22 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2008-12-18 02:01 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Nero
2008-12-18 02:00 --------- d-----w c:\program files\Common Files\Ahead
2008-12-18 01:42 --------- d-----w c:\documents and settings\Nakisha.KISHA\Application Data\Simple Star
2008-12-17 05:10 --------- d-----w c:\program files\Yahoo!
2008-12-16 05:24 --------- d-----w c:\program files\Imikimi(2)
2008-12-16 05:24 --------- d-----w c:\program files\Imikimi
2008-12-16 05:24 --------- d-----w c:\program files\eGames
2008-12-15 21:23 --------- d-----w c:\program files\Common Files\Simple Star Shared
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 20:41 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-12-12 20:41 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-10 20:09 73,728 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 20:09 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-11-10 20:09 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-11-10 20:09 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 20:09 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-11-10 20:09 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
2008-06-11 01:19 47,360 -c--a-w c:\documents and settings\Kisha.YOUR-4105E587B6\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-02 185896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\Kisha.YOUR-4105E587B6\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-06-06 107520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Nakisha.KISHA.000^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Nakisha.KISHA.000\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=

.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 17:30:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-05 17:32:08
ComboFix-quarantined-files.txt 2009-02-06 01:32:06

Pre-Run: 28,077,965,312 bytes free
Post-Run: 29,504,446,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

286 --- E O F --- 2009-01-28 09:25:46





this is the dds report

DDS (Ver_09-02-01.01) - NTFSx86
Run by Nakisha at 17:37:43.65 on Thu 02/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.570 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.1\waol.exe
C:\PROGRA~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Nakisha.KISHA.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\nero7~1\neroph~2\data\xtras\mssysmgr.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [DetectorApp] c:\program files\sonic\digitalmedia plus v7\mydvd plus\DetectorApp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233101362544
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233101353467
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-02-05 17:22 <DIR> a-dshr-- C:\cmdcons
2009-02-05 17:21 161,792 a------- c:\windows\SWREG.exe
2009-02-05 17:21 98,816 a------- c:\windows\sed.exe
2009-02-05 17:21 <DIR> --d----- C:\ComboFix
2009-02-02 12:36 26,368 a------- c:\windows\system32\dllcache\usbstor.sys
2009-02-02 01:30 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-02-02 01:30 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-02-02 01:30 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-02-02 01:30 267,112 a------- c:\windows\system32\xactengine2_9.dll
2009-02-02 01:30 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2009-02-02 01:30 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-02-02 01:30 <DIR> --d----- c:\windows\Logs
2009-02-02 01:30 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-02-02 01:30 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-02-02 01:30 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-02-02 01:30 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-02-02 01:30 <DIR> --d----- c:\windows\system32\xlive
2009-02-02 01:29 <DIR> --d----- c:\program files\Microsoft XNA
2009-02-02 01:10 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-02-02 01:10 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-02-02 01:10 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 01:05 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-02 01:04 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-02 01:04 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-02 01:04 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-02 01:04 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-02 01:04 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-02 01:04 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-02 01:04 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-02 01:04 <DIR> --d----- C:\b35fcb1545f76ba1e18752a0
2009-02-01 21:36 <DIR> --d----- c:\docume~1\nakish~1.000\applic~1\Simple Star
2009-02-01 21:29 <DIR> --d----- c:\program files\Nero
2009-02-01 13:37 144 a------- c:\docume~1\nakish~1.000\applic~1\wklnhst.dat
2009-01-31 14:01 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-01-31 14:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-01-31 14:00 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-01-28 15:49 <DIR> --d----- c:\program files\DVD Decrypter
2009-01-28 15:45 <DIR> --d----- c:\program files\DVD Shrink
2009-01-28 15:38 <DIR> --d----- c:\program files\IrfanView
2009-01-28 12:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-28 12:46 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-28 01:53 <DIR> --d----- c:\docume~1\nakish~1.000\applic~1\iWinArcade
2009-01-27 20:10 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-27 20:10 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-27 18:06 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-27 18:06 1,781 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (ET738UA#ABA)_YN_0Pavi_QCNF6160CLD_E396559001_46_I30A0_SQuanta_V55.0F_BF.09_T060216_WXH2_L409_M1015_J100_7Intel_8T2300_91.66_#051228_N80861092_(ET738UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-27 18:05 <DIR> --d----- c:\docume~1\nakish~1.000\applic~1\Intuit
2009-01-27 18:05 <DIR> --d----- c:\documents and settings\Nakisha.KISHA.000
2009-01-27 17:19 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-01-27 17:19 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-27 17:19 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-01-27 17:17 <DIR> --d----- C:\75c45e9402c39554cd9e47e0ef49
2009-01-27 17:17 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-27 17:16 <DIR> --d----- C:\d51e94b80f6c0fd8c71288485b00
2009-01-27 16:44 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-27 16:44 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-01-27 16:44 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-27 16:44 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-27 16:44 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-01-27 16:44 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-27 16:44 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-27 16:44 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-27 16:44 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-01-27 16:43 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-27 16:43 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-27 16:43 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-27 16:43 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-27 16:43 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-27 16:43 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-01-27 16:42 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-01-27 16:42 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-27 16:41 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-01-27 16:41 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-01-27 16:41 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-27 16:41 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-01-27 16:41 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-27 16:41 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-01-27 16:40 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-27 16:40 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-27 16:38 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-27 16:31 <DIR> --d----- c:\windows\system32\scripting
2009-01-27 16:31 <DIR> --d----- c:\windows\l2schemas
2009-01-27 16:31 <DIR> --d----- c:\windows\system32\en
2009-01-27 16:31 <DIR> --d----- c:\windows\system32\bits
2009-01-27 16:29 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-27 16:25 <DIR> --d----- c:\windows\EHome
2009-01-27 16:21 4,274,816 -------- c:\windows\system32\nv4_disp.dll
2009-01-27 16:19 <DIR> --d----- c:\program files\Microsoft Money 2006
2009-01-27 16:12 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-27 16:09 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-01-27 16:09 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-27 16:09 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-01-27 16:09 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-27 16:09 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-01-27 15:12 24,960 a----r-- c:\windows\system32\drivers\ATWPKT2.SYS
2009-01-27 15:12 33,588 a----r-- c:\windows\system32\drivers\wanatw4.sys
2009-01-27 15:11 <DIR> --d----- c:\docume~1\nakish~1.000\applic~1\AOL
2009-01-21 15:42 10,920 a------- C:\aolconnfix.exe
2009-01-20 07:59 <DIR> --d----- c:\windows\pss
2009-01-16 16:08 <DIR> --d----- C:\eb52b75148a3233bc060ddf9
2009-01-15 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1Click DVD Converter

==================== Find3M ====================

2009-01-27 16:33 83,983 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 22:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 12:41 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-12-12 12:41 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll

============= FINISH: 17:37:51.70 ===============

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 05 February 2009 - 05:59 PM

Hello.

Please give me an update on the symptoms.

With Regards,
The Panda

#7 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 05 February 2009 - 06:22 PM

everything was working again a while ago but as i put in a topic once it was restored again i did another kaspersky scan and it found items and i posted that scan.this was the scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 31, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 31, 2009 15:48:35
Records in database: 1732766
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 164418
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 03:41:59


File name / Threat name / Threats count
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-7b662abf Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Kisha.YOUR-4105E587B6\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5a2aa795 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Nakisha.KISHA\Desktop\songs\Funeral Music 50 Cent.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Nakisha.KISHA.000\Local Settings\Temporary Internet Files\Content.IE5\UGGPAJK3\info[1].swf Infected: Exploit.SWF.Downloader.lu 1
D:\FOUND.000\FILE0001.CHK Infected: Packed.Win32.Tdss.a 1

The selected area was scanned.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 05 February 2009 - 07:54 PM

Hello.

There is some sign of infection from the Kaspersky log.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

With Regards,
The Panda

#9 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 05 February 2009 - 09:01 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-05 20:59:50
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.14 ----

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 06 February 2009 - 08:09 AM

Hello.

Looks like whatever it was had been removed.

Are there symptoms other than items being flagged in scans?

With Regards,
The Panda

#11 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 06 February 2009 - 11:33 AM

i am not sure because i don't try to do to much and make any problem worse. also what is a good free download i can use for antivirus software for my computer? what other software can i download that is free to protect my computer

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 06 February 2009 - 11:51 AM

Hello.

What problem exactly are there right now?

Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program from one of the trusted venders below:After installing, update the database, run a full system scan and remove any items found.

Take a new DDS.txt log after.

With Regards,
The Panda

#13 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 06 February 2009 - 12:18 PM

last time i checked disk defragment was working and i haven't had any problems with ie7. i have not tried to restore my computer at an earlier time so i don't know if that is fixed or not. but i am going to download one of the programs you mentioned.also are there any other programs you recommend for Viruses and spyware to protect my computer

#14 smiley1124

smiley1124
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 06 February 2009 - 12:26 PM

also are all the ones you listed just trial versions for like 60 days?

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 06 February 2009 - 03:12 PM

Hello.

No. All of them have a free version that you can use forever. Choose the free version, not the trial of the full.

WIth Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users