Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdWare.Win32.SearchIt.t, Acrord32.exe After Reformat


  • This topic is locked This topic is locked
13 replies to this topic

#1 hardynj

hardynj

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 04 February 2009 - 08:58 PM

Had AntiSpyware, got help here the end result being that I needed to reformat laptop (http://www.bleepingcomputer.com/forums/topic176099.html). After doing so, ZoneAlarm tells me I have AcroRD32.exe, which doesn't appear to be related to Adobe Acrobat. Kaspersky finds AdWare.Win32.SearchIt.t, but Nod32 my virus protection doesn't. Finally, ZoneAlarm blocked access to an unknown computer that looked like it was on my network, but I only have one computer.

Frustrated after reformatting computer to have problems still, but willing to keep working on it. Thanks!

DDS Logs and Kaspersky Log are:


DDS (Ver_09-02-01.01) - NTFSx86
Run by FAMILY at 21:53:08.37 on Tue 02/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.547 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FAMILY\Local Settings\Temporary Internet Files\Content.IE5\6YD3GVH2\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eolsony.html?X=300&Y=300&WIDTH=690&HEIGHT=480
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233110313343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-25 353680]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2009-02-03 21:32 <DIR> --d----- c:\docume~1\family\applic~1\Uniblue
2009-02-03 21:31 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-02-02 00:28 <DIR> --d-h--- c:\windows\PIF
2009-01-31 05:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-31 05:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-31 05:54 <DIR> --d----- c:\program files\iPod
2009-01-31 05:54 <DIR> --d----- c:\program files\iTunes
2009-01-31 05:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 05:54 <DIR> --d----- c:\program files\Bonjour
2009-01-28 16:18 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-28 16:18 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-28 12:40 <DIR> --d----- c:\program files\GPLGS
2009-01-28 12:40 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-01-28 12:39 <DIR> --d----- c:\program files\Acro Software
2009-01-28 09:33 726,008 a------- c:\documents and settings\family\gotomypc_437.exe
2009-01-27 22:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-27 22:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-27 21:47 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-25 23:52 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-25 23:44 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-25 23:44 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-25 23:00 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-01-25 23:00 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-25 23:00 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-01-25 23:00 <DIR> --d----- c:\program files\Zone Labs
2009-01-25 23:00 348,371 a------- c:\windows\system32\vsconfig.xml
2009-01-25 22:04 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-25 22:04 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-25 22:04 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-25 22:04 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-25 22:04 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-25 22:04 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-25 22:04 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-25 22:04 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-25 22:04 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-25 21:51 <DIR> --d----- c:\docume~1\family\applic~1\Intuit
2009-01-25 21:51 <DIR> --d----- c:\docume~1\family\applic~1\Symantec
2009-01-25 21:51 <DIR> --d----- c:\documents and settings\FAMILY
2009-01-25 21:51 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FS742.mrk
2009-01-25 21:36 56 a------- c:\windows\WININIT.INI
2009-01-25 21:35 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-25 21:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-25 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-25 21:27 <DIR> --d----- c:\documents and settings\all users\ImageConverter2
2009-01-25 21:25 2,158 a------- c:\windows\system32\ssmute.ini
2009-01-25 21:25 <DIR> --d----- c:\program files\InterMute
2009-01-25 21:25 <DIR> --d----- c:\program files\MoodLogic
2009-01-25 21:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-25 21:21 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-25 21:21 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-25 21:21 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-25 21:20 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-25 21:20 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-25 21:20 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-25 21:20 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 21:20 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-25 21:19 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-25 21:18 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-25 21:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-25 21:17 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-25 21:17 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-25 21:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-25 21:17 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-25 21:17 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\scripting
2009-01-25 21:05 <DIR> --d----- c:\windows\l2schemas
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\en
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\bits
2009-01-25 21:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-25 20:59 <DIR> --d----- c:\windows\network diagnostic
2009-01-25 20:53 <DIR> --d----- c:\windows\EHome
2009-01-25 20:44 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-25 20:35 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-25 20:35 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-25 20:32 <DIR> --dsh--- c:\documents and settings\family\UserData
2009-01-25 20:31 <DIR> --d----- c:\windows\Internet Logs
2009-01-25 20:26 <DIR> --d----- c:\program files\ESET
2009-01-25 20:18 172 a------- c:\windows\Quicken.ini
2009-01-25 20:18 <DIR> --d----- c:\program files\common files\Palo Alto Software
2009-01-25 20:18 <DIR> --d----- c:\program files\common files\Intuit
2009-01-25 20:18 <DIR> --d----- c:\program files\Quicken
2009-01-25 20:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-01-25 20:17 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-01-25 20:17 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-01-25 20:17 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-01-25 20:17 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-01-25 20:17 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-01-25 20:17 20,480 a------- c:\windows\system32\IVIresize.dll
2009-01-25 20:16 <DIR> --d----- c:\program files\InterVideo
2009-01-25 20:08 376 a------- c:\windows\ODBC.INI
2009-01-25 20:07 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-25 20:07 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-25 20:07 <DIR> --d----- c:\windows\SHELLNEW
2009-01-25 20:06 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-25 19:55 757,760 a------- c:\windows\system32\CDDBUI.dll
2009-01-25 19:55 630,784 a------- c:\windows\system32\CDDBControl.dll
2009-01-05 16:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-01-25 21:08 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 21:53:37.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2009 9:51:21 PM
System Uptime: 2/2/2009 6:44:50 PM (27 hours ago)
Processor: Intel® Pentium® M processor 1.73GHz | N/A | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 62.626 GiB free.
D: is Removable
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 214.545 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/25/2009 9:51:28 PM - System Checkpoint
RP2: 1/25/2009 8:26:13 PM - Installed ESET NOD32 Antivirus
RP3: 1/25/2009 8:34:00 PM - Software Distribution Service 3.0
RP4: 1/25/2009 8:49:32 PM - Software Distribution Service 3.0
RP5: 1/25/2009 9:27:07 PM - Software Distribution Service 3.0
RP6: 1/25/2009 10:30:10 PM - Software Distribution Service 3.0
RP7: 1/25/2009 10:38:43 PM - Software Distribution Service 3.0
RP8: 1/25/2009 11:43:34 PM - Installed Click to DVD
RP9: 1/25/2009 11:43:42 PM - Configured Click to DVD
RP10: 1/25/2009 11:44:16 PM - ???????? Click to DVD
RP11: 1/27/2009 9:47:37 PM - Software Distribution Service 3.0
RP12: 1/27/2009 10:14:59 PM - Installed Java™ 6 Update 11
RP13: 1/28/2009 12:39:57 PM - Printer Driver CutePDF Writer Installed
RP14: 1/28/2009 8:27:35 PM - Software Distribution Service 3.0
RP15: 1/30/2009 8:37:34 PM - System Checkpoint
RP16: 1/31/2009 5:54:29 AM - Installed iTunes

==== Installed Programs ======================

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.12
CONNECT
CutePDF Writer 2.7
DVgate Plus
ESET NOD32 Antivirus
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB952287)
Image Converter 2
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
InterVideo WinDVDX
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 11
LAN-Express AS IEEE 802.11 Wireless LAN
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Works
mMHouse
MoodLogic
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
Netscape Internet Service Setup
NVIDIA Drivers
OpenMG Secure Module 4.2.00
Quicken 2005
QuickTime
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Setting Utility Series
SonicStage 3.2
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO TV Tuner Library 1.4
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
VAIO Zone Remote Commander
VC 9.0 Runtime
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Service Pack 3
ZoneAlarm

==== End Of File ===========================


KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 04, 2009 03:28:02
Records in database: 1742131


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 79280
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:14:05

File name Threat name Threats count
C:\Program Files\Online Services\AOL Setup\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:09 PM

Posted 17 February 2009 - 10:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 hardynj

hardynj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 19 February 2009 - 05:56 PM

Thanks for getting back to me. Here is my DDS.text log


DDS (Ver_09-02-01.01) - NTFSx86
Run by FAMILY at 17:40:23.48 on Thu 02/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.683 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\FAMILY\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eolsony.html?X=300&Y=300&WIDTH=690&HEIGHT=480
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233110313343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-4 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-2-15 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-2-15 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-2-15 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090212.003\IDSxpx86.sys [2009-2-15 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-2-15 115560]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090218.054\NAVENG.SYS [2009-2-19 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090218.054\NAVEX15.SYS [2009-2-19 876112]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2009-02-15 14:55 <DIR> --d--r-- c:\program files\Norton Support
2009-02-15 14:49 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-15 14:49 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-15 14:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-15 14:49 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-15 14:49 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-15 14:49 <DIR> --d----- c:\program files\Symantec
2009-02-15 14:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-15 14:49 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-15 14:49 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-15 14:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-02-15 14:47 <DIR> --d----- c:\program files\NortonInstaller
2009-02-15 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-10 21:47 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-07 20:22 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-07 20:18 <DIR> --d--r-- c:\program files\Skype
2009-02-07 20:02 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-07 07:54 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-02-07 07:54 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-07 07:53 197,632 a------- c:\windows\system32\CNMLM78.DLL
2009-02-04 22:10 <DIR> --d----- c:\program files\Yahoo!
2009-02-04 22:10 <DIR> --d----- c:\program files\CCleaner
2009-02-04 21:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-04 21:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-04 21:07 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-04 21:05 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 21:05 <DIR> --d----- c:\program files\Lavasoft
2009-02-03 21:32 <DIR> --d----- c:\docume~1\family\applic~1\Uniblue
2009-02-02 00:28 <DIR> --d-h--- c:\windows\PIF
2009-01-31 05:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-31 05:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-31 05:54 <DIR> --d----- c:\program files\iPod
2009-01-31 05:54 <DIR> --d----- c:\program files\iTunes
2009-01-31 05:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 05:54 <DIR> --d----- c:\program files\Bonjour
2009-01-28 16:18 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-28 16:18 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-28 12:40 <DIR> --d----- c:\program files\GPLGS
2009-01-28 12:40 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-01-28 12:39 <DIR> --d----- c:\program files\Acro Software
2009-01-28 09:33 726,008 a------- c:\documents and settings\family\gotomypc_437.exe
2009-01-27 22:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-27 21:47 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-25 23:52 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-25 23:44 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-25 23:44 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-25 23:00 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-01-25 22:04 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-25 22:04 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-25 22:04 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-25 22:04 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-25 22:04 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-25 22:04 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-25 22:04 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-25 22:04 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-25 22:04 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-25 21:51 <DIR> --d----- c:\docume~1\family\applic~1\Intuit
2009-01-25 21:51 <DIR> --d----- c:\docume~1\family\applic~1\Symantec
2009-01-25 21:51 <DIR> --d----- c:\documents and settings\FAMILY
2009-01-25 21:51 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FS742.mrk
2009-01-25 21:36 56 a------- c:\windows\WININIT.INI
2009-01-25 21:35 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-25 21:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-25 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-25 21:27 <DIR> --d----- c:\documents and settings\all users\ImageConverter2
2009-01-25 21:25 2,158 a------- c:\windows\system32\ssmute.ini
2009-01-25 21:25 <DIR> --d----- c:\program files\InterMute
2009-01-25 21:25 <DIR> --d----- c:\program files\MoodLogic
2009-01-25 21:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-25 21:21 826,368 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-25 21:21 1,160,192 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-25 21:21 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-25 21:20 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-25 21:20 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-25 21:20 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-25 21:20 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 21:20 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-25 21:19 3,594,752 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-25 21:18 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-25 21:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-25 21:17 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-25 21:17 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-25 21:17 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-25 21:17 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-25 21:17 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\scripting
2009-01-25 21:05 <DIR> --d----- c:\windows\l2schemas
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\en
2009-01-25 21:05 <DIR> --d----- c:\windows\system32\bits
2009-01-25 21:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-25 20:59 <DIR> --d----- c:\windows\network diagnostic
2009-01-25 20:53 <DIR> --d----- c:\windows\EHome
2009-01-25 20:44 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-25 20:35 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-25 20:35 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-25 20:32 <DIR> --dsh--- c:\documents and settings\family\UserData
2009-01-25 20:31 <DIR> --d----- c:\windows\Internet Logs
2009-01-25 20:18 172 a------- c:\windows\Quicken.ini
2009-01-25 20:18 <DIR> --d----- c:\program files\common files\Palo Alto Software
2009-01-25 20:18 <DIR> --d----- c:\program files\common files\Intuit
2009-01-25 20:18 <DIR> --d----- c:\program files\Quicken
2009-01-25 20:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-01-25 20:17 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-01-25 20:17 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-01-25 20:17 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-01-25 20:17 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-01-25 20:17 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-01-25 20:17 20,480 a------- c:\windows\system32\IVIresize.dll
2009-01-25 20:16 <DIR> --d----- c:\program files\InterVideo
2009-01-25 20:08 376 a------- c:\windows\ODBC.INI
2009-01-25 20:07 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-25 20:07 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-25 20:07 <DIR> --d----- c:\windows\SHELLNEW
2009-01-25 20:06 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-25 19:55 757,760 a------- c:\windows\system32\CDDBUI.dll
2009-01-25 19:55 630,784 a------- c:\windows\system32\CDDBControl.dll

==================== Find3M ====================

2009-02-09 21:31 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-25 21:08 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 17:41:12.48 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 20 February 2009 - 04:12 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Can you go to c:\windows\internet logs and if there is more than 1 text file in there, zip them all up and attach them to your next post. They are the logs from ZoneAlarm. The names will be something like zalog.txt, If there is more than 1, there will be a date in the title as well. I will look at the logs and be able to tell better what is causing the problem. As for the other computer trying to access yours, do you have a wireless connection? Router? Wireless Router?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 hardynj

hardynj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 24 February 2009 - 01:38 AM

Thanks for helping and sorry for the delay in getting back to you.

I don't have a program to zip my ZoneAlarm logs. I will get one but did not want to add a program before letting you know. There are three logs. I have Verizon Fios with a ZyXel Prestige 861 Modem and a Actiontec M1424WR wireless router.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 24 February 2009 - 01:49 AM

I use PowerArchiver, or there is WinZip or a couple hundred other programs. But you can also do it right in XP

Method 1: Use My Computer to create the compressed folder
Follow these steps to use My Computer to create a compressed folder:

1. On your desktop, double-click My Computer, and then open the folder in which you want to create the compressed folder. For example, if you want to make a compressed folder in the root folder of drive C, double-click My Computer, and then double-click drive C to open the root folder.

Note If you do not see a My Computer icon on your desktop, click Start, and then click My Computer.
2. On the File menu, point to New, and then click Compressed (zipped) Folder.
3. Type a name for the new compressed folder, and then press ENTER. Your new compressed folder is displayed as a folder icon with a zipper. Depending on which folder options that you have set, a .zip file name extension may also appear.

Method 2: Create the compressed folder on the desktop or in a folder

1. Right-click a blank area on the desktop or in an open folder, point to New, and then click Compressed (zipped) Folder.
2. Type a name for the new compressed folder, and then press ENTER. Your new compressed folder is displayed as a folder icon with a zipper. Depending on your preferences, a .zip file name extension may also appear.

How to move files and folders to and from a compressed folder
You move files and folders to or from compressed folders exactly as you move them to or from uncompressed folders. For example, you can drag files or folders to the compressed folder. When you move a file or a folder to a compressed folder, that file is automatically compressed. A file that is moved from a compressed folder is automatically uncompressed.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 hardynj

hardynj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 28 February 2009 - 11:37 AM

Ok. Feel like a dork. That was really easy. The zipped files are attached.

Attached Files



#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 28 February 2009 - 04:26 PM

:thumbup2: That happens to everyone occasionally. But there is one problem, the files must have gone astray.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 hardynj

hardynj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 01 March 2009 - 04:38 PM

Ok, one of them is uploaded now (in my previous reply). The second one can't be uploaded because it is too big (661 KB) even after compression. I have a 100 KB available after adding the first log.

Do other programs offer better compression than the one that came with XP?

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 01 March 2009 - 05:39 PM

Check your private messages.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 01 March 2009 - 07:55 PM

Unfortunately those were the wrong files. The ones I need are txt files. The first part of the name will be zalog then maybe a date then .txt .

As well as getting those files (send them to the same place as before) go ahead and download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 hardynj

hardynj
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 02 March 2009 - 08:15 PM

Malwarebytes log:

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/2/2009 8:09:48 PM
mbam-log-2009-03-02 (20-09-48).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 136107
Time elapsed: 2 hour(s), 1 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 02 March 2009 - 08:33 PM

Are you getting any warnings of malware from the new firewall?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:09 PM

Posted 11 March 2009 - 01:42 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users