Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware like Perfect Defender


  • This topic is locked This topic is locked
27 replies to this topic

#1 Alexlonebear

Alexlonebear

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 07 February 2009 - 09:41 PM

I was having a problem with what I thought was Perfect defender 2009 because I was getting it's pop up screams. I ran malwarebytes anti malware and ran it. If eliminated over 30 problems but perfect defender was not one of them. When I start to use the computer now it is very slow. Sometimes I look in task manager and Explorer is running using 100% of the resources. One other note. When I first noticed this problem I was using a SD card to store data. The problem with Explorer running happens more often when I have the card in the reader. I also used the anti malware to scan the card separately. Here is my DDS log

DDS (Ver_09-02-01.01) - NTFSx86
Run by Hank at 21:12:56.62 on Sat 02/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.433 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Palm\Hotsync.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hank\My Documents\Comp virus removal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://email.jostens.com/exchweb/bin/auth/...ge&reason=0
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\docume~1\hank\startm~1\programs\startup\palmon~1.lnk - c:\palm\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.5582407407
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hank\applic~1\mozilla\firefox\profiles\ax89rgx3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R3 SQTECH930B;Motion Track Webcam;c:\windows\system32\drivers\Capt930b.sys [2007-1-4 376374]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2003-12-13 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2003-12-13 17700]
S2 mrtRate;mrtRate; [x]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2003-12-13 76260]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2006-8-4 17976]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2007-1-1 136352]

=============== Created Last 30 ================

2009-02-04 15:32 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-04 13:09 <DIR> --d----- c:\docume~1\hank\applic~1\Malwarebytes
2009-02-04 13:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 13:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 02:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-03 23:16 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-03 23:16 208,744 a------- c:\windows\system32\muweb.dll
2009-02-03 23:16 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-03 19:45 4,680 a------- c:\windows\system32\OEMINFO.PNF
2009-02-03 13:38 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-02-03 13:37 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-02-03 13:36 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-02-03 13:35 409,600 -c------ c:\windows\system32\dllcache\qmgr.dll
2009-02-03 13:35 18,944 -c------ c:\windows\system32\dllcache\qmgrprxy.dll
2009-02-03 13:35 8,192 -c------ c:\windows\system32\dllcache\bitsprx2.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
2009-02-03 13:35 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-02-03 13:28 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-02-03 12:53 0 a------- c:\windows\system32\winconf32.ini
2009-02-03 12:53 11,776 ---sh--- c:\program files\expdebug.exe

==================== Find3M ====================

2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-11-02 02:47 49 a------- c:\program files\Xnews.ini
2008-10-14 16:08 139,072 a------- c:\docume~1\hank\applic~1\GDIPFONTCACHEV1.DAT
2008-03-11 15:56 60,968 a------- c:\documents and settings\hank\GoToAssistDownloadHelper.exe
2004-02-02 16:40 560 a------- c:\documents and settings\hank\PCDOC.BAT
2002-04-25 07:38 1,255,936 a------- c:\program files\Xnews.exe
2009-08-16 16:14 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2005-07-14 14:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 21:13:55.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:15 PM

Posted 19 February 2009 - 01:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 19 February 2009 - 09:02 PM

Thank you for the response.
I'm sure you guys are busy.
and I thank you for volunteering to help.
My situation has not changed.
Here is the new DDS log file.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Hank at 20:47:02.98 on Thu 02/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.374 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Palm\Hotsync.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Hank\My Documents\Comp virus removal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://email.jostens.com/exchweb/bin/auth/...ge&reason=0
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\docume~1\hank\startm~1\programs\startup\palmon~1.lnk - c:\palm\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.5582407407
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hank\applic~1\mozilla\firefox\profiles\ax89rgx3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R3 SQTECH930B;Motion Track Webcam;c:\windows\system32\drivers\Capt930b.sys [2007-1-4 376374]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2003-12-13 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2003-12-13 17700]
S2 mrtRate;mrtRate; [x]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2003-12-13 76260]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2006-8-4 17976]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2007-1-1 136352]

=============== Created Last 30 ================

2009-02-18 03:06 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-02-04 15:32 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-04 13:09 <DIR> --d----- c:\docume~1\hank\applic~1\Malwarebytes
2009-02-04 13:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 13:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 02:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-03 23:16 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-03 23:16 208,744 a------- c:\windows\system32\muweb.dll
2009-02-03 23:16 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-03 19:45 4,680 a------- c:\windows\system32\OEMINFO.PNF
2009-02-03 13:38 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-02-03 13:37 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-02-03 13:36 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-02-03 13:35 409,600 -c------ c:\windows\system32\dllcache\qmgr.dll
2009-02-03 13:35 18,944 -c------ c:\windows\system32\dllcache\qmgrprxy.dll
2009-02-03 13:35 8,192 -c------ c:\windows\system32\dllcache\bitsprx2.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
2009-02-03 13:35 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-02-03 13:28 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-02-03 12:53 0 a------- c:\windows\system32\winconf32.ini
2009-02-03 12:53 11,776 ---sh--- c:\program files\expdebug.exe

==================== Find3M ====================

2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-02 02:47 49 a------- c:\program files\Xnews.ini
2008-10-14 16:08 139,072 a------- c:\docume~1\hank\applic~1\GDIPFONTCACHEV1.DAT
2008-03-11 15:56 60,968 a------- c:\documents and settings\hank\GoToAssistDownloadHelper.exe
2004-02-02 16:40 560 a------- c:\documents and settings\hank\PCDOC.BAT
2002-04-25 07:38 1,255,936 a------- c:\program files\Xnews.exe
2009-08-16 16:14 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2005-07-14 14:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 20:48:00.50 ===============

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 20 February 2009 - 04:13 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Post back with:
-Combofix log
-GMER log
-New Hijackthis log
-Description of any problem you still have


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 22 February 2009 - 09:06 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 23 February 2009 - 09:04 AM

I'm still here.
I had a little problem saving the logfile from Gmer.
I'm going to try it another way and hopefully I should be able to post everything you needed later today.
Alex

#7 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 23 February 2009 - 02:44 PM

Here are the files.
The computer seems to be running a little faster but not yet up to usual speed.
Also the links from my emails and other things open up to blank pages.
There is nothing in the address box.
I have to cut and paste them to make them work.
Lastly, my time is now in military form.

I will be out of town till Friday but I will be getting my emails.
It will just be the weekend before I get to put your instructions to use.
Thanks
Alex

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 23 February 2009 - 03:52 PM

Hello again.

2 things I need you to answer and post back with...

1) Who told you to run Combofix with CFScript? I told you to run Combofix by double-clicking on it. Please let me know why.
2) Are you recieving help elsewhere? Combofix was ran 5 times and you used CFScript... I would like an explanation in your next reply. If you are we need to close this topic.
3) Next time don't attach the logs please.

Please answer my questions in your next reply.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 23 February 2009 - 10:00 PM

Extreamboy
Please believe me. No one else is helping me.
I wouldn't know where another site is.
I used this site a year or two ago and left the bookmark in case I needed you again/
I'm not even sure what you are referring to about Combofix.
I'm pretty sure I downloaded Combofix from your site.
The only thing I can think of is I might have also had the copy I downloaded the time before
and I used that in stead.
I pretty much computer challenged.
I did run Combo fix a couple of times both times you've asked for it,
because I keep screwing up and not saving the log correctly.
That's what happened to Gmer also.
I swear I waited patiently for your help to start and I hope you will see my problem through.
Please tell me how to do it correctly and I will follow you instructions to the letter.
Remember, I am going to be away from my computer until the weekend so give me time to follow your instructions
and sent you everything you need.
Honestly
Alex

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 24 February 2009 - 05:11 PM

Hello

I believe you. However, that Combofix log file was not the one I was expecting and due to the number of times Combofix was ran it probably removed alot of things already.

I seems you have recieved help a couple of years ago: http://www.techsupportforum.com/security-c...tml#post1203997

Anyways, that doesn't matter since this is another issue.

What seems to be the problem still? Your log looks okay. A few things we can deal with as well.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.jostens.com/exchweb/bin/auth/...://email.josten s.com/exchange&reason=0
    O23 - Service: Sysa40uurdgm - Symantec Corporation - (no file)


    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Update Windows Installation

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Was there any problems while doing any of the updates, if there was any updates please specify in your next reply.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

POst back with a new pair of DDS logs as well and tell me what problems you have still.

WithR egards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 24 February 2009 - 05:57 PM

Hi Extreamboy
When I get home this weekend I will follow your instructions.
I write you back then.
The Hijack this program I have is left from my old problem.
Do you want me to download a new one.
Take care
Alex

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 24 February 2009 - 06:02 PM

Hello.

That's fine. Thanks for letting me know.

Do you want me to download a new one.

Do you mean download and install a new version of Hijackthis? If so, then No. I do not need to see a Hijackthis log because the DDS log already shows a Hijackthis log basically. However, if the current version does not work and cannot operate properly then Yes, I would like you to download a new one and install it to remove those 2 entries I specified in my previous post.

Post the results once you get back :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 26 February 2009 - 04:40 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 02 March 2009 - 01:01 PM

Hello.

Topic re-opened upon user's request.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Alexlonebear

Alexlonebear
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 02 March 2009 - 01:24 PM

Hi Extreamboy
Thanks for taking care of the problem.
I am still having the following problems.
-Processes, like deleting files are very slow.
-The filtering in my Eudora mail program is very slow.
-Links within pages and emails do not work. (I have to cut and paste them)
-Sometimes the computer will just about stop doing anything and when I look at "Task Manager"
under the performance tab, it is running at 100 percent with the Explorer process being the only one running.
It just dawned on me that several but not all my problems have to do with my email and Eudora v7.1.0.9
Thought that might help.
Here are the logs you need I hope.
Alex



DDS (Ver_09-02-01.01) - NTFSx86
Run by Hank at 11:39:38.93 on 2009-03-02
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.298 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Palm\Hotsync.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Hank\My Documents\Comp virus removal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\docume~1\hank\startm~1\programs\startup\palmon~1.lnk - c:\palm\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\Hotsync.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.5582407407
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hank\applic~1\mozilla\firefox\profiles\ax89rgx3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R3 SQTECH930B;Motion Track Webcam;c:\windows\system32\drivers\Capt930b.sys [2007-1-4 376374]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2003-12-13 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2003-12-13 17700]
S2 mrtRate;mrtRate; [x]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2003-12-13 76260]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2006-8-4 17976]
S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\Nuvision.sys [2007-1-1 136352]
S3 Sysa40uurdgm;Sysa40uurdgm; [x]

=============== Created Last 30 ================

2009-02-26 23:46 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-02-21 22:45 754 a------- c:\windows\WORDPAD.INI
2009-02-21 22:10 345 a------- c:\windows\gmer.ini
2009-02-21 22:09 <DIR> --d----- C:\gmer
2009-02-21 21:52 <DIR> --d----- C:\ComboFix
2009-02-21 21:52 388,608 a------- c:\windows\system32\CF4015.exe
2009-02-21 21:48 <DIR> --d----- C:\cmdcons
2009-02-21 21:45 161,792 a------- c:\windows\SWREG.exe
2009-02-21 21:45 98,816 a------- c:\windows\sed.exe
2009-02-20 11:51 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-02-20 11:51 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-02-20 11:51 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-02-20 11:50 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-04 15:32 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-04 13:09 <DIR> --d----- c:\docume~1\hank\applic~1\Malwarebytes
2009-02-04 13:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-04 13:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 13:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 02:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-03 23:16 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-03 23:16 208,744 a------- c:\windows\system32\muweb.dll
2009-02-03 23:16 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-03 19:45 4,680 a------- c:\windows\system32\OEMINFO.PNF
2009-02-03 13:38 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-02-03 13:37 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-02-03 13:36 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-02-03 13:35 409,600 -c------ c:\windows\system32\dllcache\qmgr.dll
2009-02-03 13:35 18,944 -c------ c:\windows\system32\dllcache\qmgrprxy.dll
2009-02-03 13:35 8,192 -c------ c:\windows\system32\dllcache\bitsprx2.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
2009-02-03 13:35 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
2009-02-03 13:35 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-02-03 13:28 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-02-03 12:53 0 a------- c:\windows\system32\winconf32.ini
2009-02-03 12:53 11,776 ---sh--- c:\program files\expdebug.exe

==================== Find3M ====================

2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-02 02:47 49 a------- c:\program files\Xnews.ini
2008-10-14 16:08 139,072 a------- c:\docume~1\hank\applic~1\GDIPFONTCACHEV1.DAT
2008-03-11 15:56 60,968 a------- c:\documents and settings\hank\GoToAssistDownloadHelper.exe
2004-02-02 16:40 560 a------- c:\documents and settings\hank\PCDOC.BAT
2002-04-25 07:38 1,255,936 a------- c:\program files\Xnews.exe
2009-08-16 16:14 1,537 a--sh--- c:\windows\page files\maxmeg.sys
2005-07-14 14:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 11:40:40.48 ===============


Monday, March 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 01, 2009 04:34:33
Records in database: 1857648
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 382970
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:08:59

No malware has been detected. The scan area is clean.
The selected area was scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users