Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
16 replies to this topic

#1 siafu

siafu

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 February 2009 - 07:57 PM

Hello.

I read your tutorial on how to get this log generated, hope I did it correctly. This is my first time doing this, so please accept my apologies if this is not properly submitted.


My computer was working fine, till I made the mistake to do some registry changes, with a program called CCleaner.

I don't know if that program screwed my internet connection or a virus, or a combination of both. I can connect to the internet if I log into xp in safemode, but in regular boot, can't connect. My local area connection is on and off, usually if I start IE or firefox, the setting reset to zero, like connection speed, and duration in My Local area connection window reset, but the status connect is always on.

Below is my log, hope you will be able to distinguish what is wrong. Please let me know what I can do to get this working again. Thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:50 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.138.129.22:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: (no name) - {EE6572D1-5720-3FBB-9CD8-DA116C86693A} - (no file)
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (from ACER-BDCE8B5B12)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P53 "EPSON Stylus Photo R200 Series (from ACER-BDCE8B5B12)" /O5 "TS005" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on ACER-BDCE8B5B12] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on ACER-BDCE8B5B12" /O25 "\\ACER-BDCE8B5B12\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on DVSTORM2M (from ACER-BDCE8B5B12)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P71 "Auto EPSON Stylus Photo R200 Series on DVSTORM2M (from ACER-BDCE8B5B12)" /O5 "TS003" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [LaCie EDBrowser Startup] C:\Program Files\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] C:\Program Files\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://172.16.226.239:81/jpgview.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Active Wall (ActiveWall) - Unknown owner - C:\Program Files\AWall\AWall.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10742 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:12 AM

Posted 25 February 2009 - 07:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 28 February 2009 - 09:28 PM

Hello R, K, and thank you for the post.

Please see below the results after the DDS scan. Also, attached is the zip file called attache.zip as per the instructions after the scan.

Again, thank you very much for taking the time to help me out with this issue, greatly appreciate your time and efforts.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Marcel at 18:17:03.92 on Sat 02/28/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.662 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 208.138.129.22:80
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EE6572D1-5720-3FBB-9CD8-DA116C86693A} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DynDNS Updater] "c:\program files\dyndns updater\DynDNS.exe"
uRun: [LaCie EDBrowser Startup] c:\program files\lacie\ethernet agent\LaCie Ethernet Agent.exe
uRun: [GreedyTorrent] "c:\program files\greedytorrent\GTor.exe" -tray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LaCie Ethernet Agent Startup] c:\program files\lacie\ethernet agent\LaCie Ethernet Agent.exe
mRun: [Matrox PowerDesk 8] c:\windows\system32\powerdesk8\Matrox.PowerDesk.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [EPSON Stylus Photo R200 Series (from ACER-BDCE8B5B12)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P53 "EPSON Stylus Photo R200 Series (from ACER-BDCE8B5B12)" /O5 "TS005" /M "Stylus Photo R200"
mRun: [Auto EPSON Stylus Photo R200 Series on ACER-BDCE8B5B12] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p54 "auto epson stylus photo r200 series on acer-bdce8b5b12" /o25 "\\acer-bdce8b5b12\Printer" /M "Stylus Photo R200"
mRun: [emMON] emMON.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Auto EPSON Stylus Photo R200 Series on DVSTORM2M (from ACER-BDCE8B5B12)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P71 "Auto EPSON Stylus Photo R200 Series on DVSTORM2M (from ACER-BDCE8B5B12)" /O5 "TS003" /M "Stylus Photo R200"
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [NexusServer] "c:\program files\common files\grass valley\procoder 3\kernel\PNXSERVR.exe" -SelfLaunch
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\docume~1\marcel\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\marcel\startm~1\programs\startup\hddlife.lnk - c:\program files\binarysense\hddlife 3\HDDlifePro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\www.msi
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://tw.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} - hxxp://172.16.226.239:81/jpgview.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marcel\applic~1\mozilla\firefox\profiles\e10swy92.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2006-10-20 70656]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-6 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-3 114768]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-2-13 3968]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-1-10 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-1-10 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-4-8 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-23 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-8-23 47640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Capture;Active Capture Driver;c:\windows\system32\drivers\capture.sys [2008-3-3 19200]
R3 MTXPARH;MTXPARH;c:\windows\system32\drivers\MTXPARHM.sys [2004-12-4 470272]
R3 stmkrnl;stmkrnl;c:\windows\system32\drivers\stmkrnl.sys [2004-12-4 195288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 ActiveWall;Active Wall;"c:\program files\awall\awall.exe" --> c:\program files\awall\AWall.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-4-8 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-4-8 352920]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\msi\digicell\ntglm7x.sys --> c:\program files\msi\digicell\NTGLM7X.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\drivers\flashsys.sys --> c:\windows\system32\drivers\FLASHSYS.sys [?]
S3 HwIOctl;HwIOctl;\??\c:\program files\setup files\ms-6788 v6.20\hwioctl.sys --> c:\program files\setup files\ms-6788 v6.20\HwIOctl.sys [?]
S3 Memctl;Memctl;\??\c:\program files\setup files\ms-6788 v6.20\memctl.sys --> c:\program files\setup files\ms-6788 v6.20\Memctl.sys [?]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2009-2-13 28672]
S3 UDST7020BDA;DTV-DVB UDST7020BDA DVB-S Receiver;c:\windows\system32\drivers\UDST7020Bda.sys [2006-7-3 44160]
S3 UDST7021HID;UDST7021HID - HID Driver;c:\windows\system32\drivers\UDST7021HID.sys [2006-7-3 15104]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\ntaccess.sys --> c:\windows\system32\NTACCESS.SYS [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-02-14 02:30 <DIR> --d----- C:\DVD_VIDEO
2009-02-13 22:53 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys
2009-02-13 21:17 28,672 a------- c:\windows\system32\drivers\RKHit.sys
2009-02-13 20:58 <DIR> --d----- c:\docume~1\marcel\applic~1\Uniblue
2009-02-13 20:57 <DIR> --d----- c:\program files\Uniblue
2009-02-13 20:23 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-13 18:44 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-02-13 18:41 250 a------- c:\windows\gmer.ini
2009-02-12 17:50 <DIR> --d----- c:\program files\LaCie
2009-02-12 15:53 217,127 a------- c:\windows\system32\drv43260.dll
2009-02-12 15:53 208,935 a------- c:\windows\system32\drv33260.dll
2009-02-12 15:53 176,165 a------- c:\windows\system32\drv23260.dll
2009-02-12 15:53 102,439 a------- c:\windows\system32\sipr3260.dll
2009-02-12 15:53 65,602 a------- c:\windows\system32\cook3260.dll
2009-02-12 15:53 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-02-12 15:53 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-02-10 01:09 <DIR> --d----- c:\program files\Trend Micro
2009-02-09 19:37 10,872 a------- c:\windows\system32\drivers\AvgAsCln.sys
2009-02-09 19:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-02-09 01:27 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-09 01:25 <DIR> --d----- C:\c5d7635e465c16243ecb20c917d8
2009-02-09 01:14 <DIR> --d----- C:\ERDNTsafe
2009-02-09 00:28 <DIR> --d----- c:\program files\MSXML 6.0
2009-02-09 00:16 0 a------- c:\windows\system32\SBRC.dat
2009-02-09 00:14 69,168 a------- c:\windows\system32\drivers\sbapifs.sys
2009-02-09 00:14 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-02-09 00:12 <DIR> --d----- c:\docume~1\marcel\applic~1\Sunbelt
2009-02-09 00:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-02-09 00:11 <DIR> --d----- c:\program files\Sunbelt Software
2009-02-08 22:45 608,448 a------- c:\windows\system32\COMCTL32.OCX
2009-02-08 22:43 <DIR> --d----- c:\program files\ACW
2009-02-08 21:00 6,962 a------- C:\resetlog.text
2009-02-08 17:59 1,287,168 -------- c:\windows\system32\SET6E.tmp
2009-02-08 17:57 19,569 a------- c:\windows\005134_.tmp
2009-02-08 17:42 <DIR> --d----- C:\67fe28e337a8eb4ead16edb621edddc9
2009-02-08 16:39 5,846 a------- c:\windows\system32\spupdsvc.inf
2009-02-08 16:33 12,800 -------- c:\windows\system32\credssp.dll
2009-02-08 16:29 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-08 16:29 95,744 a------- c:\windows\system32\SET5A2.tmp
2009-02-08 16:29 471,552 a------- c:\windows\system32\SET59C.tmp
2009-02-08 16:27 45,568 a------- c:\windows\system32\SET38D.tmp
2009-02-08 16:26 27,648 a------- c:\windows\system32\SET237.tmp
2009-02-08 16:25 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
2009-02-08 16:22 19,569 a------- c:\windows\003393_.tmp
2009-02-08 16:22 1,374 a------- c:\windows\imsins.BAK
2009-02-08 16:08 <DIR> --d----- C:\0ac2083fcf3268e995db59
2009-02-08 15:52 331,805,736 a------- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2009-02-08 13:54 <DIR> --d----- c:\docume~1\marcel\applic~1\Xilisoft Corporation
2009-02-08 13:44 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-02-08 13:44 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-02-08 13:43 <DIR> --d----- c:\program files\Xilisoft
2009-02-07 18:37 664 a------- c:\windows\system32\d3d9caps.dat
2009-02-07 14:35 <DIR> --d----- c:\program files\CCleaner
2009-02-07 13:58 217 a------- c:\windows\wininit.ini
2009-02-07 11:14 <DIR> --d----- c:\docume~1\marcel\applic~1\Malwarebytes
2009-02-07 11:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 11:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 11:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-06 23:27 <DIR> --d----- C:\My Document
2009-02-06 21:07 <DIR> --d----- c:\program files\AC3Filter
2009-02-06 20:39 91,136 a------- c:\windows\system32\xa1679375.exe
2009-02-06 20:39 91,136 a------- c:\windows\system32\xa1679171.exe
2009-02-06 20:30 <DIR> --d----- c:\program files\VSO
2009-02-06 20:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-06 20:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-06 20:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 20:07 <DIR> --d----- c:\program files\Lavasoft
2009-02-06 19:04 91,136 a------- c:\windows\system32\xa728468.exe
2009-02-06 19:04 91,136 a------- c:\windows\system32\xa728281.exe
2009-02-06 18:01 <DIR> --d----- c:\windows\system32\DefaultDirName
2009-02-06 18:00 91,136 a------- c:\windows\system32\xa3721640.exe
2009-02-06 18:00 91,136 a------- c:\windows\system32\xa3721437.exe
2009-02-05 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-02-05 21:11 768 a------- c:\windows\system32\d3d8caps.dat
2009-02-05 17:56 <DIR> --dsh--- c:\documents and settings\marcel\IECompatCache
2009-02-05 17:54 <DIR> --dsh--- c:\documents and settings\marcel\PrivacIE
2009-02-05 17:54 <DIR> --dsh--- c:\documents and settings\marcel\IETldCache
2009-02-05 11:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grass Valley
2009-02-05 11:22 <DIR> --d----- c:\windows\ie8updates
2009-02-05 11:18 <DIR> -cd-h--- c:\windows\ie8
2009-02-05 11:15 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-02-05 11:11 8,405,015 a------- c:\windows\TempFile
2009-02-05 11:11 685,056 a------- c:\windows\system32\drivers\hardlock.sys
2009-02-05 11:10 258,048 a------- c:\windows\system32\cllccodc.dll
2009-02-05 11:10 122,961 a------- c:\windows\system32\csellc.dll
2009-02-05 11:10 69,632 a------- c:\windows\system32\cuvccodc.dll
2009-02-05 11:10 69,632 a------- c:\windows\system32\cdv5codc.dll
2009-02-05 11:10 835,665 a------- c:\windows\system32\cseuvec.dll
2009-02-05 11:10 671,815 a------- c:\windows\system32\csehqa.dll
2009-02-05 11:10 65,536 a------- c:\windows\system32\cdvhcodc.dll
2009-02-05 11:09 909,312 a----r-- c:\windows\system32\pavplal.dll
2009-02-05 11:09 2,560 a------- c:\windows\system32\pavedius.dll
2009-02-05 11:09 <DIR> --d----- c:\program files\common files\Snell & Wilcox Shared
2009-02-05 11:09 84,992 a------- c:\windows\csejpeg.dll
2009-02-05 11:09 3,072 a------- c:\windows\hasp_windows.dll
2009-02-05 11:08 380,928 a------- c:\windows\system32\palm2.ax
2009-02-05 11:08 188,482 a----r-- c:\windows\system32\helixprodctrl.dll
2009-02-05 11:08 864,338 a------- c:\windows\system32\csempeg3.dll
2009-02-05 11:08 1,085,520 a------- c:\windows\system32\csedvh.dll
2009-02-05 11:08 <DIR> --d----- c:\program files\Grass Valley
2009-02-05 11:08 <DIR> --d----- c:\program files\common files\Grass Valley
2009-02-03 19:37 87,608 a------- c:\docume~1\marcel\applic~1\inst.exe
2009-02-03 19:37 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-03 19:37 47,360 a------- c:\docume~1\marcel\applic~1\pcouffin.sys
2009-02-03 17:39 <DIR> --d----- C:\Downloads
2009-02-03 17:25 <DIR> --d----- c:\program files\GreedyTorrent
2009-02-03 17:22 <DIR> --d----- c:\program files\uTorrent
2009-02-03 17:22 <DIR> --d----- c:\docume~1\marcel\applic~1\uTorrent

==================== Find3M ====================

2009-02-08 16:37 170,914 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-08 16:36 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-20 01:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2006-12-07 15:50 317 a------- c:\program files\INSTALL.LOG
2005-01-08 11:23 8 -c-shr-- c:\windows\system32\53CA4C5F68.sys
2008-10-08 02:13 5,172 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2005-04-23 01:31 979 -c-sh--- c:\windows\system32\msisk81.dat

============= FINISH: 18:18:05.14 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:12 AM

Posted 28 February 2009 - 10:38 PM

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Now onto trying to fix your computer.

Download WinSockFix from here or here.

Backing up the Registry

1. Double click on WinsockXPFix.exe to open.
2. On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
3. On the ERDNT Welcome screen, click "OK".
4. On the Backup to: screen, click "OK".
5. On the Folder does not exist question screen click "Yes".
6. You will see a status screen as your registry is being backed up.
7. On the Registry backup is complete! screen, click "OK" and you will go back to the main window.

Resetting the Winsock Stack

1. On the Winsock and TCP Repair Utility screen, click "Fix".
2. On the Apply the VB_Winsock fix? screen click "Yes".
3. The screen will display a status message "repair completed please reboot."
4. On the Repair Completed screen click "OK" to reboot your computer.
5. If your computer was not using DHCP, you will need to reconfigure TCP/IP.
6. You should have connectivity restored.

Winsock Repair Tutorial| Tutorial with graphics


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 07:30 PM

Hello Hoov, and thank you for taking the time to help me with my computer problems, I greatly appreciate your time.

I have ran several spyware/mulware programs, some found objects others did not, honestly I ran several that I can't even remember.

I have ran WinSockFix before, I found information on the net, not by suggestion from other posts directly to me. You are the only place where I asked for help after many attempts to remedy the issue myself, but unfortunately all unsuccessful. WinSockFix did not fix my problem earlier or even now. I ran this, everything appeared normal, but internet connectivity did not resume after the required reboot after running WinSockFix.

Some connectivity does excist, such as when I did the update fro Malwarebytes as per your request, but when I try to open a web browser IE or Firefox, there is no connectivity. IE and Firefox do work while in safe mode. So there is some sort of internet connectivity, like when I use utorrent, it works most of the time.


I tried to go to the two links on how to repair winsock "Winsock Repair Tutorial| Tutorial with graphics", but both links are no longer available. (I used of course a different computer that does have internet connection, but still the links do not appear to be there anymore, actually on of them says they no longer support this)

Below is the log information from Malwarebytes, after the scan. I followed your instructions and immediately reboot the computer after it listed 4 objects found and asked the program to remove them all.

Not sure what else we can try, but please let me know and I will try them.

Thank you again.


Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2

3/1/2009 4:09:24 PM
mbam-log-2009-03-01 (16-09-24).txt

Scan type: Quick Scan
Objects scanned: 72427
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\RKHit.sys (Rogue.SpywareCease) -> Quarantined and deleted successfully.

#6 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 07:31 PM

Hello Hoov, and thank you for taking the time to help me with my computer problems, I greatly appreciate your time.

I have ran several spyware/mulware programs, some found objects others did not, honestly I ran several that I can't even remember.

I have ran WinSockFix before, I found information on the net, not by suggestion from other posts directly to me. You are the only place where I asked for help after many attempts to remedy the issue myself, but unfortunately all unsuccessful. WinSockFix did not fix my problem earlier or even now. I ran this, everything appeared normal, but internet connectivity did not resume after the required reboot after running WinSockFix.

Some connectivity does excist, such as when I did the update fro Malwarebytes as per your request, but when I try to open a web browser IE or Firefox, there is no connectivity. IE and Firefox do work while in safe mode. So there is some sort of internet connectivity, like when I use utorrent, it works most of the time.


I tried to go to the two links on how to repair winsock "Winsock Repair Tutorial| Tutorial with graphics", but both links are no longer available. (I used of course a different computer that does have internet connection, but still the links do not appear to be there anymore, actually on of them says they no longer support this)

Below is the log information from Malwarebytes, after the scan. I followed your instructions and immediately reboot the computer after it listed 4 objects found and asked the program to remove them all.

Not sure what else we can try, but please let me know and I will try them.

Thank you again.


Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2

3/1/2009 4:09:24 PM
mbam-log-2009-03-01 (16-09-24).txt

Scan type: Quick Scan
Objects scanned: 72427
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkhit (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\RKHit.sys (Rogue.SpywareCease) -> Quarantined and deleted successfully.

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:12 AM

Posted 01 March 2009 - 08:48 PM

Ok try this,

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

The Reset Internet Explorer Settings feature restores the following items to their default settings:

* Home pages
* Search scopes
* Browsing history
* Form data
* Passwords
* Appearance settings
* Toolbars
* ActiveX controls

Additionally, the Reset Internet Explorer Settings feature disables all add-ins. However, it does not remove the add-ins.

Download and scan with Spybot S&D 1.6.0
http://www.safer-networking.org/en/download/index.html

1. Install Spybot. Be sure to UNCHECK TeaTimer when presented with the option to install.
2. Run Spybot, go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
3. Click the button "Search for Updates".
4. If any updates are found, install them by placing a checkmark next to each one and clicking "Download Updates".If you encounter any error messages while downloading the updates, manually download them from here.
5. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
6. Click the button "Check for Problems".
7. When Spybot is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
8. Make certain there is a check mark beside all of the RED entries ONLY.
9. Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
10. REBOOT to complete the scan and clear memory.

Note: After Windows loads, Spybot may run again to clean some files that it could not clean during the prior session. Follow the same procedure.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 09:16 PM

Hello Hoov.

I followed your instructions, but unfortunately Internet explorer or Firefox can't connect to the internet.

One thing, I should mention.

When I try to run IE or Firefox, the LOCAL AREA CONNECTION settings reset to ZERO. After a while they come back and again u torrent is able to download. This happens automatically.

What else can we try?

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:12 AM

Posted 01 March 2009 - 09:25 PM

Did Spybot find anything?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 09:59 PM

Hello Hoov.

Yes, found 4 objects, see attached image, I don't see a section where to save the log, so I captured scree shot.

Also see attached a screen shot of the local Area connection, as it indicates Zero time and speed. But it says it is connected, but IE does not work.

Attached Files



#11 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 10:03 PM

Sorry, the second image did not load in the previous reply.

Here it is.

Attached Files



#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:12 AM

Posted 01 March 2009 - 10:33 PM

OK, in the Local Area Connection Status click the support tab, then the click the details button, and then do another screenshot.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 01 March 2009 - 11:16 PM

Here it is.

Attached Files



#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:12 AM

Posted 01 March 2009 - 11:54 PM

OK, its an indication problem because the connection details are good. By the way, when you post screenshots, it is polite to trim them down to what is needed. That way people with slow connections can get the pics.

With the problems you are talking about, plus the scans that have already run, plus the software that you have running, chances are not real good that something nasty got past you. So I am going to go the other direction. I think you have a problem with your drivers. So go to the control panel and open the system control panel and go to the device manager and then scroll down to the network devices. Right click on the network device you are using, and select uninstall. Once it is uninstalled, reboot your computer. When it starts up it should detect the "new" network card and reinstall the proper drivers. You will more than likely have to reinstall your internet connection, so make sure you know how to set it up before deleting the network device. Your ISP should have given you the settings, some instructions, or a CD to setup your connection.

If that doesn't work, download Netstat Live and use it to monitor your traffic in and out of your computer, and compare it to what the Local Area Connection Status is telling you. Tell me which one is working and which one isn't.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 siafu

siafu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 02 March 2009 - 01:12 AM

Hello Hoov.

Sorry about that, didn't have the program to crop images in that computer.

I have cropped them now.

I have uninstalled my network card from the device manager, then rebooted, but everything is the same.

I installed the program you said, and trafic is active both up and down acording to the program. Windows local area conection window sometimes shows trafic and sometimes it just resets to zero as to my precious screen capture.

When I opened IE, I get the page with an option to check connection, as you can see from the attached. After doing this, rebooted, but still not working.

What else should we try?

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users