Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Save the Children Charity Org Scammed for Almost $1 Million

Featured Deal: Get 91% off The ReactJS Programming Bootcamp Deal

Photo

Something is Writing to My DISK!?!?!?

Started by kymberly , Mar 02 2009 01:49 AM

  • This topic is locked This topic is locked
5 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
    •  
  • Local time:11:08 AM

Posted 02 March 2009 - 01:49 AM

I have been plagqued with trojans, virus scripts and you name it I got or had it. I am not sure how I keep getting trojan or trojan(S). But I have the proper tools to prevent it. Now the issue is if the trojans, or spyware is by passing all of this. My firewall which is Commdo is just at is breaking point here. I constantly keep getting alerts which I think is a good thing but it scarces me some what. Rthdvcpl.exe is accessing the screen directly which allows an applicatio to draw custom bits, but also allows them to capture what appears on the screen (take screen shots), the other was OSD.exe is tryn to install global hook to inject an exexutable into the applications for various purposes., such as keyloggers, (which I believe are hidden on my computer) screen catpuring or controlling a legimate applications. I block access to all of these. Then after blocking here the good part OSD.exe is trying to access the keyboard directly. I am in safe mode with networking is the only way to get things done here. I have reports. PLEEEEEEEEEEEEEEEEEEEEEEase HELP!!
a-squared Anti-Malware - Version 4.0
Last update: 2/14/2009 7:15:05 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 2/14/2009 7:27:40 PM

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Sony Pictures Games\JEOPARDY! --> PID detected: Trace.Registry.JEOPARDY!!A2
C:\Program Files\PC-Doctor 5 for Windows\pcdrmodem.p5x detected: Heuristic.Dialer.RAS!A2

Scanned

Files: 137186
Traces: 323142
Cookies: 1
Processes: 18

Found

Files: 1
Traces: 1
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 2/14/2009 8:34:31 PM
Scan time: 1:06:51

C:\Program Files\PC-Doctor 5 for Windows\pcdrmodem.p5x Quarantined Heuristic.Dialer.RAS!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Sony Pictures Games\JEOPARDY! --> PID Quarantined Trace.Registry.JEOPARDY!!A2

Quarantined

Files: 1
Traces: 1
Cookies: 0

BC AdBot (Login to Remove)

 

#2 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
    •  
  • Local time:11:08 AM

Posted 02 March 2009 - 01:54 AM

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by 6 million dollar ba at 15:18:42.43 on Sun 02/15/2009
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1210 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\honor student\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R3 netr73;Amigo RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-2-8 255488]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-15 14:58 <DIR> --d----- C:\ComboFix
2009-02-15 14:43 161,792 a------- c:\windows\SWREG.exe
2009-02-15 14:43 98,816 a------- c:\windows\sed.exe
2009-02-15 14:36 <DIR> --d----- c:\programdata\Avira
2009-02-15 14:36 <DIR> --d----- c:\program files\Avira
2009-02-15 14:36 <DIR> --d----- c:\progra~2\Avira
2009-02-15 14:30 <DIR> --d----- c:\program files\Avira GmbH
2009-02-14 22:37 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-02-14 22:37 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-02-14 22:37 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-02-14 22:35 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-02-14 22:33 441,856 a------- c:\windows\system32\win32spl.dll
2009-02-14 22:33 37,376 a------- c:\windows\system32\printcom.dll
2009-02-14 22:31 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-02-14 22:31 14,848 a------- c:\windows\system32\wshrm.dll
2009-02-14 22:27 11,776 a------- c:\windows\system32\sbunattend.exe
2009-02-14 22:25 558,080 a------- c:\windows\system32\oleaut32.dll
2009-02-14 22:24 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-02-14 22:23 84,480 a------- c:\windows\system32\dnsrslvr.dll
2009-02-14 22:23 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-02-14 22:17 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-14 22:17 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-14 22:17 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-14 22:17 11,264 a------- c:\windows\system32\icardres.dll
2009-02-14 22:17 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-14 22:17 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-14 22:17 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-14 22:17 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-14 22:13 <DIR> --d----- c:\users\6milli~1\appdata\roaming\PeerNetworking
2009-02-14 21:51 18,153,472 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-02-14 21:51 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-14 21:51 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-14 21:51 <DIR> --d----- c:\program files\CCleaner
2009-02-14 21:48 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-14 21:48 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-14 21:48 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-14 21:48 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-14 21:48 83,968 a------- c:\windows\system32\mscories.dll
2009-02-14 21:30 2,855,424 a------- c:\windows\system32\mf.dll
2009-02-14 21:30 98,816 a------- c:\windows\system32\mfps.dll
2009-02-14 21:30 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-02-14 21:30 2,048 a------- c:\windows\system32\mferror.dll
2009-02-14 21:30 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-02-14 21:30 94,720 a------- c:\windows\system32\logagent.exe
2009-02-14 21:30 24,576 a------- c:\windows\system32\mfpmp.exe
2009-02-14 21:30 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-02-14 21:30 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-02-14 21:30 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-02-14 21:30 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-02-14 21:29 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-02-14 21:29 737,792 a------- c:\windows\system32\inetcomm.dll
2009-02-14 21:29 84,480 a------- c:\windows\system32\INETRES.dll
2009-02-14 21:29 1,645,568 a------- c:\windows\system32\connect.dll
2009-02-14 21:28 152,576 a------- c:\windows\system32\imagehlp.dll
2009-02-14 21:28 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-02-14 21:28 5,120 a------- c:\windows\system32\wmi.dll
2009-02-14 21:28 1,327,104 a------- c:\windows\system32\quartz.dll
2009-02-14 21:27 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-14 21:27 99,840 a------- c:\windows\system32\poqexec.exe
2009-02-14 21:26 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-14 21:26 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2009-02-14 21:26 2,026,496 a------- c:\windows\system32\win32k.sys
2009-02-14 21:26 633,856 a------- c:\windows\system32\user32.dll
2009-02-14 21:26 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-02-14 21:26 2,048 a------- c:\windows\system32\msxml6r.dll
2009-02-14 21:24 750,080 a------- c:\windows\system32\qmgr.dll
2009-02-14 18:48 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-02-14 18:36 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-02-14 18:36 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-02-14 18:36 <DIR> --d----- c:\users\6milli~1\appdata\roaming\SUPERAntiSpyware.com
2009-02-14 18:36 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-14 18:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-14 18:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-14 18:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 18:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 18:20 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-02-14 18:18 162,064 a------- c:\windows\system32\wuwebv.dll
2009-02-14 18:18 31,232 a------- c:\windows\system32\wuapp.exe
2009-02-14 15:29 <DIR> a-d----- c:\programdata\TEMP
2009-02-14 15:26 <DIR> --d----- c:\users\6milli~1\appdata\roaming\Malwarebytes
2009-02-14 15:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-14 15:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-14 14:04 <DIR> --d----- c:\users\6milli~1\appdata\roaming\FaxCtr
2009-02-14 13:55 <DIR> --d----- c:\program files\PhoTags Express
2009-02-14 13:51 <DIR> --d----- c:\program files\lx_cats
2009-02-14 13:49 344,064 a------- c:\windows\system32\lxcycoin.dll
2009-02-14 13:46 45,056 a------- c:\windows\system32\LXPRMON.DLL
2009-02-14 13:46 32,768 a------- c:\windows\system32\LXPMONUI.DLL
2009-02-14 13:46 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-02-14 13:46 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-02-14 13:46 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-02-14 13:46 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-02-14 13:46 12,288 a------- c:\windows\system32\LXPMONRC.DLL
2009-02-14 13:46 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-02-14 13:46 <DIR> --d----- c:\programdata\FaxCtr
2009-02-14 13:46 <DIR> --d----- c:\progra~2\FaxCtr
2009-02-14 13:46 <DIR> --d----- c:\programdata\Ezprint
2009-02-14 13:46 <DIR> --d----- c:\progra~2\Ezprint
2009-02-14 13:45 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-02-14 13:45 <DIR> --d----- c:\program files\Lexmark 3400 Series
2009-02-14 13:45 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-14 13:10 <DIR> --d----- c:\program files\COMODO
2009-02-14 12:47 <DIR> --d----- c:\program files\AVG
2009-02-14 12:20 <DIR> --d----- c:\windows\PCHEALTH
2009-02-08 22:47 1,840 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#090209_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2009-02-08 22:28 44 a------- c:\windows\system\hpsysdrv.dat
2009-02-08 22:27 <DIR> --d----- c:\users\6 million dollar ba
2009-02-08 21:01 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-02-08 20:57 <DIR> --d----- c:\windows\SMINST
2009-02-08 20:51 <DIR> --d----- c:\programdata\Symantec
2009-02-08 20:51 <DIR> --d----- c:\progra~2\Symantec
2009-02-08 20:50 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-08 20:49 <DIR> --d----- c:\program files\Yahoo!
2009-02-08 20:47 <DIR> --d----- c:\program files\Online Services
2009-02-08 20:47 <DIR> --d----- c:\program files\earthlink totalaccess
2009-02-08 20:45 <DIR> --d----- c:\programdata\PC-Doctor
2009-02-08 20:45 <DIR> --d----- c:\progra~2\PC-Doctor
2009-02-08 20:44 <DIR> --d----- c:\program files\PC-Doctor 5 for Windows
2009-02-08 20:43 <DIR> --d----- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-02-08 20:43 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-02-08 20:43 <DIR> --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-02-08 20:42 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-08 20:40 <DIR> --d----- c:\programdata\Microsoft Help
2009-02-08 20:38 <DIR> --d----- c:\programdata\Adobe
2009-02-08 20:37 <DIR> --d----- c:\program files\muvee Technologies
2009-02-08 20:37 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-02-08 20:37 <DIR> --d----- c:\programdata\muvee Technologies
2009-02-08 20:36 <DIR> --d----- c:\program files\common files\xing shared
2009-02-08 20:36 <DIR> --d----- c:\program files\common files\Real
2009-02-08 20:35 <DIR> --d----- c:\program files\Rhapsody
2009-02-08 20:34 <DIR> a-d----- c:\program files\common files\LS Getting Started
2009-02-08 20:34 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-02-08 20:33 <DIR> --d----- c:\programdata\Sonic
2009-02-08 20:33 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-08 20:32 <DIR> --d----- c:\programdata\Roxio
2009-02-08 20:32 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-02-08 20:32 <DIR> --d----- c:\program files\Roxio
2009-02-08 20:26 <DIR> --d----- c:\program files\common files\HP
2009-02-08 20:26 <DIR> --d----- c:\program files\HP
2009-02-08 20:25 103,521 a------- c:\windows\hpqins13.dat
2009-02-08 20:25 <DIR> --d----- c:\programdata\HP
2009-02-08 20:21 <DIR> --d----- c:\programdata\WildTangent
2009-02-08 20:21 <DIR> --d----- c:\program files\HP Games
2009-02-08 20:21 <DIR> --d----- c:\progra~2\WildTangent
2009-02-08 20:16 <DIR> --d----- c:\program files\Realtek
2009-02-08 20:14 3,620,864 a------- c:\windows\system32\nvvitvsr.dll
2009-02-08 20:13 414,208 a------- c:\windows\system32\msscp.dll
2009-02-08 20:13 146,944 a------- c:\windows\system32\MMDevAPI.dll
2009-02-08 20:11 135,680 a------- c:\windows\system32\wusa.exe
2009-02-08 20:11 974,336 a------- c:\windows\system32\crypt32.dll
2009-02-08 20:11 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-02-08 20:10 74,752 a------- c:\windows\system32\drivers\rasl2tp.sys
2009-02-08 20:10 60,928 a------- c:\windows\system32\drivers\raspptp.sys
2009-02-08 20:10 229,888 a------- c:\windows\system32\msshsq.dll
2009-02-08 20:09 292,352 a------- c:\windows\system32\psisdecd.dll
2009-02-08 20:09 218,624 a------- c:\windows\system32\psisrndr.ax
2009-02-08 20:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-08 20:09 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-02-08 20:09 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-02-08 20:08 223,744 a------- c:\windows\system32\drivers\usbport.sys
2009-02-08 20:08 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-02-08 20:08 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-08 20:08 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-02-08 20:08 19,456 a------- c:\windows\system32\drivers\usbohci.sys
2009-02-08 20:08 8,704 a------- c:\windows\system32\hccoin.dll
2009-02-08 20:08 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-02-08 20:07 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-02-08 20:07 61,440 -------- c:\windows\system32\OsdRemove.exe
2009-02-08 20:06 48,760 a------- c:\windows\system32\RUNCLOSE.OCX
2009-02-08 20:06 19,072 a------- c:\windows\system32\drivers\PS2.sys
2009-02-08 20:05 253,952 a------- c:\windows\system32\cPC_DMIRD.dll
2009-02-08 20:04 102,400 a------- c:\windows\system32\pywintypes24.dll
2009-02-08 20:04 327,680 a------- c:\windows\system32\pythoncom24.dll
2009-02-08 20:03 1,060,864 a------- c:\windows\system32\mfc71.dll
2009-02-08 20:03 348,160 a------- c:\windows\system32\msvcr71.dll
2009-02-08 20:03 <DIR> --dsh--- c:\windows\Installer
2009-02-08 19:56 <DIR> --d----- c:\program files\CONEXANT
2009-02-08 19:52 <DIR> --d-h--- C:\hp
2009-02-08 19:52 172,032 a------- c:\windows\system32\UCI32m15.dll
2009-02-08 19:52 94,208 a------- c:\windows\system32\mdmxsdk.dll
2009-02-08 19:52 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-02-08 19:52 255,488 a------- c:\windows\system32\drivers\netr73.sys
2009-02-08 19:51 352,768 a------- c:\windows\system32\idecoiins.dll
2009-02-08 19:51 352,768 a------- c:\windows\system32\idecoi.dll
2009-02-08 19:51 101,672 a------- c:\windows\system32\drivers\nvstor32.sys
2009-02-08 19:51 <DIR> --d----- c:\windows\system32\OEM
2009-02-08 19:51 <DIR> --d----- c:\windows\Panther
2009-02-08 19:51 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-02-08 19:51 438,840 a--shr-- C:\bootmgr
2009-02-08 19:51 <DIR> --dsh--- C:\Boot

==================== Find3M ====================

2009-02-15 14:11 174 a--sh--- c:\program files\desktop.ini
2009-02-14 22:01 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-14 22:01 51,200 a------- c:\windows\inf\infpub.dat
2009-02-14 22:01 86,016 a------- c:\windows\inf\infstor.dat
2009-02-08 20:18 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-08 20:16 319,456 a------- c:\windows\DIFxAPI.dll
2009-02-08 20:16 315,392 a------- c:\windows\HideWin.exe
2009-02-08 20:14 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-02-08 20:14 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-02-08 20:14 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-02-08 20:14 4,153,344 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-02-08 20:14 1,686,016 a------- c:\windows\system32\gameux.dll
2009-02-08 20:14 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-02-08 20:14 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-02-08 20:10 160,872 a------- c:\windows\system32\halmacpi.dll
2009-02-08 20:10 134,760 a------- c:\windows\system32\halacpi.dll
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:19:47.20 ===============

#3 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
    •  
  • Local time:11:08 AM

Posted 02 March 2009 - 01:56 AM

SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Moved.;
acssetup.exe\data008;C:\Program Files\Online Services\Aolca\comps\acs\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Online Services\Aolca\comps\acs;Archive contains infected objects;Moved.;
Setup.exe\data053;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;;
Setup.exe;C:\Program Files\Online Services\Netscape_ca;Archive contains infected objects;Moved.;
cakemania-setup.exe/data032\data002;D:\hp\apps\APP06254\src\install\games\cakemania-setup.exe/data032;Adware.SpywareStorm;;
data032;D:\hp\apps\APP06254\src\install\games;Archive contains infected objects;;
cakemania-setup.exe;D:\hp\apps\APP06254\src\install\games;Archive contains infected objects;Moved.;

This is a scan of Dr. Cure It.

#4 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
    •  
  • Local time:11:08 AM

Posted 02 March 2009 - 01:58 AM

ComboFix 09-02-15.01 - 6 million dollar ba 02/15/2009 14:43:16.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1400 [GMT -8:00]
Running from: c:\users\honor student\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 22:36 --------- d-----w c:\program files\Avira
2009-02-15 22:36 --------- d-----w c:\progra~2\Avira
2009-02-15 22:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 22:30 --------- d-----w c:\program files\Avira GmbH
2009-02-15 22:11 174 --sha-w c:\program files\desktop.ini
2009-02-15 22:05 --------- d-----w c:\program files\Windows Sidebar
2009-02-15 22:05 --------- d-----w c:\program files\Windows Mail
2009-02-15 22:01 --------- d-----w c:\program files\COMODO
2009-02-15 06:37 712,192 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-02-15 06:37 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-02-15 06:37 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-02-15 06:36 --------- d-----w c:\progra~2\Microsoft Help
2009-02-15 06:35 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-02-15 06:33 441,856 ----a-w c:\windows\System32\win32spl.dll
2009-02-15 06:33 37,376 ----a-w c:\windows\System32\printcom.dll
2009-02-15 06:31 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-02-15 06:31 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-02-15 06:27 11,776 ----a-w c:\windows\System32\sbunattend.exe
2009-02-15 06:25 558,080 ----a-w c:\windows\System32\oleaut32.dll
2009-02-15 06:24 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2009-02-15 06:23 84,480 ----a-w c:\windows\System32\dnsrslvr.dll
2009-02-15 06:23 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2009-02-15 06:17 97,800 ----a-w c:\windows\System32\infocardapi.dll
2009-02-15 06:17 781,344 ----a-w c:\windows\System32\PresentationNative_v0300.dll
2009-02-15 06:17 622,080 ----a-w c:\windows\System32\icardagt.exe
2009-02-15 06:17 43,544 ----a-w c:\windows\System32\PresentationHostProxy.dll
2009-02-15 06:17 326,160 ----a-w c:\windows\System32\PresentationHost.exe
2009-02-15 06:17 11,264 ----a-w c:\windows\System32\icardres.dll
2009-02-15 06:17 105,016 ----a-w c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 06:13 --------- d-----w c:\users\6MILLI~1\AppData\Roaming\PeerNetworking
2009-02-15 06:13 --------- d-----w c:\users\6 million dollar ba\AppData\Roaming\PeerNetworking
2009-02-15 05:51 --------- d-----w c:\program files\CCleaner
2009-02-15 05:48 96,760 ----a-w c:\windows\System32\dfshim.dll
2009-02-15 05:48 83,968 ----a-w c:\windows\System32\mscories.dll
2009-02-15 05:48 41,984 ----a-w c:\windows\System32\netfxperf.dll
2009-02-15 05:48 282,112 ----a-w c:\windows\System32\mscoree.dll
2009-02-15 05:48 158,720 ----a-w c:\windows\System32\mscorier.dll
2009-02-15 05:30 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-02-15 05:30 98,816 ----a-w c:\windows\System32\mfps.dll
2009-02-15 05:30 94,720 ----a-w c:\windows\System32\logagent.exe
2009-02-15 05:30 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2009-02-15 05:30 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2009-02-15 05:30 52,736 ----a-w c:\windows\System32\rrinstaller.exe
2009-02-15 05:30 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-02-15 05:30 2,855,424 ----a-w c:\windows\System32\mf.dll
2009-02-15 05:30 2,048 ----a-w c:\windows\System32\mferror.dll
2009-02-15 05:30 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2009-02-15 05:30 101,888 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-02-15 05:29 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-02-15 05:29 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2009-02-15 05:29 737,792 ----a-w c:\windows\System32\inetcomm.dll
2009-02-15 05:29 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-02-15 05:28 5,120 ----a-w c:\windows\System32\wmi.dll
2009-02-15 05:28 152,576 ----a-w c:\windows\System32\imagehlp.dll
2009-02-15 05:28 12,800 ----a-w c:\windows\system32\drivers\fs_rec.sys
2009-02-15 05:28 1,327,104 ----a-w c:\windows\System32\quartz.dll
2009-02-15 05:27 99,840 ----a-w c:\windows\System32\poqexec.exe
2009-02-15 05:27 --------- d-----w c:\program files\MSXML 4.0
2009-02-15 05:26 633,856 ----a-w c:\windows\System32\user32.dll
2009-02-15 05:26 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-02-15 05:26 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2009-02-15 05:26 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-02-15 05:26 2,026,496 ----a-w c:\windows\System32\win32k.sys
2009-02-15 05:26 1,341,440 ----a-w c:\windows\System32\msxml6.dll
2009-02-15 05:24 750,080 ----a-w c:\windows\System32\qmgr.dll
2009-02-15 04:51 --------- d-----w c:\program files\Microsoft Works
2009-02-15 04:50 --------- d-----w c:\program files\Microsoft.NET
2009-02-15 04:34 --------- d-----w c:\program files\a-squared Anti-Malware
2009-02-15 02:36 --------- d-----w c:\users\6MILLI~1\AppData\Roaming\SUPERAntiSpyware.com
2009-02-15 02:36 --------- d-----w c:\users\6 million dollar ba\AppData\Roaming\SUPERAntiSpyware.com
2009-02-15 02:36 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-15 02:36 --------- d-----w c:\progra~2\SUPERAntiSpyware.com
2009-02-15 02:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 02:30 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-15 02:20 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-02-15 02:20 43,544 ----a-w c:\windows\System32\wups2.dll
2009-02-15 02:20 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-02-15 02:20 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-02-15 02:18 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-02-15 02:18 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-02-15 01:59 --------- d-----w c:\program files\PhoTags Express
2009-02-15 01:59 --------- d-----w c:\program files\Lexmark 3400 Series
2009-02-15 01:33 --------- d---a-w c:\progra~2\TEMP
2009-02-14 23:26 --------- d-----w c:\users\6MILLI~1\AppData\Roaming\Malwarebytes
2009-02-14 23:26 --------- d-----w c:\users\6 million dollar ba\AppData\Roaming\Malwarebytes
2009-02-14 23:25 --------- d-----w c:\progra~2\Malwarebytes
2009-02-14 22:04 --------- d-----w c:\users\6MILLI~1\AppData\Roaming\FaxCtr
2009-02-14 22:04 --------- d-----w c:\users\6 million dollar ba\AppData\Roaming\FaxCtr
2009-02-14 21:51 --------- d-----w c:\program files\lx_cats
2009-02-14 21:47 --------- d-----w c:\program files\Lexmark Fax Solutions
2009-02-14 21:46 --------- d-----w c:\progra~2\FaxCtr
2009-02-14 21:46 --------- d-----w c:\progra~2\Ezprint
2009-02-14 20:58 --------- d-----w c:\users\6MILLI~1\AppData\Roaming\Yahoo!
2009-02-14 20:58 --------- d-----w c:\users\6 million dollar ba\AppData\Roaming\Yahoo!
2009-02-14 20:47 --------- d-----w c:\program files\AVG
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 06:47 1,840 --sha-r c:\windows\system32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#090209_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2009-02-09 06:46 --------- d-----w c:\progra~2\Symantec
2009-02-09 06:37 --------- d-----w c:\program files\Yahoo!
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [01/15/2009 04:17 PM 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 02:59 AM 118784]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [06/25/2007 06:34 AM 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [06/25/2007 06:34 AM 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [06/25/2007 06:35 AM 295600]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 09:27 AM 106496]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [01/27/2009 04:59 PM 2784912]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 01:28 PM 266497]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 07:38 AM 4390912 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [03/07/2007 11:09 AM 44168]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2009-02-14 368640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [05/13/2008 09:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
12/22/2008 11:05 AM 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 02/16/2005 11:11 PM 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 09/28/2006 05:42 AM 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 12/08/2006 08:16 AM 65536 c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC399BF8-60D8-415C-BF74-695430E0E0E0}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CF22E581-BA08-4FC0-B3FB-F0DD5F0396FB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{916F5CAF-D35B-415D-A6BC-EB8E7E5EF2BC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{674E56AB-8A7E-4B3A-B78F-9C741335C7A3}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C0486D4-2A49-4597-8AD2-E6E813B28600}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5F5EC396-B89E-45F7-8CBF-1C2FF4871992}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A055C9FD-0E7D-4171-A392-9ACA1F1518C9}"= UDP:c:\windows\System32\lxcycoms.exe:Lexmark Communications System
"{579B7918-4172-4B44-984F-C5EF3D1584AD}"= TCP:c:\windows\System32\lxcycoms.exe:Lexmark Communications System
"{CDF8AED5-EEF3-4FEA-8341-FAC824AA3256}"= UDP:c:\program files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{669F3DDC-5842-40FC-A09D-34121D0FF86B}"= TCP:c:\program files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{0F21E16B-C9FF-4D60-8101-7632B7AE7360}"= UDP:c:\program files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{6375A8B3-818F-4ADD-937E-59654A8C1727}"= TCP:c:\program files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{02D0F23E-396E-4067-8229-82344C541A00}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CD39D56-F49B-4786-AF4E-A03BD16A0C5D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 netr73;Amigo RT73 Wireless Driver for Vista;c:\windows\System32\drivers\netr73.sys [2009-02-08 255488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*Deregistered* - AvgTdiX
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 14:45:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 02/15/2009 14:47:07
ComboFix-quarantined-files.txt 2009-02-15 22:47:05

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 279,124,406,272 bytes free

203


Ran Combo Fix also to try and find the problem.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:08 AM

Posted 16 March 2009 - 10:15 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:08 AM

Posted 24 March 2009 - 06:56 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·