Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please analyze


  • This topic is locked This topic is locked
97 replies to this topic

#1 beckylynn420

beckylynn420

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 03 March 2009 - 07:57 PM

I also have had issues with Vundo...not sure what else happened along with it. I used trend (it missed it) malware (it missed it) spydoctor (got parts of it) and SuperAntispyware (seems to get it all but not sure) I know I got total hijacked since a simple google search and link click would take me to yellow pages and other junk. Please check me out and tell me if you see anything else that I need to fix. Thanks all for your help and support...

Not sure what all is included so I will tell you about my system...

Vista HP with service pack 1
64 bit 2GHz Processor
1GB Memory
32 bit Operating system....

Sorry if I do not have what all you need....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:32 PM, on 3/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80GMQU6E\HiJackThis[1].exe
C:\Users\Owner\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Owner\Downloads\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...02&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Farm%20Frenzy/Images/stg_drm.ocx
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Farm%20Frenzy/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD39141F-AA08-4E0C-ADB2-66ED691D0F42}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54AA85B-7564-4190-B50D-F96683826D4C}: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.166,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166,85.255.112.132
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8634 bytes

Edited by beckylynn420, 03 March 2009 - 08:27 PM.


BC AdBot (Login to Remove)

 


#2 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 04 March 2009 - 02:39 PM

So I locked myself out of my computer trying to set it in safe mode and had to use my system restore to get it back up. Here is my newest log since using system restore.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:51 PM, on 3/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7396 bytes

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:25 AM

Posted 16 March 2009 - 08:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 16 March 2009 - 09:27 PM

Thank you for getting back to me!! I have solved some issues but still have other therefore I have done what you have asked. Here is the DDS Notepad entry


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 21:14:49.28 on Mon 03/16/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.340 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7D6JNDM\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1236190359&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NWEReboot]
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-1-12 36368]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-12 49680]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-12 677128]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-7 33752]

=============== Created Last 30 ================

2009-03-16 12:22 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-13 14:41 <DIR> --d----- c:\program files\uTorrent
2009-03-13 14:40 <DIR> --d----- c:\users\owner\appdata\roaming\uTorrent
2009-03-12 21:26 <DIR> --d----- c:\programdata\vsosdk
2009-03-12 21:26 <DIR> --d----- c:\progra~2\vsosdk
2009-03-12 19:17 47,360 a------- c:\users\owner\appdata\roaming\pcouffin.sys
2009-03-12 19:17 <DIR> --d----- c:\program files\VSO
2009-03-12 16:36 102,439 a------- c:\windows\system32\sipr3260.dll
2009-03-12 15:24 217,127 a------- c:\windows\system32\drv43260.dll
2009-03-12 15:24 208,935 a------- c:\windows\system32\drv33260.dll
2009-03-12 15:24 176,165 a------- c:\windows\system32\drv23260.dll
2009-03-12 15:24 65,602 a------- c:\windows\system32\cook3260.dll
2009-03-12 15:24 1,645,320 a------- c:\windows\gdiplus.dll
2009-03-12 15:24 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-03-12 15:24 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-03-11 18:58 123,336 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-10 22:28 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 22:28 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-10 18:43 87,608 a------- c:\users\owner\appdata\roaming\inst.exe
2009-03-10 18:43 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-10 17:48 <DIR> --d----- c:\program files\Search Settings
2009-03-10 17:46 <DIR> --d----- c:\windows\system32\custom matrices
2009-03-10 17:46 <DIR> --d----- c:\windows\system32\QuickTime
2009-03-10 15:17 364,544 a------- c:\windows\system32\WDBtnMgr.exe
2009-03-09 14:12 7,307 a------- c:\windows\system32\hpasset.xml
2009-03-09 14:12 291 a------- c:\windows\system32\XMLConfig_SYSID.ini
2009-03-07 12:45 <DIR> --d----- c:\programdata\NOS
2009-03-06 13:53 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-06 13:53 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-06 13:53 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-06 13:53 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-06 13:53 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-06 13:53 11,264 a------- c:\windows\system32\icardres.dll
2009-03-06 13:53 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-06 13:53 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-06 13:43 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-06 13:43 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-06 13:43 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-06 13:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-06 13:43 83,968 a------- c:\windows\system32\mscories.dll
2009-03-06 13:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-06 13:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-06 13:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-06 13:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-04 23:29 <DIR> --d----- c:\programdata\FarmFrenzy-PizzaParty
2009-03-04 23:29 <DIR> --d----- c:\progra~2\FarmFrenzy-PizzaParty
2009-03-04 23:20 <DIR> --d----- c:\program files\ReflexiveArcade
2009-03-04 23:06 <DIR> --d----- c:\users\owner\appdata\roaming\BitTorrent
2009-03-04 23:06 <DIR> --d----- c:\program files\DNA
2009-03-04 15:04 <DIR> --d----- c:\programdata\AlawarWrapper
2009-03-04 15:04 <DIR> --d----- c:\progra~2\AlawarWrapper
2009-03-04 13:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-02 18:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-25 01:10 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-02-25 01:10 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-02-25 01:10 <DIR> --d----- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2009-02-24 20:06 <DIR> --d----- c:\windows\pss
2009-02-24 09:50 3,143,680 a------- c:\windows\system32\ffdshow.ax
2009-02-22 12:57 4,421,889 a------- c:\windows\system32\libavcodec.dll
2009-02-18 08:57 557,451 a------- c:\windows\system32\libmplayer.dll
2009-02-16 12:19 790,190 a------- c:\windows\system32\xvidcore.dll
2009-02-16 11:32 425,040 a------- c:\windows\system32\TomsMoComp_ff.dll
2009-02-16 11:30 903,703 a------- c:\windows\system32\ff_x264.dll
2009-02-16 11:23 145,081 a------- c:\windows\system32\libmpeg2_ff.dll
2009-02-16 09:49 328,334 a------- c:\windows\system32\ff_kernelDeint.dll

==================== Find3M ====================

2009-03-16 21:03 56,574 a------- c:\programdata\nvModes.dat
2009-03-16 21:03 56,574 a------- c:\progra~2\nvModes.dat
2009-03-12 19:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-12 19:19 51,200 a------- c:\windows\inf\infpub.dat
2009-03-12 19:18 86,016 a------- c:\windows\inf\infstor.dat
2009-02-14 10:15 486,400 a------- c:\windows\system32\ff_libfaad2.dll
2009-02-09 17:28 98,304 a------- c:\windows\system32\ff_wmv9.dll
2009-02-09 15:19 183,296 a------- c:\windows\system32\ff_samplerate.dll
2009-02-09 15:19 178,688 a------- c:\windows\system32\ff_libmad.dll
2009-02-09 15:18 113,152 a------- c:\windows\system32\ff_unrar.dll
2009-02-09 15:18 146,944 a------- c:\windows\system32\ff_tremor.dll
2009-02-09 15:18 257,024 a------- c:\windows\system32\ff_libdts.dll
2009-02-09 15:18 142,848 a------- c:\windows\system32\ff_liba52.dll
2009-02-09 14:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-01-19 14:17 13,025 a------- c:\users\owner\appdata\roaming\nvModes.dat
2009-01-16 16:22 174 a--sh--- c:\program files\desktop.ini
2009-01-16 16:09 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-16 15:43 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-01-16 15:43 82,432 a------- c:\windows\system32\axaltocm.dll
2009-01-16 14:22 130,768 a------- c:\windows\hpoins18.dat
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-14 19:17 269,312 a------- c:\windows\system32\es.dll
2009-01-14 13:45 4,096 a------- c:\windows\d3dx.dat
2009-01-13 23:26 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-13 23:26 61,440 a------- c:\windows\system32\winipsec.dll
2009-01-13 23:26 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-01-13 23:26 272,896 a------- c:\windows\system32\polstore.dll
2009-01-13 23:21 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-13 23:21 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-01-13 23:21 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-01-13 23:11 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-13 23:07 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-13 23:07 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-01-13 23:07 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-01-13 23:07 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-01-13 23:07 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-01-13 23:07 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-01-13 23:07 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-13 23:07 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-13 23:07 1,695,744 a------- c:\windows\system32\gameux.dll
2009-01-13 23:06 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-13 23:04 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-13 23:04 2,048 a------- c:\windows\system32\msxml3r.dll
2009-01-13 23:00 2,048 a------- c:\windows\system32\tzres.dll
2009-01-13 22:54 2,927,104 a------- c:\windows\explorer.exe
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData001d.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData001b.dll
2009-01-13 22:48 9,847,296 a------- c:\windows\system32\NlsData000a.dll
2009-01-13 22:48 2,643,456 a------- c:\windows\system32\NlsData000c.dll
2009-01-13 22:48 2,342,912 a------- c:\windows\system32\NlsData000d.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0416.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0414.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData000f.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0816.dll
2009-01-13 22:48 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-13 22:48 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData081a.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData0c1a.dll
2009-01-13 22:45 6,656 a------- c:\windows\system32\kbd106n.dll
2009-01-13 22:44 988,216 a------- c:\windows\system32\winload.exe
2009-01-13 22:44 927,288 a------- c:\windows\system32\winresume.exe
2009-01-13 22:44 378,368 a------- c:\windows\system32\srcore.dll
2009-01-13 22:44 318,464 a------- c:\windows\system32\rstrui.exe
2009-01-13 22:44 40,960 a------- c:\windows\system32\srclient.dll
2009-01-13 22:44 14,848 a------- c:\windows\system32\srdelayed.exe
2009-01-13 22:44 19,000 a------- c:\windows\system32\kd1394.dll
2009-01-13 22:44 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-01-13 22:44 615,992 a------- c:\windows\system32\ci.dll
2009-01-13 22:40 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-13 22:40 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-13 22:40 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-13 22:38 443,392 a------- c:\windows\system32\win32spl.dll
2009-01-13 22:38 37,888 a------- c:\windows\system32\printcom.dll
2009-01-13 22:37 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-13 22:28 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-13 22:28 98,816 a------- c:\windows\system32\mfps.dll
2009-01-13 22:28 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-01-13 22:28 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-13 22:28 2,048 a------- c:\windows\system32\mferror.dll
2009-01-13 22:28 94,720 a------- c:\windows\system32\logagent.exe
2009-01-13 22:28 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-13 22:27 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-13 22:26 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-13 22:24 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-13 22:24 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-13 22:24 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-13 22:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-13 21:42 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-13 21:42 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-13 19:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-13 19:39 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-13 19:39 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-13 19:39 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-10 17:17 163,840 a------- c:\windows\system32\ts.dll
2009-01-10 17:16 148,480 a------- c:\windows\system32\mkx.dll
2009-01-10 17:16 108,032 a------- c:\windows\system32\avi.dll
2009-01-10 17:16 141,312 a------- c:\windows\system32\mp4.dll
2009-01-10 17:16 335,872 a------- c:\windows\system32\gdsmux.exe
2009-01-10 17:15 120,832 a------- c:\windows\system32\ogm.dll
2009-01-10 17:15:44 A------- 159,744 c:\windows\system32\mmfinfo.dll

============= FINISH: 21:15:01.46 ===============

Also I attached the file as requested. Hope it helps and is what you wanted!!!! Thanks again and let me know what you think!!! Ciao~~

Attached Files



#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 18 March 2009 - 07:05 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

You said you ran malware? Not sure what you mean by that, but if you mean Malwarebytes' Anti-Malware, could you please update it and run a full scan and then post the log. If that is not what you meant,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Fix Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

-- If you receive this error:
"Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid", please download Comdlg32.ocx, place it in your C:\Windows\system32 folder and try running VundoFix again.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 19 March 2009 - 03:34 PM

Hello!! I have a small change in our plans. I would like to start from scratch because I got SEVERLY infected last nite from a bad download and it was shutting my whole system down!!! Rootkits, Vundo and others were installed. So I had to do a system restore just to get back in since it even shut down my microsoft explorer (nasty bug it was) so I am going to run a whole new DDS and attach it. I just do not want you to work with it since I have made a change and wanted to let you know up front that I made it!!! So here is my new DDS log and my attachment!! Had hard time installing the Malwarebytes Antimalware. Got a runtime error 0 and another runtime error 440. I have noticed that whenever I install a new program and it tries to register is C: prompt they never can. Always flashes up and says cannot access in DOS mode or something to that effect. SO did download it from CNET and still get the errors....ggrr....so I am unable to complete the malwarebytes instruction. Unless you have another idea for me to download it or a way to stop those errors. The first two times I tried to install it I just hit run. This third time I tried I saved it but I still get the same errors and I even went into the properties and edited the Security controls. The exact errors are vbAccelerator SGrid II Control Run-time error '0' and then after clicking ok I get Malwarebytes Antimalware Run-time error '440': Automation error. Even on the uninstall I get the errors and the C prompt popping up and beeping 5 times (geez) What did I do to my computer!!!!! Well it is letting me run the Vundofix...weird. The vundofix.exe you gave me was messed up and it was going for almost 4 hours before I stopped it!!! I used Vundofix tool from the Vundo site but did not opt to delete anything because it tagged all my preinstalled HP games and other stuff. So I will let you look at it before I proceed with that. And they are all marked in my registry so I will wait for you to instruct further on that. I installed HijackThis after I ran the Vundofix. I noticed in the hijack log it says URLsearchhook missing. Which is odd because that is usually the name or partial name of the file that my SUPERAntispyware catches and has me delete. So here you go. Thanks and let me know what to do next.







Ciao and great appreciation!!

Here is the DDS Log


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 11:23:18.54 on Thu 03/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.265 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VSO\ConvertX\3\ConvertXtoDVD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7D6JNDM\dds[2].com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1236190359&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NWEReboot]
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-17 22:37 <DIR> --d----- c:\program files\SpeedFan
2009-03-16 12:22 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-13 14:41 <DIR> --d----- c:\program files\uTorrent
2009-03-13 14:40 <DIR> --d----- c:\users\owner\appdata\roaming\uTorrent
2009-03-12 21:26 <DIR> --d----- c:\programdata\vsosdk
2009-03-12 21:26 <DIR> --d----- c:\progra~2\vsosdk
2009-03-12 19:17 47,360 a------- c:\users\owner\appdata\roaming\pcouffin.sys
2009-03-12 19:17 <DIR> --d----- c:\program files\VSO
2009-03-12 16:36 102,439 a------- c:\windows\system32\sipr3260.dll
2009-03-12 15:24 217,127 a------- c:\windows\system32\drv43260.dll
2009-03-12 15:24 208,935 a------- c:\windows\system32\drv33260.dll
2009-03-12 15:24 176,165 a------- c:\windows\system32\drv23260.dll
2009-03-12 15:24 65,602 a------- c:\windows\system32\cook3260.dll
2009-03-12 15:24 1,645,320 a------- c:\windows\gdiplus.dll
2009-03-12 15:24 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-03-12 15:24 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-03-11 18:58 123,336 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-10 22:28 268,288 a------- c:\windows\system32\schannel.dll
2009-03-10 22:28 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-10 18:43 87,608 a------- c:\users\owner\appdata\roaming\inst.exe
2009-03-10 18:43 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-10 17:46 <DIR> --d----- c:\windows\system32\custom matrices
2009-03-10 17:46 <DIR> --d----- c:\windows\system32\QuickTime
2009-03-10 15:17 364,544 a------- c:\windows\system32\WDBtnMgr.exe
2009-03-09 14:12 7,307 a------- c:\windows\system32\hpasset.xml
2009-03-09 14:12 291 a------- c:\windows\system32\XMLConfig_SYSID.ini
2009-03-07 12:45 <DIR> --d----- c:\programdata\NOS
2009-03-06 13:53 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-06 13:53 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-06 13:53 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-06 13:53 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-06 13:53 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-06 13:53 11,264 a------- c:\windows\system32\icardres.dll
2009-03-06 13:53 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-06 13:53 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-06 13:43 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-06 13:43 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-06 13:43 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-06 13:43 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-06 13:43 83,968 a------- c:\windows\system32\mscories.dll
2009-03-06 13:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-06 13:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-06 13:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-06 13:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-04 23:29 <DIR> --d----- c:\programdata\FarmFrenzy-PizzaParty
2009-03-04 23:29 <DIR> --d----- c:\progra~2\FarmFrenzy-PizzaParty
2009-03-04 23:06 <DIR> --d----- c:\users\owner\appdata\roaming\BitTorrent
2009-03-04 23:06 <DIR> --d----- c:\program files\DNA
2009-03-04 15:04 <DIR> --d----- c:\programdata\AlawarWrapper
2009-03-04 15:04 <DIR> --d----- c:\progra~2\AlawarWrapper
2009-03-04 13:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-02 18:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-25 01:10 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-02-25 01:10 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-02-25 01:10 <DIR> --d----- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2009-02-24 20:06 <DIR> --d----- c:\windows\pss
2009-02-24 09:50 3,143,680 a------- c:\windows\system32\ffdshow.ax
2009-02-22 12:57 4,421,889 a------- c:\windows\system32\libavcodec.dll
2009-02-18 08:57 557,451 a------- c:\windows\system32\libmplayer.dll

==================== Find3M ====================

2009-03-18 19:55 56,574 a------- c:\programdata\nvModes.dat
2009-03-18 19:55 56,574 a------- c:\progra~2\nvModes.dat
2009-03-12 19:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-12 19:19 51,200 a------- c:\windows\inf\infpub.dat
2009-03-12 19:18 86,016 a------- c:\windows\inf\infstor.dat
2009-02-16 12:19 790,190 a------- c:\windows\system32\xvidcore.dll
2009-02-16 11:32 425,040 a------- c:\windows\system32\TomsMoComp_ff.dll
2009-02-16 11:30 903,703 a------- c:\windows\system32\ff_x264.dll
2009-02-16 11:23 145,081 a------- c:\windows\system32\libmpeg2_ff.dll
2009-02-16 09:49 328,334 a------- c:\windows\system32\ff_kernelDeint.dll
2009-02-14 10:15 486,400 a------- c:\windows\system32\ff_libfaad2.dll
2009-02-09 17:28 98,304 a------- c:\windows\system32\ff_wmv9.dll
2009-02-09 15:19 183,296 a------- c:\windows\system32\ff_samplerate.dll
2009-02-09 15:19 178,688 a------- c:\windows\system32\ff_libmad.dll
2009-02-09 15:18 113,152 a------- c:\windows\system32\ff_unrar.dll
2009-02-09 15:18 146,944 a------- c:\windows\system32\ff_tremor.dll
2009-02-09 15:18 257,024 a------- c:\windows\system32\ff_libdts.dll
2009-02-09 15:18 142,848 a------- c:\windows\system32\ff_liba52.dll
2009-02-09 14:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-01-19 14:17 13,025 a------- c:\users\owner\appdata\roaming\nvModes.dat
2009-01-16 16:22 174 a--sh--- c:\program files\desktop.ini
2009-01-16 16:09 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-16 15:43 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-01-16 15:43 82,432 a------- c:\windows\system32\axaltocm.dll
2009-01-16 14:22 130,768 a------- c:\windows\hpoins18.dat
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-14 19:17 269,312 a------- c:\windows\system32\es.dll
2009-01-14 13:45 4,096 a------- c:\windows\d3dx.dat
2009-01-13 23:26 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-13 23:26 61,440 a------- c:\windows\system32\winipsec.dll
2009-01-13 23:26 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-01-13 23:26 272,896 a------- c:\windows\system32\polstore.dll
2009-01-13 23:21 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-13 23:21 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-01-13 23:21 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-01-13 23:11 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-13 23:07 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-13 23:07 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-01-13 23:07 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-01-13 23:07 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-01-13 23:07 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-01-13 23:07 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-01-13 23:07 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-13 23:07 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-13 23:07 1,695,744 a------- c:\windows\system32\gameux.dll
2009-01-13 23:06 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-13 23:04 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-13 23:04 2,048 a------- c:\windows\system32\msxml3r.dll
2009-01-13 23:00 2,048 a------- c:\windows\system32\tzres.dll
2009-01-13 22:54 2,927,104 a------- c:\windows\explorer.exe
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData001d.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData001b.dll
2009-01-13 22:48 9,847,296 a------- c:\windows\system32\NlsData000a.dll
2009-01-13 22:48 2,643,456 a------- c:\windows\system32\NlsData000c.dll
2009-01-13 22:48 2,342,912 a------- c:\windows\system32\NlsData000d.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0416.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0414.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData000f.dll
2009-01-13 22:48 4,495,360 a------- c:\windows\system32\NlsData0816.dll
2009-01-13 22:48 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-13 22:48 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData081a.dll
2009-01-13 22:48 1,965,056 a------- c:\windows\system32\NlsData0c1a.dll
2009-01-13 22:45 6,656 a------- c:\windows\system32\kbd106n.dll
2009-01-13 22:44 988,216 a------- c:\windows\system32\winload.exe
2009-01-13 22:44 927,288 a------- c:\windows\system32\winresume.exe
2009-01-13 22:44 378,368 a------- c:\windows\system32\srcore.dll
2009-01-13 22:44 318,464 a------- c:\windows\system32\rstrui.exe
2009-01-13 22:44 40,960 a------- c:\windows\system32\srclient.dll
2009-01-13 22:44 14,848 a------- c:\windows\system32\srdelayed.exe
2009-01-13 22:44 19,000 a------- c:\windows\system32\kd1394.dll
2009-01-13 22:44 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-01-13 22:44 615,992 a------- c:\windows\system32\ci.dll
2009-01-13 22:40 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-13 22:40 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-13 22:40 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-13 22:38 443,392 a------- c:\windows\system32\win32spl.dll
2009-01-13 22:38 37,888 a------- c:\windows\system32\printcom.dll
2009-01-13 22:37 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-13 22:28 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-13 22:28 98,816 a------- c:\windows\system32\mfps.dll
2009-01-13 22:28 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-01-13 22:28 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-13 22:28 2,048 a------- c:\windows\system32\mferror.dll
2009-01-13 22:28 94,720 a------- c:\windows\system32\logagent.exe
2009-01-13 22:28 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-13 22:27 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-13 22:26 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-13 22:24 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-13 22:24 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-13 22:24 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-13 22:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-13 21:42 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-13 21:42 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-13 19:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-13 19:39 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-13 19:39 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-13 19:39 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-10 17:17 163,840 a------- c:\windows\system32\ts.dll
2009-01-10 17:16:56 A------- 148,480 c:\windows\system32\mkx.dll

============= FINISH: 11:24:53.54 ===============




<<<<<<<<<<<<<<<<HIJACK THIS LOG>>>>>>>>>>>>>>>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:43 PM, on 3/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\VundoFixTool\VundoFixTool.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [VundoFixTool] C:\Program Files\VundoFixTool\VundoFixTool.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Business Contact Manager SQL Server Startup Service (BcmSqlStartupSvc) - Unknown owner - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VundoFixTool Scanning Engine (VundoFixToolSrv) - Unknown owner - C:\Program Files\VundoFixTool\VundoFixTool.srv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: VundoFixTool Scanning Engine (VundoFixToolSrv) - Unknown owner - C:\Program Files\VundoFixTool\VundoFixTool.srv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8924 bytes

Attached Files



#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 19 March 2009 - 04:50 PM

what site are you calling the Vundo site?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 19 March 2009 - 07:42 PM

The one up there in your message where you told me to download vundofix.exe on my desktop and to run it and let it fix stuff. It ran FOREVER!!! and was never finished so I had to go and install VundoFix Tool . Any ideas on how I can get the malwarebytes to load on here so I can run it too?

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 19 March 2009 - 09:32 PM

Try renaming Malwarebytes' Anti-Malware to something else.

But I must ask you in the future if you have problems running something, to let me know. Don't just go off and find other software to run. The tools we recommend have been carefully screened so that it will fix the problem, but more importantly not increase the problem. There are many programs out there that profess to uninstall or remove certain software, yet they are themselves malware. Did this VundoFix Tool create a log? Can you post it?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 20 March 2009 - 10:50 AM

SORRY!!! MY BAD!!!!! I thought they were the same....since they both say VundoFix. A log was saved from it but like I said previously it is strange because it marked all my preinstalled HPGames. But here is the log. Please let me know what I should do next. And I will not try to deviate from instructions again.

Microsoft Windows Vista Home Premium Service Pack 1
6.00 build 6001 Service Pack 1
Username: Owner
In groups: LOCAL Administrators Everyone Users None INTERACTIVE NTLM Authentication Authenticated Users Medium Mandatory Level This Organization Debugger Users
2009/03/20 10:48:22:570: Application Version: 1.9.3321.926
2009/03/20 10:48:22:586: Module Version: 1.0.3321.922
2009/03/20 10:48:22:586: Service Version: 1.0.3321.922
2009/03/20 10:48:22:586: ===============================================================
2009/03/20 10:48:22:586: Switching to PIERemote.
2009/03/20 10:48:22:586: Creating pipe: \\.\pipe\VundoFixTool.service.communication
2009/03/20 10:48:22:742: Checking for bad run key.
2009/03/20 10:48:22:757: Windows directory: C:\Windows
2009/03/20 10:48:22:757: System directory: C:\Windows\system32
2009/03/20 10:48:22:757: Program Files directory: C:\Program Files
2009/03/20 10:48:22:757: Application Data: C:\Users\Owner\AppData\Roaming
2009/03/20 10:48:22:757: User Profile: C:\Users\Owner
2009/03/20 10:48:22:757: User Temp: C:\Users\Owner\AppData\Local\Temp\
2009/03/20 10:48:22:757: Start Menu: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu
2009/03/20 10:48:22:757: User Desktop: C:\Users\Owner\Desktop
2009/03/20 10:48:22:757: Common Desktop: C:\Users\Public\Desktop
2009/03/20 10:48:22:757: Common Profile: C:\ProgramData
2009/03/20 10:48:22:757: SID set to: S-1-5-21-4014238044-1931714582-2987797828-1000
2009/03/20 10:48:24:411: version was called, but is not defined in this dll version.
2009/03/20 10:48:24:411: Database Version:
2009/03/20 10:48:24:411: version was called, but is not defined in this dll version.
2009/03/20 10:48:24:411: Database Version:
2009/03/20 10:48:25:534: Loading Scan Results...
2009/03/20 10:48:25:550: ResultAdded[39583]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[563157]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[17]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[582163]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[50]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[526114]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[62]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[63]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[627630]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[66]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[25147]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[82]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[112]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[113]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[603813]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[41044]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[154]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[621219]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[527716]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[217]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[235]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[526392]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[261]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[619538]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[272]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[295]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[550076]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[319]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[330]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[603815]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[609753]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[25142]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[404]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[409]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[526147]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[432]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[25145]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[624459]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[464]: Tracking Cookie, Tracking Cookie
2009/03/20 10:48:25:550: ResultAdded[619683]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[619661]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[619662]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[44879]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[44870]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[41037]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[41042]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[40817]: Adware, DealIO Toolbar
2009/03/20 10:48:25:550: ResultAdded[55040]: Potentially Unwanted Applications, WildTangent
2009/03/20 10:48:26:907: ResultAdded[25338]: Potentially Unwanted Applications, WildTangent
2009/03/20 10:48:27:001: No command line.
2009/03/20 10:48:29:715: Parsing command line:
2009/03/20 10:48:29:715: launch
2009/03/20 10:48:29:731: OnitDialog...
2009/03/20 10:48:32:195: Checking for database update...
2009/03/20 10:48:32:773: Updating Security Center Info: VundoFixTool, C:\Program Files\VundoFixTool\VundoFixTool.exe, 1, 1
2009/03/20 10:48:32:788: ConnectServer: service
2009/03/20 10:48:32:804: ExecQuery: pResults
2009/03/20 10:48:32:804: Next: 1
2009/03/20 10:48:32:804: Next: 1
2009/03/20 10:48:32:804: Next: 1
2009/03/20 10:48:32:804: Found app's entry
2009/03/20 10:48:32:804: Put: displayName
2009/03/20 10:48:32:804: Put: productEnabled
2009/03/20 10:48:32:804: Put: productUptoDate
2009/03/20 10:48:32:819: PutInstance
2009/03/20 10:48:32:819: Done
2009/03/20 10:48:32:819: Database Version: 11.3.4 1237399930
2009/03/20 10:48:32:851: Setting Timer to Hide Splash
2009/03/20 10:48:33:365: Hiding Splash

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 20 March 2009 - 11:50 AM

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If it doesn't run, rename the combofix.exe file to multifix.exe and then reboot to safe mode and run it. Post the log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 20 March 2009 - 12:43 PM

here is the combofix log. Did you still want me to do the Malwarebytes as well? Just let me know!! There is one under the Supplementary Scan that I would like to ask you about. I have posted it in another forum but no response was shown just curious about that file cause it just does not look.....kosher. Thanks!!

ComboFix 09-03-19.02 - Owner 2009-03-20 12:31:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.395 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\2F2F.tmp
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\EA05.tmp
c:\users\Owner\AppData\Roaming\ezpinst.log
c:\users\Owner\AppData\Roaming\inst.exe
c:\windows\system32\Pncrt.dll
d:\recycler\S-4-8-34-100023318-100015058-100020882-3425.com

.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-19 15:10 . 2009-03-19 15:11 <DIR> d-------- c:\users\Owner\AppData\Roaming\VundoFixTool
2009-03-19 15:08 . 2009-03-19 15:08 <DIR> d-------- c:\program files\VundoFixTool
2009-03-19 13:07 . 2009-03-05 21:17 1,195,512 --a------ c:\windows\System32\drivers\vsapint.sys
2009-03-19 13:07 . 2009-03-05 21:17 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2009-03-19 13:07 . 2009-03-05 21:17 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
2009-03-19 11:40 . 2009-03-19 11:40 <DIR> d-------- C:\VundoFix Backups
2009-03-19 11:29 . 2009-03-19 11:29 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-19 11:29 . 2009-03-19 11:29 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-17 22:37 . 2009-03-17 22:37 <DIR> d-------- c:\program files\SpeedFan
2009-03-16 12:22 . 2009-03-18 14:33 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-13 14:41 . 2009-03-13 14:41 <DIR> d-------- c:\program files\uTorrent
2009-03-13 14:40 . 2009-03-20 12:17 <DIR> d-------- c:\users\Owner\AppData\Roaming\uTorrent
2009-03-12 21:26 . 2009-03-12 21:26 <DIR> d-------- c:\users\All Users\vsosdk
2009-03-12 21:26 . 2009-03-12 21:26 <DIR> d-------- c:\programdata\vsosdk
2009-03-12 19:17 . 2009-03-19 19:58 <DIR> d-------- c:\users\Owner\AppData\Roaming\Vso
2009-03-12 19:17 . 2009-03-19 00:24 <DIR> d-------- c:\program files\VSO
2009-03-12 19:17 . 2009-03-12 19:17 47,360 --a------ c:\users\Owner\AppData\Roaming\pcouffin.sys
2009-03-12 16:36 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2009-03-12 15:24 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2009-03-12 15:24 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2009-03-12 15:24 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2009-03-12 15:24 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2009-03-12 15:24 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2009-03-12 15:24 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2009-03-12 15:24 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2009-03-11 18:58 . 2009-03-14 01:00 123,336 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT
2009-03-10 22:28 . 2009-02-08 22:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 22:28 . 2008-11-26 23:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 18:43 . 2009-03-10 18:43 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-03-10 17:46 . 2009-03-10 17:46 <DIR> d-------- c:\windows\System32\QuickTime
2009-03-10 17:46 . 2009-03-10 17:46 <DIR> d-------- c:\windows\System32\custom matrices
2009-03-10 15:17 . 2009-03-10 15:17 364,544 --a------ c:\windows\System32\WDBtnMgr.exe
2009-03-10 12:23 . 2009-03-14 20:39 <DIR> d-------- c:\users\Owner\AppData\Roaming\Roxio
2009-03-09 14:12 . 2009-03-09 14:12 7,307 --a------ c:\windows\System32\hpasset.xml
2009-03-09 14:12 . 2006-09-06 18:45 291 --a------ c:\windows\System32\XMLConfig_SYSID.ini
2009-03-07 13:32 . 2009-03-07 13:32 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-07 13:31 . 2009-03-16 12:34 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-07 12:45 . 2009-03-07 12:48 <DIR> d-------- c:\users\All Users\NOS
2009-03-07 12:45 . 2009-03-07 12:48 <DIR> d-------- c:\programdata\NOS
2009-03-07 12:45 . 2009-03-07 12:45 <DIR> d-------- c:\program files\NOS
2009-03-06 13:53 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-06 13:53 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-06 13:53 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-06 13:53 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-06 13:53 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-06 13:53 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-06 13:53 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-06 13:53 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-06 13:43 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-06 13:43 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-06 13:43 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-06 13:43 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-06 13:43 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-06 13:41 . 2008-12-15 22:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-06 13:41 . 2008-12-16 00:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-06 13:41 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-06 13:41 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-04 23:29 . 2009-03-04 23:29 <DIR> d-------- c:\users\All Users\FarmFrenzy-PizzaParty
2009-03-04 23:29 . 2009-03-04 23:29 <DIR> d-------- c:\programdata\FarmFrenzy-PizzaParty
2009-03-04 23:06 . 2009-03-19 00:25 <DIR> d-------- c:\users\Owner\AppData\Roaming\BitTorrent
2009-03-04 23:06 . 2009-03-04 23:06 <DIR> d-------- c:\program files\DNA
2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\users\All Users\AlawarWrapper
2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\programdata\AlawarWrapper
2009-03-04 13:22 . 2009-03-04 13:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-02 18:53 . 2009-03-04 13:23 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-25 01:10 . 2009-03-02 17:11 <DIR> d-------- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2009-02-25 01:10 . 2009-02-25 01:10 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-25 01:10 . 2009-02-25 01:10 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-24 09:50 . 2009-02-24 09:50 3,143,680 --a------ c:\windows\System32\ffdshow.ax
2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d-------- c:\users\Owner\AppData\Roaming\Yahoo!
2009-02-23 14:28 . 2009-03-04 23:24 <DIR> d-------- c:\program files\7-Zip
2009-02-22 12:57 . 2009-02-22 12:57 4,421,889 --a------ c:\windows\System32\libavcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 17:12 56,574 ----a-w c:\users\All Users\nvModes.dat
2009-03-20 17:12 56,574 ----a-w c:\programdata\nvModes.dat
2009-03-19 05:25 --------- d-----w c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-03-19 05:24 --------- d-----w c:\users\Owner\AppData\Roaming\Intuit
2009-03-19 05:23 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-15 02:03 --------- d-----w c:\programdata\Roxio
2009-03-12 14:01 --------- d-----w c:\program files\Windows Mail
2009-03-12 03:19 --------- d-----w c:\programdata\Microsoft Help
2009-03-12 03:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 21:29 --------- d-----w c:\programdata\CyberLink
2009-03-10 17:22 --------- d-----w c:\programdata\Sonic
2009-03-04 19:52 --------- d-----w c:\programdata\WildTangent
2009-03-04 19:52 --------- d-----w c:\program files\Windows Journal
2009-03-04 19:52 --------- d-----w c:\program files\Windows Collaboration
2009-03-04 19:52 --------- d-----w c:\program files\MSBuild
2009-03-04 19:52 --------- d-----w c:\program files\HP
2009-03-04 19:45 --------- d-----w c:\program files\Reference Assemblies
2009-03-04 19:36 --------- d-----w c:\program files\Trend Micro
2009-03-03 23:12 80,400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-03-03 08:34 50,192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-03-03 08:34 150,032 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-25 05:59 --------- d---a-w c:\programdata\TEMP
2009-02-18 13:57 557,451 ----a-w c:\windows\System32\libmplayer.dll
2009-02-16 17:19 790,190 ----a-w c:\windows\System32\xvidcore.dll
2009-02-16 16:32 425,040 ----a-w c:\windows\System32\TomsMoComp_ff.dll
2009-02-16 16:30 903,703 ----a-w c:\windows\System32\ff_x264.dll
2009-02-16 16:23 145,081 ----a-w c:\windows\System32\libmpeg2_ff.dll
2009-02-16 14:49 328,334 ----a-w c:\windows\System32\ff_kernelDeint.dll
2009-02-14 15:15 486,400 ----a-w c:\windows\System32\ff_libfaad2.dll
2009-02-09 22:28 98,304 ----a-w c:\windows\System32\ff_wmv9.dll
2009-02-09 20:19 183,296 ----a-w c:\windows\System32\ff_samplerate.dll
2009-02-09 20:19 178,688 ----a-w c:\windows\System32\ff_libmad.dll
2009-02-09 20:18 257,024 ----a-w c:\windows\System32\ff_libdts.dll
2009-02-09 20:18 146,944 ----a-w c:\windows\System32\ff_tremor.dll
2009-02-09 20:18 142,848 ----a-w c:\windows\System32\ff_liba52.dll
2009-02-09 20:18 113,152 ----a-w c:\windows\System32\ff_unrar.dll
2009-02-09 19:56 67,584 ----a-w c:\windows\System32\ff_vfw.dll
2009-02-05 17:18 --------- d-----w c:\program files\Common Files\Aladdin Shared
2009-02-03 19:54 --------- d-----w c:\program files\BitPim
2009-02-03 03:21 --------- d-----w c:\users\Owner\AppData\Roaming\GTek
2009-02-03 02:19 --------- d-----w c:\programdata\DriverCure
2009-02-03 02:16 --------- d-----w c:\users\Owner\AppData\Roaming\DriverCure
2009-02-03 02:15 --------- d-----w c:\programdata\ParetoLogic
2009-02-01 18:55 --------- d-----w c:\programdata\Hewlett-Packard
2009-01-26 17:57 --------- d-----w c:\programdata\WindowsSearch
2009-01-25 00:29 --------- d-----w c:\users\Owner\AppData\Roaming\HP
2009-01-25 00:29 --------- d-----w c:\programdata\HP
2009-01-24 03:06 --------- d-----w c:\users\Owner\AppData\Roaming\WildTangent
2009-01-23 05:35 --------- d-----w c:\program files\Hewlett-Packard
2009-01-22 18:15 --------- d-----w c:\users\Owner\AppData\Roaming\Printer Info Cache
2009-01-22 18:15 --------- d-----w c:\users\Owner\AppData\Roaming\Image Zone Express
2009-01-20 16:13 --------- d-----w c:\program files\Microsoft
2009-01-19 19:17 13,025 ----a-w c:\users\Owner\AppData\Roaming\nvModes.dat
2009-01-16 21:22 174 --sha-w c:\program files\desktop.ini
2009-01-16 20:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-16 20:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-15 00:17 269,312 ----a-w c:\windows\System32\es.dll
2009-01-14 04:26 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-14 04:26 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-14 04:26 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-14 04:26 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-14 04:21 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-14 04:21 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-14 04:21 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-14 04:11 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-14 04:07 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-14 04:07 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-14 04:07 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-14 04:07 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-14 04:07 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-14 04:07 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-14 04:07 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-14 04:07 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-14 04:07 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-14 04:06 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-14 04:04 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-14 04:04 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-14 04:00 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-14 03:54 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-14 03:48 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2009-01-14 03:48 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-01-14 03:48 6,917,120 ----a-w c:\windows\System32\NlsLexicons0c1a.dll
2009-01-14 03:48 4,495,360 ----a-w c:\windows\System32\NlsData0816.dll
2009-01-14 03:48 4,495,360 ----a-w c:\windows\System32\NlsData0416.dll
2009-01-14 03:48 4,495,360 ----a-w c:\windows\System32\NlsData0414.dll
2009-01-14 03:48 4,495,360 ----a-w c:\windows\System32\NlsData001d.dll
2009-01-14 03:48 2,643,456 ----a-w c:\windows\System32\NlsData000c.dll
2009-01-14 03:48 2,342,912 ----a-w c:\windows\System32\NlsData000d.dll
2009-01-14 03:48 1,965,056 ----a-w c:\windows\System32\NlsData0c1a.dll
2009-01-14 03:48 1,965,056 ----a-w c:\windows\System32\NlsData081a.dll
2009-01-14 03:48 1,965,056 ----a-w c:\windows\System32\NlsData001b.dll
2009-01-14 03:48 1,965,056 ----a-w c:\windows\System32\NlsData000f.dll
2009-01-14 03:45 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-14 03:44 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-14 03:44 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-14 03:44 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-14 03:44 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-14 03:44 40,960 ----a-w c:\windows\System32\srclient.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"VundoFixTool"="c:\program files\VundoFixTool\VundoFixTool.exe" [2009-03-19 19451904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-13 995528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2009-01-10 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A235661D-A2D8-4050-B17F-028407FEA3D8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57114B9E-1879-43B7-9E76-D86D12923AC6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BFBC9636-AA1C-4846-91F6-884ACC5C1419}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{1BD84FE2-2514-4213-B8E3-A603A4F14DC4}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{4EE680A4-6DEE-493D-A929-AF9F62BBD451}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BF8A5391-8CE4-4EB7-B813-FAF0C499DF08}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{F17D3ABA-15F0-464B-845C-89C3ACA11B4D}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{46F0D12F-6AA4-4B3E-8208-7B726CA9EFB8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{5D14F486-4322-4BDB-89B0-94C572676776}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C99642AA-1551-4E92-87DB-9308D3EFC470}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{3276E5C8-D92C-4660-9342-7DFC620FAF50}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83677914-0498-43A7-A5D3-55A5235AF038}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BF6DA14D-B273-45CF-A5E8-BADCBA9433C9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{39A4590A-62F4-4085-8FEB-C2603F79B3AC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A718B07-4691-4731-BD04-ADA2C33BA90A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ABE464DD-84AB-4E7B-9443-91CAD976FD65}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D379EE30-E2D8-40F4-AF46-A0846F3835F2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E0D4F08E-1AA5-419A-8F2F-50E506D9F54C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{84A008CE-BC03-41CA-B2F9-473AD1E84757}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AEDC6369-DB87-4071-91FF-2F316D6BA215}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{850FA9EE-D827-4F3B-8670-0E1DAF9AB9D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B3E93761-3B18-46A4-BAD3-C4D469BEF250}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A6FAA112-8163-49EB-B45F-9E607E8BFABE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{B607448D-1343-4328-A73F-4E1F4F8A3286}"= UDP:1700:MioNet Remote Drive Access 0
"{B0F33436-FE89-43C0-BF7A-B39AADE55D59}"= UDP:1701:MioNet Remote Drive Access 1
"{B2E4B1F5-C6EB-4B17-BB3A-99072C0E7BB3}"= UDP:1702:MioNet Remote Drive Access 2
"{352BF51A-E611-433A-A4AA-28ECEE1677A5}"= UDP:1703:MioNet Remote Drive Access 3
"{97D50B6F-35FE-45AD-ACDE-AC53AE3D8505}"= UDP:1704:MioNet Remote Drive Access 4
"{BD07FBC1-93A0-4F35-AE59-2B68422D3030}"= UDP:1705:MioNet Remote Drive Access 5
"{2B0FBE65-BD1D-4CEE-8975-80FBE3A22273}"= UDP:1706:MioNet Remote Drive Access 6
"{AFC83939-50B1-4E54-A93F-0EE3A3AB30F4}"= UDP:1707:MioNet Remote Drive Access 7
"{792DBB54-E55D-412D-9416-2E3B0A26396A}"= UDP:1708:MioNet Remote Drive Access 8
"{54CB7FDC-702E-42A8-86E2-F1B0A927FAD7}"= UDP:1709:MioNet Remote Drive Access 9
"{CC9CE562-4F9C-4F87-B90B-443F93A9CFD5}"= UDP:1641:MioNet Remote Drive Verification
"{76EF0F35-BF1B-41CE-AF8A-255ADF08FA6B}"= UDP:1647:MioNet Storage Device Configuration
"{E6FA0F67-2FCF-4FA6-B551-3783FE821ABB}"= TCP:5432:MioNet Storage Device Discovery
"{A6D79DA1-6104-4E33-A2B2-7B4C77C6DBEA}"= UDP:c:\program files\MioNet\MioNetManager.exe:MioNetManager
"{668F8242-364E-47E2-9D58-F905835DBCD3}"= TCP:c:\program files\MioNet\MioNetManager.exe:MioNetManager
"{E05A513D-6BCB-4B1C-8421-004A4F258B65}"= UDP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet
"{2A2C6396-F69B-4947-92AD-D5C694BD1645}"= TCP:c:\program files\MioNet\jvm\bin\MioNet.exe:MioNet
"TCP Query User{C3217A37-BB83-44A0-BF55-57CDCCBF12D1}c:\\program files\\pfportchecker\\pfportchecker.exe"= UDP:c:\program files\pfportchecker\pfportchecker.exe:PFPortchecker by portforward.com helps check if your ports are properly forwarded.
"UDP Query User{446DB84B-12C9-4392-A963-9DC73B8E8222}c:\\program files\\pfportchecker\\pfportchecker.exe"= TCP:c:\program files\pfportchecker\pfportchecker.exe:PFPortchecker by portforward.com helps check if your ports are properly forwarded.
"{CF3F359E-EEA1-46BD-8136-378409421E4B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FB95948C-0369-4E95-8B40-CB2115510A17}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{27259200-3ED1-41A6-B50E-75895773A9FB}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x7d6jndm\\utorrent[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\x7d6jndm\utorrent[1].exe:utorrent[1].exe
"UDP Query User{065C6DD3-7452-4833-834E-7753CD91A89D}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x7d6jndm\\utorrent[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\x7d6jndm\utorrent[1].exe:utorrent[1].exe
"{B0BB110E-8D16-409D-B3CD-D9F82C2DE67A}"= UDP:48612:torrents
"TCP Query User{7906425B-1ABB-4D50-AB69-187833EBBEB7}f:\\brandi stuff\\azureus.exe"= Disabled:UDP:f:\brandi stuff\azureus.exe:Azureus
"UDP Query User{084FF498-82BF-4EC7-9802-68941440EA9F}f:\\brandi stuff\\azureus.exe"= Disabled:TCP:f:\brandi stuff\azureus.exe:Azureus
"TCP Query User{125C322C-F0C7-402D-B3E2-BE53CD01CD10}c:\\program files\\vuze\\azureus.exe"= Disabled:UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{47528B83-1BF2-4F7D-837F-1976E28CBCE6}c:\\program files\\vuze\\azureus.exe"= Disabled:TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{327DF652-F8D3-46AB-8082-23375F44E027}f:\\brandi stuff\\bittorrent\\bittorrent.exe"= UDP:f:\brandi stuff\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{F6BBC3F6-929F-4BA2-B6C9-286DDC56C188}f:\\brandi stuff\\bittorrent\\bittorrent.exe"= TCP:f:\brandi stuff\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"f:\\brandi stuff\\BitTorrent\\bittorrent.exe"= f:\brandi stuff\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2009-03-19 36368]
R2 VundoFixToolSrv;VundoFixTool Scanning Engine;c:\program files\VundoFixTool\VundoFixTool.srv.exe [2009-03-19 315392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" --> c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [?]
S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2009-01-12 50192]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-12 677128]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-07 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-30 19:08]

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{BA09C991-16BF-466F-8B3B-18FEBFE4616A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-20 c:\windows\Tasks\VundoFixTool Scheduled Scan.job
- c:\program files\VundoFixTool\VundoFixTool.exe [2009-03-19 08:32]

2009-03-20 c:\windows\Tasks\VundoFixTool Scheduled Scan.job
- c:\program files\VundoFixTool [2009-03-19 15:08]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1236190359&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 12:37:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-20 12:39:41
ComboFix-quarantined-files.txt 2009-03-20 17:39:39

Pre-Run: 75,906,592,768 bytes free
Post-Run: 75,995,693,056 bytes free

342 --- E O F --- 2009-03-19 20:38:08

Edited by beckylynn420, 20 March 2009 - 12:46 PM.


#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 20 March 2009 - 02:34 PM

here is the combofix log. Did you still want me to do the Malwarebytes as well? Just let me know!! There is one under the Supplementary Scan that I would like to ask you about. I have posted it in another forum but no response was shown just curious about that file cause it just does not look.....kosher. Thanks!!


If Malwarebytes' Anti-Malware will run, please update it then do a full scan. As for the supplementary scan, which entry concerns you?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 beckylynn420

beckylynn420
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Broken Arrow, Oklahoma
  • Local time:08:25 AM

Posted 20 March 2009 - 03:51 PM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000<<<<<that I actually found in my registry one day. I left it not sure of what it would do or anything. I tried the malwarebytes again. Still no go. Saved it to the desktop and get the same errors and will not allow it to access regsvr32 in C Prompt so I dunno. hhmm...what you think now?

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:25 AM

Posted 20 March 2009 - 04:03 PM

Can you give the exact text of the error? It makes a difference, and I don't want to go down the wrong path.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users