Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 das212

das212

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 12 March 2009 - 04:00 PM

tried adaware malwarebytes... still have it... here is the log hope i dont have to scrub the drive


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/25/2008 6:50:44 PM
System Uptime: 3/12/2009 1:47:00 PM (2 hours ago)

Motherboard: Intel Corporation | | D945GCZ
Processor: Intel® Pentium® D CPU 2.80GHz | | 2799/200mhz
Processor: Intel® Pentium® D CPU 2.80GHz | | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 189.564 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.48 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_5049107B&REV_01\3&61AAA01&1&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_5049107B&REV_01\3&61AAA01&1&D8
Service: HDAudBus

==== System Restore Points ===================

RP94: 12/14/2008 8:40:27 AM - Software Distribution Service 3.0
RP95: 12/15/2008 8:33:03 PM -
RP96: 12/15/2008 8:33:23 PM - Shockwave Player
RP97: 12/15/2008 8:33:45 PM - Shockwave Player
RP98: 12/17/2008 1:03:58 AM - Installed Windows XP WIC.
RP99: 12/17/2008 3:08:02 PM - Software Distribution Service 3.0
RP100: 12/18/2008 5:03:04 AM - Installed TaxCut Basic + Efile 2008.
RP101: 12/22/2008 8:40:44 PM - Installed DirectX
RP102: 12/30/2008 7:18:51 AM - System Checkpoint
RP103: 12/31/2008 10:43:02 AM - System Checkpoint
RP104: 1/1/2009 3:40:24 PM - System Checkpoint
RP105: 1/2/2009 4:05:51 PM - System Checkpoint
RP106: 1/3/2009 4:20:37 PM - System Checkpoint
RP107: 1/4/2009 4:39:50 PM - System Checkpoint
RP108: 1/6/2009 7:09:09 PM - System Checkpoint
RP109: 1/9/2009 12:14:01 PM - System Checkpoint
RP110: 1/13/2009 9:44:16 PM - Software Distribution Service 3.0
RP111: 1/16/2009 6:34:12 AM - Removed Ad-Aware
RP112: 1/16/2009 6:38:49 AM - Installed Ad-Aware
RP113: 1/16/2009 6:53:04 AM - Uninstall "GoogleToolbarNotifier"
RP114: 1/16/2009 6:53:18 AM - Removed MSXML 4.0 SP2 and SOAP Toolkit 3.0.
RP115: 1/16/2009 6:54:33 AM - Move file to quarantine: PrismXL Service
RP116: 1/16/2009 10:22:22 AM - Printer Driver PDF995 Printer Driver Installed
RP117: 1/17/2009 9:23:34 PM - System Checkpoint
RP118: 1/19/2009 6:30:21 AM - System Checkpoint
RP119: 1/22/2009 1:03:52 PM - System Checkpoint
RP120: 1/23/2009 7:41:36 PM - System Checkpoint
RP121: 1/24/2009 12:20:35 PM - Installed Microsoft Office PowerPoint Viewer 2007 (English)
RP122: 1/25/2009 12:26:10 PM - System Checkpoint
RP123: 1/27/2009 4:51:37 AM - System Checkpoint
RP124: 1/28/2009 4:55:08 AM - System Checkpoint
RP125: 1/29/2009 9:53:52 PM - System Checkpoint
RP126: 1/31/2009 2:46:13 PM - System Checkpoint
RP127: 1/31/2009 3:52:59 PM - Ad-Aware Checkpoint
RP128: 2/1/2009 10:20:11 AM - Installed Opera 9.63
RP129: 2/2/2009 6:21:44 PM - System Checkpoint
RP130: 2/5/2009 6:33:06 AM - System Checkpoint
RP131: 2/7/2009 7:07:33 PM - System Checkpoint
RP132: 2/9/2009 3:38:31 PM - System Checkpoint
RP133: 2/10/2009 5:19:22 PM - System Checkpoint
RP134: 2/11/2009 5:04:44 AM - Software Distribution Service 3.0
RP135: 2/12/2009 6:35:06 PM - System Checkpoint
RP136: 2/13/2009 6:52:53 PM - System Checkpoint
RP137: 2/16/2009 5:27:26 PM - System Checkpoint
RP138: 2/18/2009 9:40:38 AM - System Checkpoint
RP139: 2/19/2009 4:37:40 PM - System Checkpoint
RP140: 2/21/2009 6:32:57 AM - System Checkpoint
RP141: 2/22/2009 6:13:40 PM - System Checkpoint
RP142: 2/23/2009 6:31:38 PM - System Checkpoint
RP143: 2/24/2009 10:48:43 AM - Installed Lovely Cats Screensaver
RP144: 2/25/2009 12:03:06 PM - Software Distribution Service 3.0
RP145: 2/26/2009 12:07:32 PM - System Checkpoint
RP146: 3/1/2009 6:48:16 PM - System Checkpoint
RP147: 3/6/2009 6:23:03 PM - System Checkpoint
RP148: 3/8/2009 5:46:07 AM - System Checkpoint
RP149: 3/8/2009 9:55:53 PM - Removed Opera 9.63
RP150: 3/8/2009 9:56:04 PM - Installed Opera 9.64
RP151: 3/10/2009 3:27:06 PM - System Checkpoint
RP152: 3/11/2009 10:25:42 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player
AiO_Scan_CDA
Allied Intent Xtended 2.0
Allume BoostXP 2.0.0.61
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
AtomicCleaner
AusLogics Disk Defrag
Battlefield 2™
Bonjour
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
Combat Arms
Desktop Smiley Toolbar
Digital Media Reader
GameSpy Arcade
Glary Utilities 2.7.268
Google Earth
Google Updater
HD Tune 2.55
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Product Detection
HP PSC & OfficeJet 6.1.A
IE7Pro
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Lovely Cats Screensaver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Close Combat: A Bridge Too Far
Microsoft Digital Image Library 9 - Blocker
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
Norton AntiVirus
Opera 9.64
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QFolder
QuickTime
RealPlayer
Scan
Security Task Manager 1.7g
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skype™ 3.8
SoftV92 Data Fax Modem with SmartCP
Sound Blaster PCI
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
TaxCut Basic + Efile 2008
TeamSpeak 2 RC2
TuneXP 1.5
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Suggest Add-on for IE7
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/6/2009 11:20:44 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
3/12/2009 7:03:24 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2009 8:14:00 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/12/2009 8:19:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
3/12/2009 12:24:32 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 15:52:29.23 on Thu 03/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3069.2181 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Desktop Smiley Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\desktop smiley toolbar\3.9.1.9350\stb0.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://xiah.gamescampus.com/luncher/GamesCampus.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-30 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-3 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-3 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSXpx86.sys [2009-3-11 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-3 115560]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-12-6 1086840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-12 38496]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090312.019\NAVENG.SYS [2009-3-12 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090312.019\NAVEX15.SYS [2009-3-12 876144]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

=============== Created Last 30 ================

2009-03-12 15:05 <DIR> --d----- c:\program files\Atomic-Ware Suite
2009-03-12 14:44 116 a------- c:\windows\wininit.ini
2009-03-12 14:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-12 14:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-12 14:13 <DIR> --d----- c:\program files\Trend Micro™ Internet Security
2009-03-12 14:09 <DIR> --d----- c:\program files\Trend Micro
2009-03-12 14:01 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-12 14:00 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-12 09:16 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-12 08:57 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-12 08:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-12 08:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 08:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-07 02:27 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{017115B5-2F29-4ECD-8FD6-329F9F107B86}
2009-03-02 04:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{727D9E73-BC93-41C6-BC38-904E75D6B879}
2009-02-24 11:49 129,536 a------- c:\windows\system32\IJL15.dll
2009-02-24 11:48 2,430,057 a------- c:\windows\system32\lovely_cats.scr
2009-02-24 11:45 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{1A83F0A0-C28C-4871-81E5-44A53F7389E8}

==================== Find3M ====================

2009-03-12 07:36 59,904 a------- c:\windows\system32\userinit.exe
2009-03-09 15:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-07 01:54 140,216 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-07 01:54 201,352 a------- c:\windows\system32\PnkBstrB.exe
2009-03-03 10:58 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 10:58 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-03 10:58 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 10:58 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-27 06:02 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-30 16:20 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-17 21:16 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-01-16 14:45 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-01-16 11:22 249,856 a------- c:\windows\system32\pdfmona.dll
2009-01-16 11:22 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-01-14 02:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 00:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-13 23:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-13 23:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-13 23:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-13 23:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-13 23:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-13 23:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-13 23:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-13 23:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-13 23:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-13 23:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-13 23:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-13 23:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-13 22:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 22:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 22:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 22:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 22:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-13 22:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 22:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 22:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-01-13 21:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 21:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 21:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-04-01 13:24 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-01-23 01:38 32 a----r-- c:\documents and settings\all users\hash.dat
2008-05-12 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 15:53:59.01 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:39 PM

Posted 24 March 2009 - 03:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 das212

das212
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 24 March 2009 - 03:48 PM

i went ahead and reformatted... seems noone was able to help me clean it.. thanks for replying..

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:39 PM

Posted 24 March 2009 - 03:50 PM

Thanks for informing us.
Sorry you had to do such.
But we get inundated some days.
Good luck

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users