Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to the internet


  • This topic is locked This topic is locked
10 replies to this topic

#1 borntobegreat

borntobegreat

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 20 March 2009 - 10:17 PM

I have problem to connect to the internet. Few days ago, my computer was infected by trojan and always auto-restart after a few minutes when I connected to the internet. After I disable the internet connection, auto-restart did not happened again, but error message always appear in the beginning.

then, i run SDFix and Malwarebytes anti-Malware and show few files has been deleted. I tried to connect to the internet again but it just show limited and no connectivity.

----------------------Log from HijackThis----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:04 AM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\M-Life\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\M-Life\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-789336058-1326574676-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdel...zylomplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11949 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:12 PM

Posted 29 March 2009 - 08:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 borntobegreat

borntobegreat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 29 March 2009 - 11:47 PM

thanks for the reply.

my problem start when i downloaded some sort of documents. At that time, my anti virus has already expired for 3 days.
After i click to the file, my computer turn blue and auto-restart afterward. I try to turn on the computer again, but i failed. The desktop only remain less than 2 minutes..

i have take several step to overcome this situation
1. i run SDfix
- my computer can be turn on after that. But, the problem now is I must not connect to the internet to maintain my desktop. If I connect to the internet, my computer will auto-restart again.

2. I run Malwarebytes` anti-malware
- It have shown that several virus was moved and deleted.

Now, it can connect to the internet but I cannot use internet browser like Mozilla Firefox and Internet Explorer.
But, it not all the time I can access to the internet. by now, I try to connect to the internet, it just shown limited or no connectivity.

hope you guys can help me to solve this problem.

------------------Log from DDS---------------------------

DDS (Ver_09-03-16.01) - NTFSx86
Run by M-Life at 12:29:27.15 on Mon 03/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.422 [GMT 8:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated)
FW: ESET Personal firewall *enabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\M-Life\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\M-Life\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {c333cf63-767f-4831-94ac-e683d962c63c} - CoTGT_BHO Class
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\documents and settings\m-life\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\m-life\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\m-life\applic~1\mozilla\firefox\profiles\uc1ly49p.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\m-life\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\m-life\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-8-24 127768]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-12-30 941784]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-24 394952]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-8-30 180480]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-8-30 634880]
S0 ati0dnxx;ati0dnxx;c:\windows\system32\drivers\ati0dnxx.sys --> c:\windows\system32\drivers\ati0dnxx.sys [?]
S0 ati0eyxx;ati0eyxx;c:\windows\system32\drivers\ati0eyxx.sys --> c:\windows\system32\drivers\ati0eyxx.sys [?]
S0 ati1dnxx;ati1dnxx;c:\windows\system32\drivers\ati1dnxx.sys --> c:\windows\system32\drivers\ati1dnxx.sys [?]
S0 ati1ffxx;ati1ffxx;c:\windows\system32\drivers\ati1ffxx.sys --> c:\windows\system32\drivers\ati1ffxx.sys [?]
S0 ati1rwxx;ati1rwxx;c:\windows\system32\drivers\ati1rwxx.sys --> c:\windows\system32\drivers\ati1rwxx.sys [?]
S0 ati1vgxx;ati1vgxx;c:\windows\system32\drivers\ati1vgxx.sys --> c:\windows\system32\drivers\ati1vgxx.sys [?]
S0 ati2qbxx;ati2qbxx;c:\windows\system32\drivers\ati2qbxx.sys --> c:\windows\system32\drivers\ati2qbxx.sys [?]
S0 ati6rrxx;ati6rrxx;c:\windows\system32\drivers\ati6rrxx.sys --> c:\windows\system32\drivers\ati6rrxx.sys [?]
S0 ati8gqxx;ati8gqxx;c:\windows\system32\drivers\ati8gqxx.sys --> c:\windows\system32\drivers\ati8gqxx.sys [?]
S0 ati8lkxx;ati8lkxx;c:\windows\system32\drivers\ati8lkxx.sys --> c:\windows\system32\drivers\ati8lkxx.sys [?]
S0 ati8qbxx;ati8qbxx;c:\windows\system32\drivers\ati8qbxx.sys --> c:\windows\system32\drivers\ati8qbxx.sys [?]
S0 ati8sdxx;ati8sdxx;c:\windows\system32\drivers\ati8sdxx.sys --> c:\windows\system32\drivers\ati8sdxx.sys [?]
S0 ati8vqxx;ati8vqxx;c:\windows\system32\drivers\ati8vqxx.sys --> c:\windows\system32\drivers\ati8vqxx.sys [?]
S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
S3 ati5bvxx;ati5bvxx;\??\c:\windows\system32\drivers\ati5bvxx.sys --> c:\windows\system32\drivers\ati5bvxx.sys [?]
S3 ati7hcxx;ati7hcxx;\??\c:\windows\system32\drivers\ati7hcxx.sys --> c:\windows\system32\drivers\ati7hcxx.sys [?]
S3 FNDRV;FNDRV;\??\g:\driver collectionz\m-life\fndrv.sys --> g:\driver collectionz\m-life\fndrv.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2008-5-23 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2008-9-21 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2008-9-21 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2008-10-5 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2008-10-5 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2008-10-5 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2008-10-5 90800]

=============== Created Last 30 ================

2009-03-21 10:35 180,736 a------- c:\windows\SWREG.exe
2009-03-21 10:35 117,248 a------- c:\windows\sed.exe
2009-03-21 09:01 <DIR> --d----- c:\program files\Trend Micro
2009-03-21 00:31 <DIR> --d----- c:\docume~1\m-life\applic~1\Malwarebytes
2009-03-21 00:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 00:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 00:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-21 00:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 00:01 63 a------- c:\windows\system\SysSD.dll
2009-03-21 00:01 <DIR> --d----- c:\program files\SpywareDetector
2009-03-20 22:11 <DIR> --d----- c:\windows\ERUNT
2009-03-20 21:55 <DIR> --d----- c:\docume~1\m-life\applic~1\GetRightToGo
2009-03-20 21:54 <DIR> --d----- C:\SDFix
2009-03-19 15:32 28,341 a------- c:\windows\system32\4D.tmp
2009-03-19 15:32 124 a------- c:\windows\system32\4B.tmp
2009-03-19 08:04 156 a------- c:\windows\Twunk001.MTX
2009-03-19 08:04 5 a------- c:\windows\Twain001.Mtx
2009-03-19 08:04 0 a------- c:\windows\Twunk002.MTX
2009-03-19 08:01 <DIR> --d----- c:\program files\Bonjour
2009-03-19 07:49 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-03-19 06:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-03-19 06:50 <DIR> --d----- c:\program files\GlobalSCAPE
2009-03-19 06:50 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2009-03-30 12:29 193,171,488 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-30 12:06 20 a------- C:\sccfg.sys
2009-03-29 18:54 2,253,944 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-09 18:19 1,846,272 a------- c:\windows\system32\win32k.sys
2007-10-19 11:19 76 a---h--- c:\program files\Desktop.ini
2006-10-12 11:09 94,208 ---sh--- c:\windows\system32\SalaatTime.dll

============= FINISH: 12:30:14.81 ===============

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:12 PM

Posted 30 March 2009 - 02:41 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Also can you update Malwarebytes' Anti-Malware and run a scan, and then post both the new log and the last log that removed malware?

Download WinSockFix from here or here.

Backing up the Registry

1. Double click on WinsockXPFix.exe to open.
2. On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
3. On the ERDNT Welcome screen, click "OK".
4. On the Backup to: screen, click "OK".
5. On the Folder does not exist question screen click "Yes".
6. You will see a status screen as your registry is being backed up.
7. On the Registry backup is complete! screen, click "OK" and you will go back to the main window.

Resetting the Winsock Stack

1. On the Winsock and TCP Repair Utility screen, click "Fix".
2. On the Apply the VB_Winsock fix? screen click "Yes".
3. The screen will display a status message "repair completed please reboot."
4. On the Repair Completed screen click "OK" to reboot your computer.
5. If your computer was not using DHCP, you will need to reconfigure TCP/IP.
6. You should have connectivity restored.

Winsock Repair Tutorial| Tutorial with graphics

Check your internet connection and let me know if it is fixed or still has limited connection.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 borntobegreat

borntobegreat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 30 March 2009 - 11:11 PM

I have done all steps that you mentioned before.
But still, it shown limited connectivity.
I cannot update MBAM.
this is log from MBAM after it remove some malware

--------------log from Malwarebytes`------------------------

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

3/21/2009 2:31:22 AM
mbam-log-2009-03-21 (02-31-22).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 216224
Time elapsed: 1 hour(s), 12 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 69
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xprepairpro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\M-Life\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


and this is the new one.

-----------------------log from malwarebytes`----------------------

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

3/31/2009 10:44:39 AM
mbam-log-2009-03-31 (10-44-39).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 208511
Time elapsed: 1 hour(s), 0 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:12 PM

Posted 30 March 2009 - 11:33 PM

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 borntobegreat

borntobegreat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 31 March 2009 - 02:10 AM

---------------log from ComboFix----------

ComboFix 09-03-30.02 - M-Life 2009-03-31 15:00:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.456 [GMT 8:00]
Running from: c:\documents and settings\M-Life\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated)
FW: ESET Personal firewall *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-31 10:49 . 2009-03-31 10:50 <DIR> d-------- C:\ERDNT
2009-03-31 09:13 . 2009-03-31 09:13 <DIR> d-------- c:\program files\CCleaner
2009-03-21 09:01 . 2009-03-21 09:01 <DIR> d-------- c:\program files\Trend Micro
2009-03-21 00:31 . 2009-03-21 00:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 00:31 . 2009-03-21 00:31 <DIR> d-------- c:\documents and settings\M-Life\Application Data\Malwarebytes
2009-03-21 00:31 . 2009-03-21 00:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 00:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 00:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-21 00:01 . 2009-03-21 10:33 <DIR> d-------- c:\program files\SpywareDetector
2009-03-21 00:01 . 2009-03-21 09:32 63 --a------ c:\windows\system\SysSD.dll
2009-03-20 22:11 . 2009-03-20 22:12 <DIR> d-------- c:\windows\ERUNT
2009-03-20 22:07 . 2009-03-20 22:07 <DIR> d-------- c:\documents and settings\Administrator
2009-03-20 21:55 . 2009-03-20 22:01 <DIR> d-------- c:\documents and settings\M-Life\Application Data\GetRightToGo
2009-03-20 21:54 . 2009-03-20 23:46 <DIR> d-------- C:\SDFix
2009-03-19 15:32 . 2009-03-19 15:32 28,341 --a------ c:\windows\system32\4D.tmp
2009-03-19 15:32 . 2009-03-19 15:32 124 --a------ c:\windows\system32\4B.tmp
2009-03-19 08:11 . 2009-03-19 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-19 08:04 . 2009-03-31 14:57 156 --a------ c:\windows\Twunk001.MTX
2009-03-19 08:04 . 2009-03-31 14:57 5 --a------ c:\windows\Twain001.Mtx
2009-03-19 08:04 . 2009-03-19 08:04 0 --a------ c:\windows\Twunk002.MTX
2009-03-19 08:01 . 2009-03-19 08:01 <DIR> d-------- c:\program files\Bonjour
2009-03-19 07:49 . 2009-03-19 07:49 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-19 06:52 . 2009-03-19 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-03-19 06:50 . 2009-03-19 06:50 <DIR> d-------- c:\program files\GlobalSCAPE
2009-03-19 06:50 . 2009-03-19 06:50 <DIR> d-------- c:\program files\AskBarDis
2009-03-19 06:50 . 2009-03-19 06:50 <DIR> d-------- c:\documents and settings\M-Life\Application Data\GlobalSCAPE
2009-02-18 09:24 . 2009-02-18 09:24 <DIR> dr------- c:\documents and settings\M-Life\Application Data\Brother
2009-02-06 10:33 . 2009-02-06 10:35 <DIR> d-------- c:\program files\Internet Download Manager
2009-02-06 10:33 . 2009-02-16 09:49 <DIR> d-------- c:\documents and settings\M-Life\Application Data\IDM
2009-02-02 09:53 . 2009-02-02 09:53 471 --a------ c:\windows\Q9Opt.ini
2009-02-02 09:50 . 2009-02-02 09:50 <DIR> d-------- c:\program files\Harf
2009-02-02 09:50 . 2001-10-24 18:33 139,264 --a------ c:\windows\system32\HQP_BLIB.dll
2009-02-02 09:50 . 2002-01-30 17:27 139,264 --a------ c:\windows\system32\BINLIB04.DLL
2009-02-02 09:50 . 2002-05-23 21:39 135,236 --a------ c:\windows\system32\TextDB04.dll
2009-02-02 09:50 . 2000-02-29 18:58 14,848 --a------ c:\windows\system32\FONT.DLL
2009-02-02 09:49 . 1998-04-06 20:02 129,536 --a------ c:\windows\system32\l3codecx.acm
2009-02-02 09:49 . 1997-07-15 13:53 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-02-02 09:49 . 1997-07-15 13:53 2,272 --a------ c:\windows\system32\w95inf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 07:02 195,328,032 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-31 07:02 --------- d-----w c:\documents and settings\M-Life\Application Data\DMCache
2009-03-31 07:00 20 ----a-w C:\sccfg.sys
2009-03-31 06:39 2,290,280 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-21 01:51 --------- d-----w c:\documents and settings\M-Life\Application Data\VMNTOOLBAR
2009-03-20 17:01 54,272 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-03-20 15:59 --------- d-----w c:\program files\a-squared Anti-Malware
2009-03-20 13:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 05:05 35,840 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-03-20 05:05 1,754,112 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-03-20 04:53 26,112 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-03-20 04:53 1,753,088 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-03-20 04:51 38,912 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-03-19 07:41 31,232 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-19 07:41 1,751,040 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-03-19 07:34 42,496 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-03-19 05:10 1,748,992 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-03-19 05:10 1,745,408 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-03-19 00:05 --------- d-----w c:\documents and settings\M-Life\Application Data\Azureus
2009-03-19 00:01 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 22:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 22:43 --------- d-----w c:\program files\Gpotato
2009-03-18 22:36 --------- d-----w c:\program files\Peggle Deluxe
2009-03-18 22:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-18 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-12 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-04 09:03 1,706,496 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-17 05:55 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-04 06:12 1,051,136 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-01-24 08:37 2,807,396 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-13 23:53 2,490,368 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-01-13 23:53 1,601,024 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-12-17 11:03 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
2008-12-04 14:59 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-10-19 03:19 76 ---ha-w c:\program files\Desktop.ini
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.

------- Sigcheck -------

2004-08-04 08:56 32768 bbfe55cfcebf46c2ff42ef5d543a1f42 c:\windows\system32\svchost.exe
2004-08-04 08:56 33280 94069a24f6885e215b3b56996a189f88 c:\windows\system32\dllcache\svchost.exe

2007-06-13 18:23 1051648 dde04ab6abbc227002d054d700910610 c:\windows\explorer.exe
2007-06-13 19:26 1051648 9570e6c0f9141ba1c4b7dc95bd896b2c c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 18:23 1051648 e25a6df24bf0d4126f055fdd956d60b9 c:\windows\system32\dllcache\explorer.exe

2004-08-04 08:56 34304 2bb43ea67f0517aec29943bc3468170c c:\windows\system32\ctfmon.exe
2004-08-04 08:56 33792 77ca79f67231b585e4fd3f4c6cbebf53 c:\windows\system32\dllcache\ctfmon.exe

2005-06-11 08:17 76288 fd7f9103142348d3142ca764ebc94fda c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 07:53 76800 4dcbc28932c55ee3b16aba76630f910d c:\windows\system32\spoolsv.exe
2005-06-11 07:53 76800 7077d5cfe08b5ad8b186e1345edbc255 c:\windows\system32\dllcache\spoolsv.exe

2004-08-04 08:56 43008 52243e6750f08f50c558df7da2f4a0a5 c:\windows\system32\userinit.exe
2004-08-04 08:56 43520 3528ade4d840ca794bdb1154bc9729fe c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-21_10.40.00.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-21 01:04:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-31 06:54:38 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-21 01:04:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-31 06:54:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-21 01:04:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 06:54:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 06:54:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
- 2000-08-31 00:00:00 86,528 ----a-w c:\windows\zip.exe
+ 2000-08-31 00:00:00 87,040 ----a-w c:\windows\zip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 159744]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1712640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 34304]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-08 3342336]
"Google Update"="c:\documents and settings\M-Life\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-06 2745776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 651264]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-01-23 745472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 176128]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 289792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-23 176128]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 614400]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-18 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3760128]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1110016]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1261568]

c:\documents and settings\M-Life\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-11 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0dnxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0eyxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1dnxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1ffxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1rwxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1vgxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2qbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5bvxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6rrxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7hcxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8gqxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8lkxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8qbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8sdxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vqxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-12-30 941784]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-08-30 634880]
S0 ati0dnxx;ati0dnxx;c:\windows\system32\Drivers\ati0dnxx.sys --> c:\windows\system32\Drivers\ati0dnxx.sys [?]
S0 ati0eyxx;ati0eyxx;c:\windows\system32\Drivers\ati0eyxx.sys --> c:\windows\system32\Drivers\ati0eyxx.sys [?]
S0 ati1dnxx;ati1dnxx;c:\windows\system32\Drivers\ati1dnxx.sys --> c:\windows\system32\Drivers\ati1dnxx.sys [?]
S0 ati1ffxx;ati1ffxx;c:\windows\system32\Drivers\ati1ffxx.sys --> c:\windows\system32\Drivers\ati1ffxx.sys [?]
S0 ati1rwxx;ati1rwxx;c:\windows\system32\Drivers\ati1rwxx.sys --> c:\windows\system32\Drivers\ati1rwxx.sys [?]
S0 ati1vgxx;ati1vgxx;c:\windows\system32\Drivers\ati1vgxx.sys --> c:\windows\system32\Drivers\ati1vgxx.sys [?]
S0 ati2qbxx;ati2qbxx;c:\windows\system32\Drivers\ati2qbxx.sys --> c:\windows\system32\Drivers\ati2qbxx.sys [?]
S0 ati6rrxx;ati6rrxx;c:\windows\system32\Drivers\ati6rrxx.sys --> c:\windows\system32\Drivers\ati6rrxx.sys [?]
S0 ati8gqxx;ati8gqxx;c:\windows\system32\Drivers\ati8gqxx.sys --> c:\windows\system32\Drivers\ati8gqxx.sys [?]
S0 ati8lkxx;ati8lkxx;c:\windows\system32\Drivers\ati8lkxx.sys --> c:\windows\system32\Drivers\ati8lkxx.sys [?]
S0 ati8qbxx;ati8qbxx;c:\windows\system32\Drivers\ati8qbxx.sys --> c:\windows\system32\Drivers\ati8qbxx.sys [?]
S0 ati8sdxx;ati8sdxx;c:\windows\system32\Drivers\ati8sdxx.sys --> c:\windows\system32\Drivers\ati8sdxx.sys [?]
S0 ati8vqxx;ati8vqxx;c:\windows\system32\Drivers\ati8vqxx.sys --> c:\windows\system32\Drivers\ati8vqxx.sys [?]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S3 ati5bvxx;ati5bvxx;\??\c:\windows\System32\drivers\ati5bvxx.sys --> c:\windows\System32\drivers\ati5bvxx.sys [?]
S3 ati7hcxx;ati7hcxx;\??\c:\windows\System32\drivers\ati7hcxx.sys --> c:\windows\System32\drivers\ati7hcxx.sys [?]
S3 FNDRV;FNDRV;\??\g:\driver collectionz\M-Life\fndrv.sys --> g:\driver collectionz\M-Life\fndrv.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-08-30 180480]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2008-05-23 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2008-09-21 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2008-09-21 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2008-10-05 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2008-10-05 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2008-10-05 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2008-10-05 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52300495-8d1d-11dc-b5cd-0015af1f5bfb}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - ntdelect.com
\Shell\open\Command - ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59cd69e8-eabd-11dc-b695-0015af1f5bfb}]
\Shell\AutoRun\command - g:\system\Security\DriveGuard.exe -run
\Shell\Explore\Command - g:\system\Security\DriveGuard.exe -run
\Shell\Open\Command - g:\system\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d27f8e6-6ef3-11dc-b55c-0015af1f5bfb}]
\Shell\AutoRun\command - F:\SSCVIHOST.exe
\Shell\Open\command - F:\SSCVIHOST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eeaa02a-5278-11dd-b719-0015af1f5bfb}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8a7b678-c356-11dc-b662-0015af1f5bfb}]
\Shell\AutoRun\command - G:\photos.zip.exe %1
\Shell\Explore\command - G:\photos.zip.exe %1
\Shell\Open\command - G:\photos.zip.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4bdaa85-8c38-11dc-b5cb-0015af1f5bfb}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WScriptDef.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d466ac94-6289-11dc-b51e-0015af1f5bfb}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pet32.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]

2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1326574676-682003330-1003.job
- c:\documents and settings\M-Life\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\M-Life\Application Data\Mozilla\Firefox\Profiles\uc1ly49p.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\M-Life\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\M-Life\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 15:02:40
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A1570EA4-6E99-19D9-0C6F-F86D5F598FCE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oamcejidcgpgmmhfgeogelodoejflg"=hex:61,69,6f,6b,6c,63,61,69,64,61,6b,65,6c,63,
6a,6b,67,6b,64,66,64,62,64,61,68,6c,68,70,62,62,6e,68,68,63,61,6f,70,68,6c,\
"iapbohaacgcdijbnpl"=hex:6b,61,64,6c,69,67,70,61,70,64,6a,68,67,64,61,68,70,6e,
65,63,67,67,00,00
"hajcaljmbckknagj"=hex:6b,61,64,6c,69,67,70,61,70,64,6a,68,67,64,61,68,70,6e,
65,63,67,67,00,00
.
Completion time: 2009-03-31 15:04:31
ComboFix-quarantined-files.txt 2009-03-31 07:04:28
ComboFix2.txt 2009-03-21 02:41:19

Pre-Run: 35,904,970,752 bytes free
Post-Run: 35,886,612,480 bytes free

350 --- E O F --- 2009-03-12 22:21:24

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:12 PM

Posted 31 March 2009 - 11:35 AM

How are you connected to the internet? Do you have a router?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 borntobegreat

borntobegreat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 31 March 2009 - 04:46 PM

yes, i have router and using wireless connection.

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:12 PM

Posted 31 March 2009 - 06:16 PM

Have you tried rebooting the computer and the router at the same time?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:12 PM

Posted 11 April 2009 - 01:04 AM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users