Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help--Terrible Re-direct affecting everything


  • This topic is locked This topic is locked
8 replies to this topic

#1 icantbelievethis

icantbelievethis

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 March 2009 - 12:05 AM

Please help me. Whatever this is on my system, it won't even let me install MalwareBytes application. Several other programs I've tried (AVG, Spy Search & Destroy, etc, etc, etc) have all been UNSUCCESSFUL.

Symptoms are: Redirect from various web sites to stupid ads/erroneous unwanted web sites. Slow connection to internet. INability to install Malwarebytes (also highlights any malware removal program(s) I've installed in a "pink" shade on Start Menu.

This log from HijackThis is the 2nd time I've done HijackThis. The first time was yesterday and I stupidly deleted some stuff I thought was suspicious looking (because I'm so terribly genius).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:00 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32bcmwltry.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Ati2evxx.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSCBTWlanSrv.exe
C:WINDOWSsystem32cisvc.exe
c:program fileslinksyswpc54gv3wpc54gv3.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet ExplorerIexplore.exe
C:Program FilesInternet ExplorerIexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

O4 - HKCU..Run: [ccleaner] "C:Program FilesCCleanerCCleaner.exe" /AUTO
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237786763894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237786980385
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:WINDOWSCBTWlanSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32hpzipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE

--
End of file - 2077 bytes

I should also let (whoever will be helping me) that I noted another persons post identified her symptoms as exactly what mine are. So, I also attempted to download the ComboFix. Whatever this virus is, it will not let me run/initialize this program either (in addition to malwarebytes). I attempted to re-name the extention to .com on the desktop, and it still won't run (either by direct running from web site, nor on the desktop.)

This is SOOOOOOO frustrating!

Edited by boopme, 24 March 2009 - 08:20 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:24 AM

Posted 31 March 2009 - 06:36 PM

Hello icantbelievethis,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 icantbelievethis

icantbelievethis
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 April 2009 - 01:17 AM

I am not able to use any search engines in order to get the hijackthis exe again (I uninstalled it) so I used the other one you guys suggest:

OTListIt logfile created on: 4/1/2009 11:13:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.1 Folder = C:\Documents and Settings\The Wallers\Local Settings\Temporary Internet Files\Content.IE5\Y1F92HX0
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 164.73 Mb Available Physical Memory | 32.24% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 29.44 Gb Free Space | 79.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4VTZN21
Current User Name: The Wallers
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/26 15:11:42 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2007/06/26 15:11:42 | 01,142,784 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2002/11/07 20:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/09 14:26:26 | 00,106,496 | ---- | M] () -- C:\WINDOWS\CBTWlanSrv.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/07/03 14:35:20 | 00,495,616 | ---- | M] () -- c:\program files\linksys\wpc54gv3\wpc54gv3.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2002/08/29 03:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/04/01 23:13:14 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Wallers\Local Settings\Temporary Internet Files\Content.IE5\Y1F92HX0\OTListIt2[1].exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2002/11/07 20:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/07/09 14:26:26 | 00,106,496 | ---- | M] () -- C:\WINDOWS\CBTWlanSrv.exe -- (CBTWlanSrv [Auto | Running])
SRV - [2007/03/07 16:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/10/22 11:19:22 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/06/26 15:11:42 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2002/11/07 20:31:36 | 00,539,392 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/12/17 14:52:58 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])
DRV - [2002/12/17 09:41:36 | 00,042,368 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/12/20 12:31:34 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2006/11/28 22:46:22 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\CBPSp50.sys -- (CBPSp50 [On_Demand | Running])
DRV - [2002/12/17 10:32:58 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2002/12/17 10:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/12/17 10:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2003/04/14 07:04:48 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2008/12/17 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/17 10:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2003/01/23 13:05:00 | 00,153,344 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2003/01/23 13:02:00 | 01,067,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/08/03 22:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/03 22:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2002/11/07 12:56:08 | 00,011,011 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2003/04/14 07:04:48 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 11:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2002/08/29 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/04/14 07:04:48 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2005/05/31 15:36:01 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2002/11/11 15:57:16 | 00,193,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2003/01/23 13:06:12 | 00,022,400 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys -- (StreamDispatcher [Auto | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/06/24 15:19:52 | 00,190,560 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2003/04/14 07:04:48 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 11:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2004/12/06 15:07:32 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2003/01/23 13:03:04 | 00,585,984 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2002/08/28 22:59:26 | 00,154,624 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys -- (wlluc48 [On_Demand | Stopped])
DRV - [2006/11/30 17:54:02 | 00,610,816 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS -- (WPC54Gv3 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com;
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\S-1-5-21-3194415498-1406984731-4022043585-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\..\Toolbar\WebBrowser: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO File not found
O4 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3194415498-1406984731-4022043585-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1237786763894 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1237786980385 (MUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 11:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/01 15:55:21 | 00,061,381 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\April 1.jpg
[2009/04/01 15:51:52 | 00,033,025 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\img228.jpg
[2009/04/01 15:51:42 | 00,041,549 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\img231.jpg
[2009/03/28 11:19:55 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp09.doc
[2009/03/26 13:07:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/26 10:46:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/03/23 22:51:23 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16455.exe
[2009/03/23 22:35:11 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13275.exe
[2009/03/23 22:35:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/23 11:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Application Data\Uniblue
[2009/03/23 11:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/22 21:13:59 | 00,000,556 | ---- | C] () -- C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/03/22 19:29:23 | 00,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/22 19:29:05 | 00,308,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 18:43:58 | 00,000,077 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/03/21 18:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\CyberDefender
[2009/03/21 17:50:05 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\Positions Available in Internet Marketing (Worldwide).msg
[2009/03/21 13:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\Dell
[2009/03/20 17:51:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/20 17:43:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/20 17:42:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/03/20 17:39:29 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/20 12:10:18 | 00,027,641 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\funny-126.jpg
[2009/03/16 20:15:38 | 53,587,5584 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/16 12:03:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/14 22:11:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/14 17:35:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/14 17:35:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/14 17:35:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/14 17:23:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/03/13 17:14:28 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\OliviaAKnapp.doc
[2009/03/09 14:14:00 | 00,023,390 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\OLIVIA_IDCARD.pdf
[2009/03/09 13:37:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Application Data\Apple Computer
[2009/03/09 13:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/09 13:31:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/09 13:30:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/09 13:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\Apple
[2009/03/09 13:28:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/03/09 13:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/09 13:27:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\Apple Computer
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 04:33:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/05 14:58:13 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp3.doc
[2009/03/04 20:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\Help
[2009/03/04 20:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Application Data\Help
[2009/03/04 20:57:07 | 00,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/03/04 09:27:43 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp.doc
[2009/03/03 00:10:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\The Wallers\Application Data\MSN6

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/01 22:51:28 | 00,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/01 22:49:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/01 22:49:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/04/01 22:49:41 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/01 15:57:52 | 00,184,320 | -HS- | M] () -- C:\Documents and Settings\The Wallers\Desktop\Thumbs.db
[2009/04/01 15:55:06 | 00,061,381 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\April 1.jpg
[2009/04/01 15:51:52 | 00,033,025 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\img228.jpg
[2009/04/01 15:51:43 | 00,041,549 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\img231.jpg
[2009/04/01 11:24:27 | 07,819,248 | -H-- | M] () -- C:\Documents and Settings\The Wallers\Local Settings\Application Data\IconCache.db
[2009/03/28 11:19:56 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp09.doc
[2009/03/25 03:00:00 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[2009/03/23 22:51:11 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16455.exe
[2009/03/23 22:34:57 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13275.exe
[2009/03/22 19:29:05 | 00,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/21 18:43:58 | 00,000,077 | ---- | M] () -- C:\WINDOWS\st_affiliate.ini
[2009/03/21 18:41:28 | 00,000,650 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/03/21 17:50:05 | 00,057,856 | ---- | M] () -- C:\WINDOWS\System32\Positions Available in Internet Marketing (Worldwide).msg
[2009/03/20 18:09:35 | 00,000,082 | -HS- | M] () -- C:\Documents and Settings\The Wallers\My Documents\DESKTOP.INI
[2009/03/20 12:09:36 | 00,027,641 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\funny-126.jpg
[2009/03/16 21:03:09 | 00,000,011 | ---- | M] () -- C:\WINDOWS\OSA.INI
[2009/03/14 22:15:59 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/14 17:23:08 | 00,250,048 | RHS- | M] () -- C:\NTLDR
[2009/03/13 17:14:28 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\OliviaAKnapp.doc
[2009/03/13 12:16:12 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp3.doc
[2009/03/12 13:38:28 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp1.doc
[2009/03/09 14:14:01 | 00,023,390 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\OLIVIA_IDCARD.pdf
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/03/05 14:49:16 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\The Wallers\Desktop\Olivia_Knapp.doc
< End of report >

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:24 AM

Posted 02 April 2009 - 03:28 PM

Hello,

Yuck. I sure didn't ask for that, and I don't work with that tool. :thumbup2:

Install Firefox and see if you can get to HijackThis that way : http://www.mozilla.org/products/firefox/

Do you still have ComboFix? If not try to get it again also. This time, rename it to believethis.exe and see if it will run :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

I'm giving this a shot, but since you seem to have made a mess on your own I cannot promise you anything. It would have been much easier if you had not deleted HijackThis, since we could have restored everything you had it remove with the backups it created.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 icantbelievethis

icantbelievethis
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 April 2009 - 08:29 PM

Here is the Hijackthis log. I have been told by a person on bleepingcomputer's tech team not to have multiple malware/scan tools on my system. considering my original post for help was 3/24, and I am unemployed, trying to get jobs using the internet, I was trying to be proactive. Since whatever Malware has gotten worse over the days, it continually attempts to identify and prevent anything I try to do.

It's not a question of being able to INSTALL the program (like you suggested with ComboFix), once installed, it won't RUN. This Malware seems to KNOW what kind of program it is i'm running, regardless of what it's called.

Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:03 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\The Wallers\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237786763894
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237786980385
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 2476 bytes

#6 icantbelievethis

icantbelievethis
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 April 2009 - 08:50 PM

And here is the ComboFix log. Looks like there was some yucky stuff in the system folders!

ComboFix 09-04-01.01 - The Wallers 2009-04-02 18:39:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.336 [GMT -7:00]
Running from: c:\documents and settings\The Wallers\Desktop\believethis.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\UACxfmuwyrb.sys
c:\windows\system32\UACbbwrrirf.dll
c:\windows\system32\UACbgtxylrq.log
c:\windows\system32\UAChielrlww.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkfrqoxem.dll
c:\windows\system32\UACmpjxjcxi.dll
c:\windows\system32\UACnevdkmov.dll
c:\windows\system32\UACnsiqllcn.dat
c:\windows\system32\UACpmhsntxm.log
c:\windows\system32\UACrluwutiq.log
c:\windows\system32\UACvddwqbar.db
c:\windows\system32\UACwkipkods.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-02 18:25 . 2009-04-02 18:25 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 13:07 . 2009-03-26 13:09 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-26 10:46 . 2009-03-26 10:46 <DIR> d--h----- c:\windows\PIF
2009-03-23 11:11 . 2009-03-23 11:56 <DIR> d-------- c:\documents and settings\The Wallers\Application Data\Uniblue
2009-03-23 11:11 . 2009-03-23 11:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-22 19:29 . 2009-04-02 18:39 2,148 --a------ c:\windows\SYSTEM32\wpa.dbl
2009-03-21 18:43 . 2009-03-21 18:43 77 --a------ c:\windows\st_affiliate.ini
2009-03-21 17:50 . 2009-03-21 17:50 57,856 --a------ c:\windows\SYSTEM32\Positions Available in Internet Marketing (Worldwide).msg
2009-03-21 13:18 . 2009-03-21 13:18 <DIR> d--hs---- c:\documents and settings\The Wallers\IECompatCache
2009-03-20 18:09 . 2009-03-20 18:09 <DIR> d--hs---- c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache
2009-03-20 18:09 . 2009-03-20 18:09 <DIR> d--hs---- c:\documents and settings\The Wallers\PrivacIE
2009-03-20 18:09 . 2009-03-20 18:09 <DIR> d--hs---- c:\documents and settings\The Wallers\IETldCache
2009-03-20 17:51 . 2009-03-20 17:51 <DIR> d-------- c:\windows\ie8updates
2009-03-20 17:43 . 2009-03-20 17:49 <DIR> d--h-c--- c:\windows\ie8
2009-03-20 17:42 . 2009-03-20 17:51 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-20 17:39 . 2009-02-27 21:55 105,984 --------- c:\windows\SYSTEM32\DLLCACHE\iecompat.dll
2009-03-14 17:35 . 2009-03-14 17:35 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-03-14 17:35 . 2009-03-14 17:35 <DIR> d-------- c:\windows\SYSTEM32\en
2009-03-14 17:35 . 2009-03-14 17:35 <DIR> d-------- c:\windows\l2schemas
2009-03-14 17:00 . 2009-03-20 17:17 1,896,749 --a------ c:\windows\SYSTEM32\uactmp.db
2009-03-09 13:37 . 2009-03-09 13:37 <DIR> d-------- c:\documents and settings\The Wallers\Application Data\Apple Computer
2009-03-09 13:33 . 2009-03-22 20:53 <DIR> d-------- c:\program files\Bonjour
2009-03-09 13:31 . 2009-03-09 13:33 <DIR> d-------- c:\program files\QuickTime
2009-03-09 13:30 . 2009-03-26 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 13:28 . 2009-03-21 19:06 <DIR> d----c--- c:\windows\SYSTEM32\DRVSTORE
2009-03-09 13:27 . 2009-03-09 13:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\SYSTEM32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\SYSTEM32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\SYSTEM32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\SYSTEM32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\SYSTEM32\DLLCACHE\corpol.dll
2009-03-04 20:57 . 2009-03-16 21:03 11 --a------ c:\windows\OSA.INI
2009-03-04 20:56 . 2009-03-04 20:56 <DIR> d-------- c:\documents and settings\The Wallers\WINDOWS
2009-03-03 00:10 . 2009-03-12 20:13 <DIR> d-------- c:\documents and settings\The Wallers\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 18:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 18:53 --------- d-----w c:\program files\InterVideo
2009-03-23 16:38 --------- d-----w c:\program files\Logitech
2009-03-19 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-19 04:35 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-08 21:09 638,816 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-03-08 21:09 391,536 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
2009-03-08 11:41 5,937,152 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-03-08 11:39 11,063,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\SYSTEM32\licmgr10.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
2009-03-08 11:34 236,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
2009-03-08 11:34 193,536 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
2009-03-08 11:34 109,568 ----a-w c:\windows\SYSTEM32\DLLCACHE\occache.dll
2009-03-08 11:34 105,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll
2009-03-08 11:34 1,206,784 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-03-08 11:33 759,296 ----a-w c:\windows\SYSTEM32\DLLCACHE\VGX.dll
2009-03-08 11:33 726,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\SYSTEM32\vbscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
2009-03-08 11:33 25,600 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
2009-03-08 11:33 229,376 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\SYSTEM32\corpol.dll
2009-03-08 11:33 125,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
2009-03-08 11:32 94,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\SYSTEM32\DLLCACHE\admparse.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\SYSTEM32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\SYSTEM32\iesetup.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
2009-03-08 11:32 611,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
2009-03-08 11:32 594,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-03-08 11:32 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
2009-03-08 11:32 173,056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-03-08 11:32 163,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-03-08 11:32 128,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
2009-03-08 11:32 1,985,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-03-08 11:24 68,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
2009-03-08 11:11 445,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-03-01 21:41 --------- d-----w c:\program files\Common Files\Logitech
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-08 01:21 26,144 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
2009-01-08 01:20 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
2009-01-08 01:20 265,720 ----a-w c:\windows\SYSTEM32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\SYSTEM32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\SYSTEM32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\SYSTEM32\normaliz.dll
2009-01-08 01:20 134,144 ------w c:\windows\SYSTEM32\DLLCACHE\sqmapi.dll
2009-01-08 01:20 1,497,088 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-01-08 01:20 1,022,976 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2008-12-20 106496]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\CBPSp50.sys [2008-12-20 27072]
R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [2008-12-20 610816]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-03-25 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 18:43:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
Completion time: 2009-04-02 18:47:32
ComboFix-quarantined-files.txt 2009-04-03 01:46:14

Pre-Run: 31,507,587,072 bytes free
Post-Run: 31,890,243,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

183 --- E O F --- 2009-03-23 08:29:48

#7 icantbelievethis

icantbelievethis
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 April 2009 - 08:53 PM

COMBOFIX WORKED! I CANT BELIEVE IT ACTUALLY RAN AND WORKED

I LOVE YOU GUYS!


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:24 AM

Posted 02 April 2009 - 09:05 PM

He he....we're not without our tricks against the bad guys! :step1: :step4:

It was a nasty rootkit that was causing all the problems. :) How is it running now please? Try MBAM again now, I'm betting it will work, and post the report in your reply. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:24 AM

Posted 12 April 2009 - 05:36 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users