Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to get on internet after being infected with Win32 Agent.ODG


  • This topic is locked This topic is locked
24 replies to this topic

#1 realhiphop

realhiphop

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 01 April 2009 - 08:05 PM

I recently found that I have/had the Win32 Agent.ODG virus. At first, I was unable to run MalwareBytes, or Spyboy Search and Destroy. This virus also disabled my internet connection. ESET would notice the file, but was unable to remove.

Last night I ran GMER, which seems to have recognized and removed the Malware. I was able to run Malwarebytes and Spybot Search and Destroy. Both applications stated that I no longer had Malware on my computer. ESET also didn’t find any viruses on my system.

I started my computer up this morning, and my DLink wireless connection never loaded up. My Firewall and automatic updates were also disabled. When I went to the control panel, it wouldn’t allow me to enable my firewall or ICS. The Device Manager also showed a yellow exclamation point next to my wireless card.

There are obviously remnants from the virus. How do you guys recommend I proceed with fixing my PC?

I've attached my Hijack This Log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:43 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Jonathan\Application Data\U3\0000060507026259\LaunchPad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {C2BA40A2-74F3-42BD-F434-2604812C8954} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\seleziga.dll c:\windows\system32\vuzejofu.dll
O20 - Winlogon Notify: ljJARhIX - ljJARhIX.dll (file missing)
O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8883 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:04 PM

Posted 08 April 2009 - 06:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 15 April 2009 - 08:25 PM

The first post accurately describes my problem. I still have no internet connection on that computer.

Please see my attached DDS log.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jonathan at 21:12:45.12 on Wed 04/15/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.794 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090205-1] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jonathan\Desktop\dds(2).pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://ie.search.msn.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://ie.search.msn.com
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.search.msn.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {C2BA40A2-74F3-42BD-F434-2604812C8954} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\jonathan\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\j river\media center\DMDownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\npjpi150_11.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
Notify: ljJARhIX - ljJARhIX.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
Notify: WB - c:\program files\stardock\object desktop\windowblinds\fastload.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: wbsys.dll c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\seleziga.dll c:\windows\system32\vuzejofu.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\MCPCore.dll
STS: {C2BA40A2-74F3-42BD-F434-2604812C8954} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli scecli c:\windows\system32\seleziga.dll arawmsa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonathan\applic~1\mozilla\firefox\profiles\fgfh81mw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox 3.1 beta 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {64B3FD47-3615-4D41-9E40-652D573FD28F} - c:\documents and settings\jonathan\local settings\application data\{64B3FD47-3615-4D41-9E40-652D573FD28F}
FF - HiddenExtension: XUL Cache: {CC00213F-0084-42B2-BF07-71DD56F63A80} - c:\documents and settings\administrator\local settings\application data\{cc00213f-0084-42b2-bf07-71dd56f63a80}\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-8 28544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-1 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-25 24652]
S0 mmdoev;mmdoev;c:\windows\system32\drivers\wpbmdm.sys --> c:\windows\system32\drivers\wpbmdm.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-1 114768]
S1 rxp;rxp;\??\c:\windows\system32\drivers\rxp.sys --> c:\windows\system32\drivers\rxp.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-1 20560]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-1 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-1 352920]
S3 botdrv;botdrv;\??\c:\documents and settings\jonathan\driver.sys --> c:\documents and settings\jonathan\driver.sys [?]
S3 CW200USB;SvcDesc=Cowon Digital Audio Player Service;c:\windows\system32\drivers\CWDAPUSB.sys [2005-3-22 10670]
S3 Waaidprtp;Waaidprtp;c:\windows\system32\ie4uinit.exe [2003-8-13 34304]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

=============== Created Last 30 ================

2009-04-04 15:31 4,481,358 a------- c:\windows\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-04-01 18:51 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-01 18:20 12,591,104 a------- c:\windows\sectest.db
2009-04-01 17:57 <DIR> --d----- c:\windows\ERUNT
2009-04-01 17:53 <DIR> --d----- C:\SDFix
2009-04-01 00:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 00:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 00:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 07:44 <DIR> --d----- c:\program files\CCleaner
2009-03-29 12:37 45,056 a------- C:\liymwuq.exe
2009-03-29 12:37 43,008 a------- C:\aoqckrns.exe
2009-03-29 12:36 45,056 a------- C:\dmsiacq.exe
2009-03-16 23:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 23:15 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-03-29 12:36 61,440 a--sh--- c:\windows\system32\boyeseti.exe
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-20 08:01 1,033,216 a------- c:\windows\explorer.exe
2008-04-27 16:33 62,241 a------- c:\program files\6.jpg
2008-04-27 16:26 45,104 a------- c:\program files\5.jpg
2008-04-27 16:25 43,192 a------- c:\program files\7.jpg
2008-04-27 14:31 463,426 a------- c:\program files\4.jpg
2008-04-27 14:27 418,708 a------- c:\program files\3.jpg
2008-04-27 14:25 594,863 a------- c:\program files\2284348070062422861BgbzxP_fs.jpg
2008-03-09 17:47 87,608 a------- c:\docume~1\jonathan\applic~1\inst.exe
2008-03-09 17:47 47,360 a------- c:\docume~1\jonathan\applic~1\pcouffin.sys
2008-03-03 21:52 87,608 a------- c:\docume~1\jonathan\applic~1\ezpinst.exe
2008-01-01 23:07 29,790 a------- c:\program files\G12.jpg
2007-12-29 02:20 82,107 a------- c:\program files\79590_PDVD_025_122_336lo.jpg
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\gepesiso.dll

============= FINISH: 21:13:28.40 ===============

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 18 April 2009 - 09:31 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 April 2009 - 04:50 PM

No changes since last post.

ComboFix 09-04-19.05 - Jonathan 04/19/2009 10:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1115 [GMT -4:00]
Running from: F:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Jonathan\Application Data\inst.exe
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004351_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004358_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_007338_.tmp.dll
c:\windows\system32\_007339_.tmp.dll
c:\windows\system32\_007340_.tmp.dll
c:\windows\system32\_007341_.tmp.dll
c:\windows\system32\_007348_.tmp.dll
c:\windows\system32\_007349_.tmp.dll
c:\windows\system32\_007350_.tmp.dll
c:\windows\system32\_007351_.tmp.dll
c:\windows\system32\_007353_.tmp.dll
c:\windows\system32\_007354_.tmp.dll
c:\windows\system32\_007357_.tmp.dll
c:\windows\system32\_007358_.tmp.dll
c:\windows\system32\_007360_.tmp.dll
c:\windows\system32\_007361_.tmp.dll
c:\windows\system32\_007362_.tmp.dll
c:\windows\system32\_007364_.tmp.dll
c:\windows\system32\_007367_.tmp.dll
c:\windows\system32\_007368_.tmp.dll
c:\windows\system32\_007372_.tmp.dll
c:\windows\system32\_007373_.tmp.dll
c:\windows\system32\_007375_.tmp.dll
c:\windows\system32\_007378_.tmp.dll
c:\windows\system32\_007380_.tmp.dll
c:\windows\system32\_007381_.tmp.dll
c:\windows\system32\_007382_.tmp.dll
c:\windows\system32\_007383_.tmp.dll
c:\windows\system32\_007384_.tmp.dll
c:\windows\system32\_007387_.tmp.dll
c:\windows\system32\_007388_.tmp.dll
c:\windows\system32\_007389_.tmp.dll
c:\windows\system32\_007390_.tmp.dll
c:\windows\system32\_007391_.tmp.dll
c:\windows\system32\_007396_.tmp.dll
c:\windows\system32\_007398_.tmp.dll
c:\windows\system32\boyeseti.exe
c:\windows\system32\gepesiso.dll
c:\windows\system32\NmnVCJlm.ini
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_botdrv
-------\Legacy_I386P
-------\Service_botdrv


((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-04 19:31 . 2009-04-04 19:31 4481358 ----a-w c:\windows\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-04-01 22:55 . 2009-04-01 22:55 -------- d-----w c:\program files\Alwil Software
2009-04-01 22:51 . 2009-04-19 14:20 -------- d-----w c:\windows\system32\NtmsData
2009-04-01 22:20 . 2009-04-01 22:22 12591104 ----a-w c:\windows\sectest.db
2009-04-01 21:57 . 2009-04-01 21:58 -------- d-----w c:\windows\ERUNT
2009-04-01 21:53 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-04-01 04:22 . 2009-03-26 20:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 04:22 . 2009-03-26 20:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 04:22 . 2009-04-01 04:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-30 11:44 . 2009-03-30 11:44 -------- d-----w c:\program files\CCleaner
2009-03-29 19:10 . 2009-03-29 19:10 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\{CC00213F-0084-42B2-BF07-71DD56F63A80}
2009-03-29 16:48 . 2009-03-29 16:48 -------- d-----w c:\documents and settings\Jonathan\Local Settings\Application Data\{64B3FD47-3615-4D41-9E40-652D573FD28F}
2009-03-29 16:37 . 2009-03-29 16:37 45056 ----a-w C:\liymwuq.exe
2009-03-29 16:37 . 2009-03-29 16:37 43008 ----a-w C:\aoqckrns.exe
2009-03-29 16:36 . 2009-03-29 16:36 45056 ----a-w C:\dmsiacq.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 13:55 . 2006-10-24 01:47 -------- d-----w c:\documents and settings\Jonathan\Application Data\U3
2009-04-04 15:11 . 2007-07-23 00:40 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 15:11 . 2006-07-24 23:58 -------- d-----w c:\program files\iTunes
2009-04-04 15:10 . 2004-06-21 19:30 -------- d-----w c:\program files\iPod
2009-04-04 14:59 . 2009-04-04 14:59 12537 ----a-w C:\DAF-interface-resetlog.txt
2009-04-04 14:56 . 2005-02-23 01:32 -------- d-----w c:\program files\BPFTP Server
2009-04-03 23:31 . 2004-06-11 23:56 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 22:30 . 2004-01-19 21:34 95160 -c--a-w c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 11:28 . 2004-06-11 23:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 18:58 . 2009-03-15 15:58 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-03-29 05:17 . 2007-01-05 05:32 -------- d-----w c:\documents and settings\Jonathan\Application Data\uTorrent
2009-03-29 00:38 . 2007-01-12 01:46 -------- d-----w c:\documents and settings\Jonathan\Application Data\Vso
2009-03-28 17:30 . 2008-05-24 00:20 -------- d-----w c:\program files\mIRC
2009-03-17 03:20 . 2009-03-17 03:20 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 03:18 . 2008-07-16 11:48 -------- d-----w c:\program files\Bonjour
2009-03-17 03:18 . 2008-02-28 00:44 -------- d-----w c:\program files\QuickTime
2009-03-14 21:18 . 2009-03-14 21:18 -------- d-----w c:\program files\RotoLab 2009
2009-03-12 23:19 . 2008-02-16 02:13 -------- d-----w c:\program files\FeedDemon
2009-03-06 03:59 . 2009-03-17 03:15 1900544 ----a-w c:\windows\SYSTEM32\usbaaplrc.dll
2009-03-06 03:59 . 2007-11-15 02:25 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-01 16:39 . 2003-08-08 21:08 95160 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-28 22:34 . 2009-02-28 22:34 -------- d-----w c:\program files\MSECache
2009-02-26 12:16 . 2008-03-29 17:53 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 10:19 . 2008-09-20 00:32 1846272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-01-20 12:01 . 2003-08-13 19:17 1033216 ----a-w c:\windows\explorer.exe
2008-04-27 20:33 . 2008-04-27 20:33 62241 ----a-w c:\program files\6.jpg
2008-04-27 20:26 . 2008-04-27 20:26 45104 ----a-w c:\program files\5.jpg
2008-04-27 20:25 . 2008-04-27 20:25 43192 ----a-w c:\program files\7.jpg
2008-04-27 18:31 . 2008-04-27 18:31 463426 ----a-w c:\program files\4.jpg
2008-04-27 18:27 . 2008-04-27 18:27 418708 ----a-w c:\program files\3.jpg
2008-04-27 18:25 . 2008-04-27 18:25 594863 ----a-w c:\program files\2284348070062422861BgbzxP_fs.jpg
2008-03-09 21:47 . 2007-01-12 01:46 47360 ----a-w c:\documents and settings\Jonathan\Application Data\pcouffin.sys
2008-03-04 01:52 . 2007-01-12 01:46 87608 ----a-w c:\documents and settings\Jonathan\Application Data\ezpinst.exe
2008-01-02 03:07 . 2007-12-29 06:17 29790 ----a-w c:\program files\G12.jpg
2007-12-29 06:20 . 2007-12-29 06:20 82107 ----a-w c:\program files\79590_PDVD_025_122_336lo.jpg
2004-01-20 03:14 . 2004-01-19 21:34 131 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\fusioncache.dat
2004-01-14 00:53 . 2004-01-14 00:53 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2007-08-12 23:2007-01-17 02:04 25:24 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2004-8-25 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-9-23 573440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 15:25 139264 ----a-w c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\fastload.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli arawmsa.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ares"="c:\program files\Ares\Ares.exe" -h
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe"
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
"HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"MediaFace Integration"=c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 mmdoev;mmdoev; [x]
R1 rxp;rxp; [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 CW200USB;SvcDesc=Cowon Digital Audio Player Service;c:\windows\system32\Drivers\CWDAPUSB.sys [2002-11-19 10670]
R3 Waaidprtp;Waaidprtp;c:\windows\System32\ie4uinit.exe [2004-08-04 34304]
R3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2001-01-03 19677]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9136399-d809-11dc-82f9-00038a000015}]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 19:24]

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
Notify-ljJARhIX - ljJARhIX.dll


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\J River\Media Center\DMDownload.htm
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\fgfh81mw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 10:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-133621794-1460167873-1838077968-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*]
"Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd,
3a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(284)
c:\program files\Common Files\Stardock\mcpstub.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\fastload.dll

- - - - - - - > 'lsass.exe'(340)
c:\windows\arawmsa.dll

- - - - - - - > 'explorer.exe'(3264)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Stardock\MCPCore.dll
c:\windows\arawmsa.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\eHome\ehsched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Common Files\Stardock\sdmcp.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-04-19 10:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 14:37

Pre-Run: 31,271,178,240 bytes free
Post-Run: 31,250,718,720 bytes free

332 --- E O F --- 2009-03-20 07:02


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Jonathan\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\Jonathan\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}
Reg HKLM\SOFTWARE\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 19 April 2009 - 05:27 PM

Hello.

Please save ComboFix.exe to your desktop. Also save the CFScript.txt and transfer it to the infected computer.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    
    File::
    C:\liymwuq.exe
    C:\aoqckrns.exe
    C:\dmsiacq.exe
    c:\windows\arawmsa.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
Transfer the setup file and mbamrules.exe to the infected computer's desktop.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file mbam-rules.exe from here, using another machine if needed. Simply double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.
Please confirm that the connection is not working still in your next reply.

With Regards,
The Panda

#7 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 April 2009 - 08:48 PM

The internet connection still isnt working. I have a yellow exclamation point next to the wireless connections under device manager.

ComboFix 09-04-19.05 - Jonathan 04/19/2009 19:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1036 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\documents and settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\aoqckrns.exe
C:\dmsiacq.exe
C:\liymwuq.exe
c:\windows\arawmsa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aoqckrns.exe
C:\dmsiacq.exe
C:\liymwuq.exe
c:\windows\arawmsa.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-04 19:31 . 2009-04-04 19:31 4481358 ----a-w c:\windows\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-04-01 22:55 . 2009-04-01 22:55 -------- d-----w c:\program files\Alwil Software
2009-04-01 22:51 . 2009-04-19 23:35 -------- d-----w c:\windows\system32\NtmsData
2009-04-01 22:20 . 2009-04-01 22:22 12591104 ----a-w c:\windows\sectest.db
2009-04-01 21:57 . 2009-04-01 21:58 -------- d-----w c:\windows\ERUNT
2009-04-01 21:53 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-04-01 04:22 . 2009-03-26 20:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 04:22 . 2009-03-26 20:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 04:22 . 2009-04-01 04:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-30 11:44 . 2009-03-30 11:44 -------- d-----w c:\program files\CCleaner
2009-03-29 19:10 . 2009-03-29 19:10 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\{CC00213F-0084-42B2-BF07-71DD56F63A80}
2009-03-29 16:48 . 2009-03-29 16:48 -------- d-----w c:\documents and settings\Jonathan\Local Settings\Application Data\{64B3FD47-3615-4D41-9E40-652D573FD28F}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 13:55 . 2006-10-24 01:47 -------- d-----w c:\documents and settings\Jonathan\Application Data\U3
2009-04-04 15:11 . 2007-07-23 00:40 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 15:11 . 2006-07-24 23:58 -------- d-----w c:\program files\iTunes
2009-04-04 15:10 . 2004-06-21 19:30 -------- d-----w c:\program files\iPod
2009-04-04 14:59 . 2009-04-04 14:59 12537 ----a-w C:\DAF-interface-resetlog.txt
2009-04-04 14:56 . 2005-02-23 01:32 -------- d-----w c:\program files\BPFTP Server
2009-04-03 23:31 . 2004-06-11 23:56 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 22:30 . 2004-01-19 21:34 95160 -c--a-w c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 11:28 . 2004-06-11 23:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 18:58 . 2009-03-15 15:58 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-03-29 05:17 . 2007-01-05 05:32 -------- d-----w c:\documents and settings\Jonathan\Application Data\uTorrent
2009-03-29 00:38 . 2007-01-12 01:46 -------- d-----w c:\documents and settings\Jonathan\Application Data\Vso
2009-03-28 17:30 . 2008-05-24 00:20 -------- d-----w c:\program files\mIRC
2009-03-17 03:20 . 2009-03-17 03:20 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 03:18 . 2008-07-16 11:48 -------- d-----w c:\program files\Bonjour
2009-03-17 03:18 . 2008-02-28 00:44 -------- d-----w c:\program files\QuickTime
2009-03-14 21:18 . 2009-03-14 21:18 -------- d-----w c:\program files\RotoLab 2009
2009-03-12 23:19 . 2008-02-16 02:13 -------- d-----w c:\program files\FeedDemon
2009-03-06 03:59 . 2009-03-17 03:15 1900544 ----a-w c:\windows\SYSTEM32\usbaaplrc.dll
2009-03-06 03:59 . 2007-11-15 02:25 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-01 16:39 . 2003-08-08 21:08 95160 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-28 22:34 . 2009-02-28 22:34 -------- d-----w c:\program files\MSECache
2009-02-26 12:16 . 2008-03-29 17:53 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 10:19 . 2008-09-20 00:32 1846272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-01-20 12:01 . 2003-08-13 19:17 1033216 ----a-w c:\windows\explorer.exe
2008-04-27 20:33 . 2008-04-27 20:33 62241 ----a-w c:\program files\6.jpg
2008-04-27 20:26 . 2008-04-27 20:26 45104 ----a-w c:\program files\5.jpg
2008-04-27 20:25 . 2008-04-27 20:25 43192 ----a-w c:\program files\7.jpg
2008-04-27 18:31 . 2008-04-27 18:31 463426 ----a-w c:\program files\4.jpg
2008-04-27 18:27 . 2008-04-27 18:27 418708 ----a-w c:\program files\3.jpg
2008-04-27 18:25 . 2008-04-27 18:25 594863 ----a-w c:\program files\2284348070062422861BgbzxP_fs.jpg
2008-03-09 21:47 . 2007-01-12 01:46 47360 ----a-w c:\documents and settings\Jonathan\Application Data\pcouffin.sys
2008-03-04 01:52 . 2007-01-12 01:46 87608 ----a-w c:\documents and settings\Jonathan\Application Data\ezpinst.exe
2008-01-02 03:07 . 2007-12-29 06:17 29790 ----a-w c:\program files\G12.jpg
2007-12-29 06:20 . 2007-12-29 06:20 82107 ----a-w c:\program files\79590_PDVD_025_122_336lo.jpg
2004-01-20 03:14 . 2004-01-19 21:34 131 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\fusioncache.dat
2004-01-14 00:53 . 2004-01-14 00:53 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2007-08-12 23:2007-01-17 02:04 25:24 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2004-8-25 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-9-23 573440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 15:25 139264 ----a-w c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\fastload.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ares"="c:\program files\Ares\Ares.exe" -h
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe"
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
"HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"MediaFace Integration"=c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 mmdoev;mmdoev; [x]
R1 rxp;rxp; [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 CW200USB;SvcDesc=Cowon Digital Audio Player Service;c:\windows\system32\Drivers\CWDAPUSB.sys [2002-11-19 10670]
R3 Waaidprtp;Waaidprtp;c:\windows\System32\ie4uinit.exe [2004-08-04 34304]
R3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2001-01-03 19677]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9136399-d809-11dc-82f9-00038a000015}]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 19:24]

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\J River\Media Center\DMDownload.htm
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 19:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-133621794-1460167873-1838077968-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*]
"Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd,
3a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(284)
c:\program files\Common Files\Stardock\mcpstub.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\fastload.dll

- - - - - - - > 'explorer.exe'(2520)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Stardock\MCPCore.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\eHome\ehsched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Common Files\Stardock\sdmcp.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-04-19 19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 23:45
ComboFix2.txt 2009-04-19 14:37

Pre-Run: 31,226,576,896 bytes free
Post-Run: 31,205,920,768 bytes free

217 --- E O F --- 2009-03-20 07:02

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/19/2009 9:24:35 PM
mbam-log-2009-04-19 (21-24-26).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 172060
Time elapsed: 1 hour(s), 25 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\aoqckrns.exe.vir (Worm.AutoRun) -> No action taken.
C:\Qoobox\Quarantine\C\dmsiacq.exe.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\liymwuq.exe.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\arawmsa.dll.vir (Trojan.Hiloti) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\boyeseti.exe.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP320\A0045696.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP321\A0046017.exe (Worm.AutoRun) -> No action taken.
C:\System Volume Information\_restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP321\A0046018.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP321\A0046019.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{4C64E8AF-F2CF-431D-8183-D12CF3F8050F}\RP321\A0046020.dll (Trojan.Hiloti) -> No action taken.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 20 April 2009 - 07:06 AM

Hello realhiphop.

Are you aware of what these files are?
2008-04-27 20:26 . 2008-04-27 20:26 45104 ----a-w c:\program files\5.jpg
2008-04-27 20:25 . 2008-04-27 20:25 43192 ----a-w c:\program files\7.jpg
2008-04-27 18:31 . 2008-04-27 18:31 463426 ----a-w c:\program files\4.jpg
2008-04-27 18:27 . 2008-04-27 18:27 418708 ----a-w c:\program files\3.jpg

In the device manager, right click the wirelss entry and select Uninstall.

Restart the computer. The device should be recognized and reinstalled.

Tell me how it goes.

With Regards,
The Panda

#9 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 20 April 2009 - 09:17 AM

There seem to be a ton of entries with miniport listed in my device manager. Should I be concerned with these? Are these potential remnants from my spyware?

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 20 April 2009 - 10:50 AM

Hello.

I don't see evidence of active malware installed as a device driver, no.

Please continue with the steps in my previous post when ready.

With Regards,
The Panda

#11 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 20 April 2009 - 05:26 PM

I'm still having the same problem. Every single network connection has a yellow exclamation point next to it. They reappear after uninstalling and rebooting my system. Let me know if I can provide you with anything else to help rectify this problem.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 20 April 2009 - 05:41 PM

Hello.

Please take a new log with DDS. Include that Attach.txt which may tell us something.

With Regards,
The Panda

#13 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 20 April 2009 - 07:22 PM

Please see the attached updated DDS logs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/1/2004 3:07:19 PM
System Uptime: 4/20/2009 6:18:24 PM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 29.09 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is FIXED (FAT32) - 233 GiB total, 76.987 GiB free.
H: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.:thumbup2:
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3A131186&REV_01\4&1C660DD6&0&00F0
Manufacturer: D-Link
Name: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.:)
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_3A131186&REV_01\4&1C660DD6&0&00F0
Service: A3AB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1101BC1A23C04
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1101BC1A23C04
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0002
Manufacturer: Microsoft
Name: WAN Miniport (IP) - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0002
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0003
Manufacturer: Microsoft
Name: D-Link AirPlus XtremeG DWL-G120 Wireless USB Adapter - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0003
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: RAS Async Adapter
Device ID: SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Manufacturer: Microsoft
Name: RAS Async Adapter
PNP Device ID: SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Service: AsyncMac

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0000
Manufacturer: Microsoft
Name: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.:step4: - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0000
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0001
Manufacturer: Microsoft
Name: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0001
Service: PSched

==== System Restore Points ===================

RP314: 4/4/2009 11:10:10 AM - Removed iTunes
RP315: 4/5/2009 11:58:44 AM - System Checkpoint
RP316: 4/9/2009 9:56:33 PM - System Checkpoint
RP317: 4/15/2009 8:49:38 AM - System Checkpoint
RP318: 4/16/2009 8:19:11 PM - System Checkpoint
RP319: 4/19/2009 7:54:05 AM - System Checkpoint
RP320: 4/19/2009 9:56:55 AM - ComboFix created restore point
RP321: 4/19/2009 7:31:29 PM - ComboFix created restore point

==== Installed Programs ======================

µTorrent
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
AIM 6
AIM Toolbar
AirPlus XtremeG
AirPort Extreme Admin Utility
AlienGUIse
ANIO Service
ANIWZCS2 Service
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
ATI Control Panel
ATI Display Driver
ATIMCEE
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Business Contact Manager for Outlook 2003
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.9
Creative MediaSource
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
Dell Solution Center
DivX Codec
DivX Player
Download Updater (AOL LLC)
DVD Flick
DVDSentry
FlashFXP v3
FLV Player 2.0, build 23
GetDiz 3.0
GMATPrep™
Google Desktop
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
JetShell for iAUDIO
LimeWire 4.18.8
Logitech MouseWare 9.79.1
Logitech SetPoint
LogonStudio
Malwarebytes' Anti-Malware
Managed DirectX (0901)
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Windows Journal Viewer
mIRC
MLB.TV Mosaic
MLB.TV NexDef Plug-in
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.0.8)
Mozilla Firefox (3.1b3)
ObjectDock
ObjectDock Plus
Panda ActiveScan 2.0
PowerArchiver 2004 v9.25
PowerDVD
QuickTime
RealPlayer
RotoLab 2008
RotoLab 2009
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Serv-U
Sound Blaster Audigy 2
Spybot - Search & Destroy
Stardock Central
TuneUp Utilities 2004
TuneUp Utilities 2008
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WavePad Uninstall
WD Diagnostics
WebFldrs XP
WinCustomize Browser
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

4/15/2009 9:03:22 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
4/15/2009 9:03:22 PM, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 9:03:22 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The system cannot find the file specified.
4/15/2009 9:03:22 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:50 AM, error: Service Control Manager [7001] - The aswRdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/15/2009 7:40:50 AM, error: Service Control Manager [7023] - The avast! Web Scanner service terminated with the following error: A socket operation encountered a dead network.
4/15/2009 7:40:50 AM, error: Service Control Manager [7000] - The ANIO Service service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD IPSec MRxSmb NetBIOS NetBT rxp Tcpip Tcpip6
4/15/2009 7:40:45 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7023] - The Server service terminated with the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:45 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
4/15/2009 7:40:34 AM, error: Workstation [5727] - Could not load RDR device driver.
4/15/2009 7:40:34 AM, error: Workstation [5727] - Could not load MRxSmb device driver.
4/15/2009 9:19:14 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer Micro USB Device.
4/16/2009 6:40:51 AM, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The specified driver is invalid.
4/16/2009 6:40:51 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The specified driver is invalid.
4/16/2009 6:57:22 AM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.
4/16/2009 6:57:22 AM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.

==== End Of File ===========================



DDS (Ver_09-03-16.01) - NTFSx86
Run by Jonathan at 20:17:21.98 on Mon 04/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1120 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jonathan\Desktop\dds(2).pif

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\jonathan\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\j river\media center\DMDownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\npjpi150_11.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
Notify: WB - c:\program files\stardock\object desktop\windowblinds\fastload.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\MCPCore.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonathan\applic~1\mozilla\firefox\profiles\fgfh81mw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox 3.1 beta 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {64B3FD47-3615-4D41-9E40-652D573FD28F} - c:\documents and settings\jonathan\local settings\application data\{64B3FD47-3615-4D41-9E40-652D573FD28F}
FF - HiddenExtension: XUL Cache: {CC00213F-0084-42B2-BF07-71DD56F63A80} - c:\documents and settings\administrator\local settings\application data\{cc00213f-0084-42b2-bf07-71dd56f63a80}\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-8 28544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-25 24652]
S0 mmdoev;mmdoev;c:\windows\system32\drivers\wpbmdm.sys --> c:\windows\system32\drivers\wpbmdm.sys [?]
S1 rxp;rxp;\??\c:\windows\system32\drivers\rxp.sys --> c:\windows\system32\drivers\rxp.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 CW200USB;SvcDesc=Cowon Digital Audio Player Service;c:\windows\system32\drivers\CWDAPUSB.sys [2005-3-22 10670]
S3 Waaidprtp;Waaidprtp;c:\windows\system32\ie4uinit.exe [2003-8-13 34304]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

=============== Created Last 30 ================

2009-04-19 09:56 161,792 a------- c:\windows\SWREG.exe
2009-04-19 09:56 98,816 a------- c:\windows\sed.exe
2009-04-04 15:31 4,481,358 a------- c:\windows\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-04-01 18:51 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-01 18:20 12,591,104 a------- c:\windows\sectest.db
2009-04-01 17:57 <DIR> --d----- c:\windows\ERUNT
2009-04-01 17:53 <DIR> --d----- C:\SDFix
2009-04-01 00:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 00:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 00:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 07:44 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-04-27 16:33 62,241 a------- c:\program files\6.jpg
2008-04-27 16:26 45,104 a------- c:\program files\5.jpg
2008-04-27 16:25 43,192 a------- c:\program files\7.jpg
2008-04-27 14:31 463,426 a------- c:\program files\4.jpg
2008-04-27 14:27 418,708 a------- c:\program files\3.jpg
2008-04-27 14:25 594,863 a------- c:\program files\2284348070062422861BgbzxP_fs.jpg
2008-03-09 17:47 47,360 a------- c:\docume~1\jonathan\applic~1\pcouffin.sys
2008-03-03 21:52 87,608 a------- c:\docume~1\jonathan\applic~1\ezpinst.exe
2008-01-01 23:07 29,790 a------- c:\program files\G12.jpg
2007-12-29 02:20 82,107 a------- c:\program files\79590_PDVD_025_122_336lo.jpg

============= FINISH: 20:18:08.60 ===============

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 21 April 2009 - 07:14 AM

Hello.

Looks like some essential files were damaged or are missing.

Do you have your Windows XP disk available? If so, run the System File Checker.

If not, then we'll try something else.

With Regards,
The Panda

#15 realhiphop

realhiphop
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 22 April 2009 - 08:15 AM

Being that my computer is over 5 years old I can't seem to find the Windows XP CD. What else can I do to try to fix this problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users