Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • This topic is locked This topic is locked
28 replies to this topic

#1 dayquest

dayquest

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 03 April 2009 - 11:08 PM

ok i have win xp and i cant update or defrag and when i go to try to download some pages for anti virus it will take me to a ad that has nothing to do with what i was trying to get here is my log file hope im doing this right and posting in the right place sorry in advance for messing up if i have. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:18 PM, on 4/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUS
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.148.121.105:7003/VatDec.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5C8054C-B7D1-49E0-B7E8-CEE98F5B19A0}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - HP - (no file)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8893 bytes

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 04 April 2009 - 05:54 PM

Hello dayquest,

Welcome to Bleeping Computer.

Sorry for delayed response. Forums have been really busy.

My name is fireman4it and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

I will be analyzing your log. I will get back to you with instructions after it is approved.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 04 April 2009 - 10:50 PM

ok i didnt know not to dl anything so i did another log and will not dl anything and thank you for the help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:37 PM, on 4/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.148.121.105:7003/VatDec.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5C8054C-B7D1-49E0-B7E8-CEE98F5B19A0}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - HP - (no file)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8708 bytes
i have tried to delete mcafee and it will not delete

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 05 April 2009 - 10:14 AM

Hello dayquest,

*NOTE: Just because your machine is running better does not mean it is clean. I will let you know when it is clean. Please follow all instructions given. If you dont understand or have a problem with a step, stop there and let me know so we can resolve the issue or find a work around.

1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton,Symantec or Mcafee.

For Norton, Symantec please use the norton removal tool from here Step 3
Norton Removal Tool

2.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


3.
The following is referring to Registry Mechanic.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

4.
Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

5.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Things to include in your next reply:
MBAM log
Kaspersky Log
HiJackThis log
How is your computer running now? Any signs or symptoms of infection?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 07 April 2009 - 04:30 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 08 April 2009 - 02:49 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:39 AM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.148.121.105:7003/VatDec.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - HP - (no file)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7094 bytes
Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/7/2009 1:15:53 AM
mbam-log-2009-04-07 (01-15-47).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 132890
Time elapsed: 45 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0C4A81EA-FEA4-4776-BF4C-836A91089DE6}\RP4\A0004262.exe (Trojan.Agent) -> No action taken.
the kaspersky wont let me save the file it said i have 1 virus i will try again sorry i still need help

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 08 April 2009 - 05:05 PM

Hello dayquest,

If your having trouble saving the file,please reply back with what the virus is and where it was located.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 09 April 2009 - 03:59 AM

it was in something like system restore i know it was in system restore i will scan again and get the name

#9 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 09 April 2009 - 02:26 PM

it is C/windows systems 32cncs32dll
Trojan-Banker.Win32.Banker.afwk

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 09 April 2009 - 04:14 PM

Hello dayquest,


1.
Please update Malwarebytes' Anti-Malware and run another scan and post the results.

2.
Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40


Then close all windows except HijackThis and click Fix Checked.

Restart

3.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

Things to include in your next reply:
MBAM log
DDS.txt
Attach txt.
How is your computer running now? Any signs or symptoms of infection?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 10 April 2009 - 01:38 AM

Malwarebytes' Anti-Malware 1.36
Database version: 1961
Windows 5.1.2600 Service Pack 2

4/9/2009 11:31:29 PM
mbam-log-2009-04-09 (23-31-29).txt

Scan type: Quick Scan
Objects scanned: 77758
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 10 April 2009 - 01:49 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 23:44:07.09 on Thu 04/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.632 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4DPH7JHE\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [McAfee Guardian] "c:\program files\mcafee\mcafee shared components\guardian\CMGrdian.exe" /SU
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://24.148.121.105:7003/VatDec.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ljijx1ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1043669&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ftascene.com/forum/index.php
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ljijx1ov.default\extensions\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}\components\FFAlert.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBitCometAgent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 MyWebSearchService;My Web Search Service; [x]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\drivers\dpcnet5u.sys --> c:\windows\system32\drivers\dpcnet5u.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys --> c:\windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys --> c:\windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys --> c:\windows\system32\drivers\mfesmfk.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 SPCA508A;Micro WebCam;c:\windows\system32\drivers\SPCA508A.SYS [2001-4-23 98073]

=============== Created Last 30 ================

2009-04-09 22:33 96,768 a------- c:\windows\system32\dllcache\dpcdll.dll
2009-04-09 22:33 539,136 a------- c:\windows\system32\SET1935.tmp
2009-04-09 22:33 177,152 a------- c:\windows\system32\SET1937.tmp
2009-04-09 22:33 354,304 a------- c:\windows\system32\SET1907.tmp
2009-04-09 22:33 80,896 a------- c:\windows\system32\SET1902.tmp
2009-04-09 22:33 13,824 a------- c:\windows\system32\SET1903.tmp
2009-04-09 22:33 121,856 a------- c:\windows\system32\SET18FE.tmp
2009-04-09 22:33 6,656 a------- c:\windows\system32\SET18FF.tmp
2009-04-09 22:30 95,744 a------- c:\windows\system32\SETD04.tmp
2009-04-09 22:30 471,552 a------- c:\windows\system32\SETCFE.tmp
2009-04-09 22:28 116,224 a------- c:\windows\system32\SET9D8.tmp
2009-04-09 22:25 19,569 a------- c:\windows\003514_.tmp
2009-04-09 22:22 1,200,128 a------- c:\windows\system32\dllcache\ntbackup.exe
2009-04-09 22:21 1,285,120 a------- c:\windows\system32\dllcache\ole32.dll
2009-04-09 02:23 <DIR> --d----- C:\OPKTools
2009-04-08 02:03 <DIR> --d----- c:\windows\system32\vmm32
2009-04-08 01:40 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-04-08 01:40 <DIR> --d----- c:\program files\Perfect Uninstaller
2009-04-08 01:35 <DIR> --d----- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-04-08 00:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-04-07 14:49 <DIR> --d----- c:\program files\NETGEAR Print Server
2009-04-07 14:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-07 13:31 23,392 a------- c:\windows\system32\nscompat.tlb
2009-04-07 13:31 16,832 a------- c:\windows\system32\amcompat.tlb
2009-04-07 05:35 79,872 a------- c:\windows\system32\msxml6r.dll
2009-04-07 05:34 177,152 a------- c:\windows\system32\SET1843.tmp
2009-04-07 05:34 539,136 a------- c:\windows\system32\SET1841.tmp
2009-04-07 05:34 354,304 a------- c:\windows\system32\SET1813.tmp
2009-04-07 05:34 80,896 a------- c:\windows\system32\SET180E.tmp
2009-04-07 05:34 121,856 a------- c:\windows\system32\SET180A.tmp
2009-04-07 05:34 6,656 a------- c:\windows\system32\SET180B.tmp
2009-04-07 05:32 95,744 a------- c:\windows\system32\SETC10.tmp
2009-04-07 05:32 471,552 a------- c:\windows\system32\SETC0A.tmp
2009-04-07 05:30 247,808 a------- c:\windows\system32\SET89B.tmp
2009-04-07 05:28 19,569 a------- c:\windows\003505_.tmp
2009-04-07 05:25 2,897,920 -------- c:\windows\system32\_005656_.tmp.dll
2009-04-07 05:25 382,464 -------- c:\windows\system32\_005657_.tmp.dll
2009-04-07 04:53 177,152 a------- c:\windows\system32\SET1754.tmp
2009-04-07 04:53 539,136 a------- c:\windows\system32\SET1752.tmp
2009-04-07 04:53 354,304 a------- c:\windows\system32\SET1724.tmp
2009-04-07 04:53 121,856 a------- c:\windows\system32\SET171B.tmp
2009-04-07 04:53 80,896 a------- c:\windows\system32\SET171F.tmp
2009-04-07 04:53 6,656 a------- c:\windows\system32\SET171C.tmp
2009-04-07 04:51 95,744 a------- c:\windows\system32\SETB21.tmp
2009-04-07 04:51 471,552 a------- c:\windows\system32\SETB1B.tmp
2009-04-07 04:49 297,984 a------- c:\windows\system32\SET81E.tmp
2009-04-07 04:48 172,032 a------- c:\windows\system32\SET2C6.tmp
2009-04-07 04:48 92,672 a------- c:\windows\system32\SET2C5.tmp
2009-04-07 04:48 5,632 a------- c:\windows\system32\SET2B7.tmp
2009-04-07 04:48 264,192 a------- c:\windows\system32\SET285.tmp
2009-04-07 04:48 82,432 a------- c:\windows\system32\SET248.tmp
2009-04-07 04:48 19,968 a------- c:\windows\system32\SET243.tmp
2009-04-07 04:48 41,984 a------- c:\windows\system32\SET1E8.tmp
2009-04-07 04:48 22,528 a------- c:\windows\system32\SET1DA.tmp
2009-04-07 04:48 19,456 a------- c:\windows\system32\SET202.tmp
2009-04-07 04:48 52,736 a------- c:\windows\system32\SET194.tmp
2009-04-07 04:48 18,432 a------- c:\windows\system32\SET1B8.tmp
2009-04-07 04:48 483,840 a------- c:\windows\system32\SET183.tmp
2009-04-07 04:46 19,569 a------- c:\windows\003496_.tmp
2009-04-07 04:44 2,897,920 -------- c:\windows\system32\_005622_.tmp.dll
2009-04-07 04:44 382,464 -------- c:\windows\system32\_005623_.tmp.dll
2009-04-07 03:50 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-04-07 02:57 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-07 02:56 <DIR> --d----- c:\program files\Microsoft
2009-04-07 02:56 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-04-07 02:55 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-07 02:55 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-07 02:08 177,152 a------- c:\windows\system32\SET1673.tmp
2009-04-07 02:08 539,136 a------- c:\windows\system32\SET1671.tmp
2009-04-07 02:08 354,304 a------- c:\windows\system32\SET1641.tmp
2009-04-07 02:08 80,896 a------- c:\windows\system32\SET163C.tmp
2009-04-07 02:08 6,656 a------- c:\windows\system32\SET1639.tmp
2009-04-07 02:06 95,744 a------- c:\windows\system32\SETA3E.tmp
2009-04-07 02:06 471,552 a------- c:\windows\system32\SETA38.tmp
2009-04-07 02:04 97,280 a------- c:\windows\system32\SET786.tmp
2009-04-07 02:03 264,192 a------- c:\windows\system32\SET225.tmp
2009-04-07 02:03 82,432 a------- c:\windows\system32\SET222.tmp
2009-04-07 02:03 41,984 a------- c:\windows\system32\SET1D2.tmp
2009-04-07 02:03 22,528 a------- c:\windows\system32\SET1CB.tmp
2009-04-07 02:03 19,968 a------- c:\windows\system32\SET220.tmp
2009-04-07 02:03 19,456 a------- c:\windows\system32\SET1D9.tmp
2009-04-07 02:03 483,840 a------- c:\windows\system32\SET1A3.tmp
2009-04-07 02:03 52,736 a------- c:\windows\system32\SET1B1.tmp
2009-04-07 02:03 18,432 a------- c:\windows\system32\SET1C4.tmp
2009-04-07 02:03 91,648 a------- c:\windows\system32\SET197.tmp
2009-04-07 02:01 19,569 a------- c:\windows\003303_.tmp
2009-04-07 01:59 2,897,920 -------- c:\windows\system32\_005588_.tmp.dll
2009-04-07 01:59 382,464 -------- c:\windows\system32\_005589_.tmp.dll
2009-04-06 12:40 177,152 a------- c:\windows\system32\SET1583.tmp
2009-04-06 12:40 354,304 a------- c:\windows\system32\SET1551.tmp
2009-04-06 12:40 80,896 a------- c:\windows\system32\SET154C.tmp
2009-04-06 12:40 121,856 a------- c:\windows\system32\SET1548.tmp
2009-04-06 12:40 6,656 a------- c:\windows\system32\SET1549.tmp
2009-04-06 12:36 95,744 a------- c:\windows\system32\SET94E.tmp
2009-04-06 12:36 471,552 a------- c:\windows\system32\SET948.tmp
2009-04-06 12:34 16,896 a------- c:\windows\system32\SET79F.tmp
2009-04-06 12:33 48,128 a------- c:\windows\system32\SET5BD.tmp
2009-04-06 12:32 52,736 a------- c:\windows\system32\SET170.tmp
2009-04-06 12:32 22,528 a------- c:\windows\system32\SET189.tmp
2009-04-06 12:32 18,432 a------- c:\windows\system32\SET181.tmp
2009-04-06 12:32 483,840 a------- c:\windows\system32\SET164.tmp
2009-04-06 12:32 91,648 a------- c:\windows\system32\SET163.tmp
2009-04-06 12:30 19,569 a------- c:\windows\003294_.tmp
2009-04-06 12:27 2,897,920 -------- c:\windows\system32\_005390_.tmp.dll
2009-04-06 12:27 382,464 -------- c:\windows\system32\_005391_.tmp.dll
2009-04-06 00:59 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-06 00:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-06 00:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 00:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 00:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-06 00:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-04 02:38 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-04-02 00:05 <DIR> --d----- c:\program files\Trend Micro
2009-03-31 02:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\Auslogics

==================== Find3M ====================

2009-04-09 23:00 96,256 a------- c:\windows\system32\drivers\sptd1437.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\_005546_.tmp.dll
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\_005537_.tmp.dll
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\_005533_.tmp.dll
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\_005268_.tmp.dll
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\_005233_.tmp.dll
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\SET22.tmp
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\SET1A.tmp
2009-01-16 02:16 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-29 00:18 1,452 a------- c:\documents and settings\administrator\nah_log.dat
2008-04-26 20:53 80 ---shr-- c:\windows\system32\9CE5AA9357.dll

============= FINISH: 23:44:43.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2005 1:47:59 PM
System Uptime: 4/9/2009 11:42:05 PM (0 hours ago)

Motherboard: Dell Inc. | | 0H8052
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 15.368 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Communications cable between two computers
Device ID: ROOT\PNPC031\0000
Manufacturer: (Standard Modem Types)
Name: Communications cable between two computers
PNP Device ID: ROOT\PNPC031\0000
Service: Modem

==== System Restore Points ===================

RP6: 4/6/2009 10:34:40 PM - Installed AVG Free 8.5
RP7: 4/6/2009 10:39:19 PM - Software Distribution Service 3.0
RP8: 4/7/2009 1:17:25 AM - Software Distribution Service 3.0
RP9: 4/7/2009 1:22:19 AM - Software Distribution Service 3.0
RP10: 4/7/2009 1:29:06 AM - Installed Windows XP WgaNotify.
RP11: 4/7/2009 1:40:12 AM - Installed Windows Defender
RP12: 4/7/2009 1:43:29 AM - Software Distribution Service 3.0
RP13: 4/7/2009 1:52:44 AM - Software Distribution Service 3.0
RP14: 4/7/2009 1:53:08 AM - Software Distribution Service 3.0
RP15: 4/7/2009 2:23:59 AM - Software Distribution Service 3.0
RP16: 4/7/2009 2:27:23 AM - Software Distribution Service 3.0
RP17: 4/7/2009 2:28:33 AM - Software Distribution Service 3.0
RP18: 4/7/2009 2:50:11 AM - Software Distribution Service 3.0
RP19: 4/7/2009 4:38:07 AM - Software Distribution Service 3.0
RP20: 4/7/2009 5:19:30 AM - Software Distribution Service 3.0
RP21: 4/7/2009 1:28:16 PM - Software Distribution Service 3.0
RP22: 4/7/2009 1:38:27 PM - Software Distribution Service 3.0
RP23: 4/7/2009 3:17:38 PM - Software Distribution Service 3.0
RP24: 4/7/2009 3:23:31 PM - Software Distribution Service 3.0
RP25: 4/7/2009 8:55:26 PM - Software Distribution Service 3.0
RP26: 4/8/2009 1:35:33 AM - Installed McAfee UnInstaller
RP27: 4/8/2009 1:43:51 AM - Removed McAfee UnInstaller
RP28: 4/8/2009 1:52:55 AM - Software Distribution Service 3.0
RP29: 4/8/2009 2:03:56 AM - Installed Dell Resource CD.
RP30: 4/8/2009 3:00:18 AM - Software Distribution Service 3.0
RP31: 4/9/2009 2:23:52 AM - Installed Windows OEM Preinstallation Kit
RP32: 4/9/2009 10:25:57 PM - Installed Windows XP Service Pack 3.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1
Adobe® Photoshop® Album Starter Edition 3.2
Avanquest update
Backup CD Player
Battlefield 1942
Battlefield 1942 Server
BufferChm
ClientTools
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
CustomerResearchQFolder
D1300
D1300_Help
Dell Resource CD
DeviceManagementQFolder
DiscWizard for Windows
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVR Client Program
EmpirePoker
eSupportQFolder
getPlus® for Adobe
Google Earth Pro
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Product Assistant
HP Solution Center 7.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_12
Java 2 SDK, SE v1.4.2_12
Java™ 6 Update 13
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
MarketResearch
Medal of Honor Airborne
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
neroxml
NETGEAR Print Server Software
NVIDIA Drivers
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SolutionCenter
Status
The Movies™ 1.1 Patch
Toolbox
TrayApp
TuneUp Utilities 2008
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows OEM Preinstallation Kit
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip 11.1
Yahoo! Install Manager
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/5/2009 9:12:11 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.2.30. The machine with the IP address 192.168.2.26 did not allow the name to be claimed by this machine.
4/5/2009 9:10:48 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/5/2009 8:59:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl mfehidk MPFP NPPTNT2 SPBBCDrv SRTSPX SYMTDI
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The PunkBuster service failed to start due to the following error: The system cannot find the path specified.
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the path specified.
4/5/2009 8:59:09 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the path specified.
4/5/2009 8:59:08 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
4/4/2009 2:27:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 (KB953432).
4/4/2009 2:27:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB958436).
4/4/2009 2:26:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Office 2003 (KB954478).
4/4/2009 2:26:21 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2003 (KB956357).
4/4/2009 2:26:08 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2003 (KB950213).
4/4/2009 2:25:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB953404).
4/4/2009 2:25:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB959614).
4/4/2009 2:25:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB951535).
4/4/2009 2:25:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB948988).
4/4/2009 2:24:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB921598).
4/4/2009 2:24:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Access Snapshot Viewer 2003 (KB955439).
4/3/2009 11:02:14 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LOL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B5C8054C-B7D1-49E0-B7E8. The master browser is stopping or an election is being forced.
4/3/2009 8:50:33 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
4/3/2009 2:09:39 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
4/3/2009 12:44:09 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is LOL.
4/6/2009 12:53:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk MPFP NPPTNT2
4/6/2009 12:41:10 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/6/2009 1:07:38 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
4/7/2009 2:09:09 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/7/2009 2:18:25 AM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
4/7/2009 2:18:36 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Windows XP Service Pack 3 (KB936929).
4/7/2009 2:28:12 AM, error: NtServicePack [4373] - Windows XP KB946648 installation failed.
Access is denied.
4/7/2009 2:28:12 AM, error: NtServicePack [4379] - Windows XP Hotfix KB946648 installation failed.
KB946648 installation did not complete.
4/7/2009 2:28:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows XP (KB946648).
4/7/2009 2:53:39 AM, error: WindowsMedia [4373] - Windows Media Player 11 wmp11 installation failed.
Access is denied.
4/7/2009 3:49:48 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2009 3:49:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/7/2009 3:49:48 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/7/2009 4:26:27 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Live Essentials.
4/7/2009 4:54:14 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/7/2009 5:09:14 AM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
4/7/2009 5:35:39 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/7/2009 12:39:51 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
4/7/2009 1:31:08 PM, error: WindowsMedia [4373] - Windows Media Player 11 wmp11 installation failed.
Access is denied.
4/7/2009 1:32:44 PM, error: NtServicePack [4373] - Windows XP KB946648 installation failed.
Access is denied.
4/7/2009 1:32:44 PM, error: NtServicePack [4379] - Windows XP Hotfix KB946648 installation failed.
KB946648 installation did not complete.
4/7/2009 1:36:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86.
4/7/2009 1:38:23 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Live Essentials.
4/9/2009 10:34:26 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
4/9/2009 10:59:30 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.

==== End Of File ===========================
cant get rid of mcafee it says its here but i cant find it and it stops things from downloading and still cant update xp but getting better at least i can go to web sites now that wouldnt before

#13 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 10 April 2009 - 03:22 PM

mcafee is gone now i used mcafee remove tool

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 10 April 2009 - 05:20 PM

Hello dayquest,

1.
Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

2.
Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
Thing to include in your next reply:
Combofix.txt
Gmer.log
HiJackThis log
How is your computer running now? Any signs or symptoms of infection?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 dayquest

dayquest
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 11 April 2009 - 03:57 AM

ComboFix 09-04-04.01 - Administrator 2009-04-11 1:40:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.638 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Administrator\Application Data\Google\T-Scan
c:\documents and settings\Administrator\Application Data\Zango
c:\documents and settings\Administrator\nah_log.dat
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004971_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004977_.tmp.dll
c:\windows\system32\_004978_.tmp.dll
c:\windows\system32\_004979_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004987_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004992_.tmp.dll
c:\windows\system32\_004993_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005001_.tmp.dll
c:\windows\system32\_005002_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005004_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\_005006_.tmp.dll
c:\windows\system32\_005007_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005013_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005018_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005025_.tmp.dll
c:\windows\system32\_005026_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005041_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005044_.tmp.dll
c:\windows\system32\_005045_.tmp.dll
c:\windows\system32\_005046_.tmp.dll
c:\windows\system32\_005047_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005049_.tmp.dll
c:\windows\system32\_005050_.tmp.dll
c:\windows\system32\_005051_.tmp.dll
c:\windows\system32\_005052_.tmp.dll
c:\windows\system32\_005053_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005055_.tmp.dll
c:\windows\system32\_005056_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005061_.tmp.dll
c:\windows\system32\_005062_.tmp.dll
c:\windows\system32\_005063_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005068_.tmp.dll
c:\windows\system32\_005069_.tmp.dll
c:\windows\system32\_005070_.tmp.dll
c:\windows\system32\_005071_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005073_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005077_.tmp.dll
c:\windows\system32\_005078_.tmp.dll
c:\windows\system32\_005079_.tmp.dll
c:\windows\system32\_005080_.tmp.dll
c:\windows\system32\_005081_.tmp.dll
c:\windows\system32\_005082_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005084_.tmp.dll
c:\windows\system32\_005085_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005089_.tmp.dll
c:\windows\system32\_005090_.tmp.dll
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005092_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005098_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005105_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005153_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005169_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005176_.tmp.dll
c:\windows\system32\_005177_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005183_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005185_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\_005191_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005194_.tmp.dll
c:\windows\system32\_005195_.tmp.dll
c:\windows\system32\_005196_.tmp.dll
c:\windows\system32\_005197_.tmp.dll
c:\windows\system32\_005198_.tmp.dll
c:\windows\system32\_005199_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005202_.tmp.dll
c:\windows\system32\_005203_.tmp.dll
c:\windows\system32\_005204_.tmp.dll
c:\windows\system32\_005205_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005207_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\_005210_.tmp.dll
c:\windows\system32\_005211_.tmp.dll
c:\windows\system32\_005212_.tmp.dll
c:\windows\system32\_005213_.tmp.dll
c:\windows\system32\_005214_.tmp.dll
c:\windows\system32\_005215_.tmp.dll
c:\windows\system32\_005216_.tmp.dll
c:\windows\system32\_005217_.tmp.dll
c:\windows\system32\_005218_.tmp.dll
c:\windows\system32\_005219_.tmp.dll
c:\windows\system32\_005220_.tmp.dll
c:\windows\system32\_005221_.tmp.dll
c:\windows\system32\_005222_.tmp.dll
c:\windows\system32\_005223_.tmp.dll
c:\windows\system32\_005224_.tmp.dll
c:\windows\system32\_005225_.tmp.dll
c:\windows\system32\_005226_.tmp.dll
c:\windows\system32\_005227_.tmp.dll
c:\windows\system32\_005228_.tmp.dll
c:\windows\system32\_005229_.tmp.dll
c:\windows\system32\_005230_.tmp.dll
c:\windows\system32\_005231_.tmp.dll
c:\windows\system32\_005232_.tmp.dll
c:\windows\system32\_005233_.tmp.dll
c:\windows\system32\_005234_.tmp.dll
c:\windows\system32\_005235_.tmp.dll
c:\windows\system32\_005236_.tmp.dll
c:\windows\system32\_005237_.tmp.dll
c:\windows\system32\_005238_.tmp.dll
c:\windows\system32\_005239_.tmp.dll
c:\windows\system32\_005240_.tmp.dll
c:\windows\system32\_005241_.tmp.dll
c:\windows\system32\_005242_.tmp.dll
c:\windows\system32\_005243_.tmp.dll
c:\windows\system32\_005244_.tmp.dll
c:\windows\system32\_005245_.tmp.dll
c:\windows\system32\_005246_.tmp.dll
c:\windows\system32\_005247_.tmp.dll
c:\windows\system32\_005248_.tmp.dll
c:\windows\system32\_005249_.tmp.dll
c:\windows\system32\_005250_.tmp.dll
c:\windows\system32\_005251_.tmp.dll
c:\windows\system32\_005252_.tmp.dll
c:\windows\system32\_005253_.tmp.dll
c:\windows\system32\_005254_.tmp.dll
c:\windows\system32\_005255_.tmp.dll
c:\windows\system32\_005256_.tmp.dll
c:\windows\system32\_005257_.tmp.dll
c:\windows\system32\_005258_.tmp.dll
c:\windows\system32\_005259_.tmp.dll
c:\windows\system32\_005260_.tmp.dll
c:\windows\system32\_005261_.tmp.dll
c:\windows\system32\_005262_.tmp.dll
c:\windows\system32\_005263_.tmp.dll
c:\windows\system32\_005264_.tmp.dll
c:\windows\system32\_005265_.tmp.dll
c:\windows\system32\_005266_.tmp.dll
c:\windows\system32\_005267_.tmp.dll
c:\windows\system32\_005268_.tmp.dll
c:\windows\system32\_005270_.tmp.dll
c:\windows\system32\_005271_.tmp.dll
c:\windows\system32\_005272_.tmp.dll
c:\windows\system32\_005273_.tmp.dll
c:\windows\system32\_005274_.tmp.dll
c:\windows\system32\_005275_.tmp.dll
c:\windows\system32\_005276_.tmp.dll
c:\windows\system32\_005278_.tmp.dll
c:\windows\system32\_005279_.tmp.dll
c:\windows\system32\_005280_.tmp.dll
c:\windows\system32\_005281_.tmp.dll
c:\windows\system32\_005282_.tmp.dll
c:\windows\system32\_005283_.tmp.dll
c:\windows\system32\_005284_.tmp.dll
c:\windows\system32\_005285_.tmp.dll
c:\windows\system32\_005286_.tmp.dll
c:\windows\system32\_005287_.tmp.dll
c:\windows\system32\_005288_.tmp.dll
c:\windows\system32\_005289_.tmp.dll
c:\windows\system32\_005290_.tmp.dll
c:\windows\system32\_005291_.tmp.dll
c:\windows\system32\_005292_.tmp.dll
c:\windows\system32\_005293_.tmp.dll
c:\windows\system32\_005294_.tmp.dll
c:\windows\system32\_005296_.tmp.dll
c:\windows\system32\_005297_.tmp.dll
c:\windows\system32\_005298_.tmp.dll
c:\windows\system32\_005299_.tmp.dll
c:\windows\system32\_005301_.tmp.dll
c:\windows\system32\_005303_.tmp.dll
c:\windows\system32\_005304_.tmp.dll
c:\windows\system32\_005305_.tmp.dll
c:\windows\system32\_005306_.tmp.dll
c:\windows\system32\_005307_.tmp.dll
c:\windows\system32\_005308_.tmp.dll
c:\windows\system32\_005309_.tmp.dll
c:\windows\system32\_005311_.tmp.dll
c:\windows\system32\_005312_.tmp.dll
c:\windows\system32\_005313_.tmp.dll
c:\windows\system32\_005314_.tmp.dll
c:\windows\system32\_005315_.tmp.dll
c:\windows\system32\_005316_.tmp.dll
c:\windows\system32\_005317_.tmp.dll
c:\windows\system32\_005318_.tmp.dll
c:\windows\system32\_005319_.tmp.dll
c:\windows\system32\_005320_.tmp.dll
c:\windows\system32\_005321_.tmp.dll
c:\windows\system32\_005322_.tmp.dll
c:\windows\system32\_005323_.tmp.dll
c:\windows\system32\_005324_.tmp.dll
c:\windows\system32\_005325_.tmp.dll
c:\windows\system32\_005326_.tmp.dll
c:\windows\system32\_005327_.tmp.dll
c:\windows\system32\_005329_.tmp.dll
c:\windows\system32\_005330_.tmp.dll
c:\windows\system32\_005331_.tmp.dll
c:\windows\system32\_005332_.tmp.dll
c:\windows\system32\_005334_.tmp.dll
c:\windows\system32\_005336_.tmp.dll
c:\windows\system32\_005337_.tmp.dll
c:\windows\system32\_005338_.tmp.dll
c:\windows\system32\_005339_.tmp.dll
c:\windows\system32\_005340_.tmp.dll
c:\windows\system32\_005341_.tmp.dll
c:\windows\system32\_005342_.tmp.dll
c:\windows\system32\_005343_.tmp.dll
c:\windows\system32\_005345_.tmp.dll
c:\windows\system32\_005346_.tmp.dll
c:\windows\system32\_005347_.tmp.dll
c:\windows\system32\_005348_.tmp.dll
c:\windows\system32\_005349_.tmp.dll
c:\windows\system32\_005350_.tmp.dll
c:\windows\system32\_005351_.tmp.dll
c:\windows\system32\_005352_.tmp.dll
c:\windows\system32\_005354_.tmp.dll
c:\windows\system32\_005355_.tmp.dll
c:\windows\system32\_005356_.tmp.dll
c:\windows\system32\_005357_.tmp.dll
c:\windows\system32\_005358_.tmp.dll
c:\windows\system32\_005360_.tmp.dll
c:\windows\system32\_005361_.tmp.dll
c:\windows\system32\_005365_.tmp.dll
c:\windows\system32\_005366_.tmp.dll
c:\windows\system32\_005368_.tmp.dll
c:\windows\system32\_005370_.tmp.dll
c:\windows\system32\_005371_.tmp.dll
c:\windows\system32\_005373_.tmp.dll
c:\windows\system32\_005374_.tmp.dll
c:\windows\system32\_005375_.tmp.dll
c:\windows\system32\_005376_.tmp.dll
c:\windows\system32\_005379_.tmp.dll
c:\windows\system32\_005380_.tmp.dll
c:\windows\system32\_005381_.tmp.dll
c:\windows\system32\_005382_.tmp.dll
c:\windows\system32\_005383_.tmp.dll
c:\windows\system32\_005388_.tmp.dll
c:\windows\system32\_005390_.tmp.dll
c:\windows\system32\_005391_.tmp.dll
c:\windows\system32\_005530_.tmp.dll
c:\windows\system32\_005531_.tmp.dll
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005534_.tmp.dll
c:\windows\system32\_005535_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005538_.tmp.dll
c:\windows\system32\_005539_.tmp.dll
c:\windows\system32\_005540_.tmp.dll
c:\windows\system32\_005541_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005543_.tmp.dll
c:\windows\system32\_005544_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005546_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005548_.tmp.dll
c:\windows\system32\_005549_.tmp.dll
c:\windows\system32\_005550_.tmp.dll
c:\windows\system32\_005551_.tmp.dll
c:\windows\system32\_005552_.tmp.dll
c:\windows\system32\_005553_.tmp.dll
c:\windows\system32\_005554_.tmp.dll
c:\windows\system32\_005555_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005557_.tmp.dll
c:\windows\system32\_005558_.tmp.dll
c:\windows\system32\_005559_.tmp.dll
c:\windows\system32\_005560_.tmp.dll
c:\windows\system32\_005561_.tmp.dll
c:\windows\system32\_005562_.tmp.dll
c:\windows\system32\_005563_.tmp.dll
c:\windows\system32\_005564_.tmp.dll
c:\windows\system32\_005565_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005568_.tmp.dll
c:\windows\system32\_005569_.tmp.dll
c:\windows\system32\_005570_.tmp.dll
c:\windows\system32\_005571_.tmp.dll
c:\windows\system32\_005572_.tmp.dll
c:\windows\system32\_005573_.tmp.dll
c:\windows\system32\_005574_.tmp.dll
c:\windows\system32\_005575_.tmp.dll
c:\windows\system32\_005577_.tmp.dll
c:\windows\system32\_005578_.tmp.dll
c:\windows\system32\_005579_.tmp.dll
c:\windows\system32\_005580_.tmp.dll
c:\windows\system32\_005581_.tmp.dll
c:\windows\system32\_005582_.tmp.dll
c:\windows\system32\_005583_.tmp.dll
c:\windows\system32\_005584_.tmp.dll
c:\windows\system32\_005585_.tmp.dll
c:\windows\system32\_005586_.tmp.dll
c:\windows\system32\_005587_.tmp.dll
c:\windows\system32\_005588_.tmp.dll
c:\windows\system32\_005589_.tmp.dll
c:\windows\system32\_005590_.tmp.dll
c:\windows\system32\_005591_.tmp.dll
c:\windows\system32\_005592_.tmp.dll
c:\windows\system32\_005593_.tmp.dll
c:\windows\system32\_005595_.tmp.dll
c:\windows\system32\_005596_.tmp.dll
c:\windows\system32\_005597_.tmp.dll
c:\windows\system32\_005598_.tmp.dll
c:\windows\system32\_005600_.tmp.dll
c:\windows\system32\_005602_.tmp.dll
c:\windows\system32\_005603_.tmp.dll
c:\windows\system32\_005604_.tmp.dll
c:\windows\system32\_005605_.tmp.dll
c:\windows\system32\_005606_.tmp.dll
c:\windows\system32\_005607_.tmp.dll
c:\windows\system32\_005608_.tmp.dll
c:\windows\system32\_005609_.tmp.dll
c:\windows\system32\_005611_.tmp.dll
c:\windows\system32\_005612_.tmp.dll
c:\windows\system32\_005613_.tmp.dll
c:\windows\system32\_005614_.tmp.dll
c:\windows\system32\_005615_.tmp.dll
c:\windows\system32\_005616_.tmp.dll
c:\windows\system32\_005617_.tmp.dll
c:\windows\system32\_005618_.tmp.dll
c:\windows\system32\_005619_.tmp.dll
c:\windows\system32\_005620_.tmp.dll
c:\windows\system32\_005621_.tmp.dll
c:\windows\system32\_005622_.tmp.dll
c:\windows\system32\_005623_.tmp.dll
c:\windows\system32\_005624_.tmp.dll
c:\windows\system32\_005625_.tmp.dll
c:\windows\system32\_005626_.tmp.dll
c:\windows\system32\_005627_.tmp.dll
c:\windows\system32\_005628_.tmp.dll
c:\windows\system32\_005630_.tmp.dll
c:\windows\system32\_005631_.tmp.dll
c:\windows\system32\_005632_.tmp.dll
c:\windows\system32\_005633_.tmp.dll
c:\windows\system32\_005634_.tmp.dll
c:\windows\system32\_005636_.tmp.dll
c:\windows\system32\_005637_.tmp.dll
c:\windows\system32\_005639_.tmp.dll
c:\windows\system32\_005640_.tmp.dll
c:\windows\system32\_005641_.tmp.dll
c:\windows\system32\_005642_.tmp.dll
c:\windows\system32\_005643_.tmp.dll
c:\windows\system32\_005644_.tmp.dll
c:\windows\system32\_005645_.tmp.dll
c:\windows\system32\_005646_.tmp.dll
c:\windows\system32\_005647_.tmp.dll
c:\windows\system32\_005648_.tmp.dll
c:\windows\system32\_005649_.tmp.dll
c:\windows\system32\_005651_.tmp.dll
c:\windows\system32\_005652_.tmp.dll
c:\windows\system32\_005653_.tmp.dll
c:\windows\system32\_005654_.tmp.dll
c:\windows\system32\_005656_.tmp.dll
c:\windows\system32\_005657_.tmp.dll
c:\windows\system32\_005658_.tmp.dll
c:\windows\system32\_005661_.tmp.dll
c:\windows\system32\_005662_.tmp.dll
c:\windows\system32\_005666_.tmp.dll
c:\windows\system32\_005667_.tmp.dll
c:\windows\system32\_005669_.tmp.dll
c:\windows\system32\_005671_.tmp.dll
c:\windows\system32\_005672_.tmp.dll
c:\windows\system32\_005674_.tmp.dll
c:\windows\system32\_005675_.tmp.dll
c:\windows\system32\_005676_.tmp.dll
c:\windows\system32\_005677_.tmp.dll
c:\windows\system32\_005680_.tmp.dll
c:\windows\system32\_005681_.tmp.dll
c:\windows\system32\_005682_.tmp.dll
c:\windows\system32\_005683_.tmp.dll
c:\windows\system32\_005684_.tmp.dll
c:\windows\system32\_005689_.tmp.dll
c:\windows\system32\_005691_.tmp.dll
c:\windows\system32\_005692_.tmp.dll
c:\windows\system32\SrchSTS.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\winlogon.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_MyWebSearchService
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-10 14:16 . 2008-07-03 06:16 8,454,656 --a------ c:\windows\system32\dllcache\shell32.dll
2009-04-10 14:15 . 2008-08-14 02:58 2,136,064 --a------ c:\windows\system32\ntoskrnl.exe
2009-04-10 13:51 . 2008-04-13 17:12 727,040 --a------ c:\windows\system32\SET2709.tmp
2009-04-10 13:50 . 2008-04-13 17:12 8,461,312 --a------ c:\windows\system32\SET2763.tmp
2009-04-10 13:49 . 2008-04-13 17:11 1,267,200 --a------ c:\windows\system32\SET294F.tmp
2009-04-10 01:25 . 2009-04-10 01:25 <DIR> d-------- c:\program files\Kaspersky Lab
2009-04-10 01:25 . 2009-04-11 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-10 01:25 . 2009-04-11 01:45 2,627,104 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-10 01:25 . 2009-04-11 01:47 327,712 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-10 01:25 . 2009-04-10 01:34 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-04-10 01:25 . 2009-04-10 01:34 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-04-10 01:25 . 2009-04-11 01:45 21,604 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-10 01:25 . 2009-04-11 01:46 2,200 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-09 22:33 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1935.tmp
2009-04-09 22:33 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET1907.tmp
2009-04-09 22:33 . 2008-04-14 05:40 177,152 --a------ c:\windows\system32\SET1937.tmp
2009-04-09 22:33 . 2008-04-14 05:42 121,856 --a------ c:\windows\system32\SET18FE.tmp
2009-04-09 22:33 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET1902.tmp
2009-04-09 22:33 . 2008-04-14 05:42 13,824 --a------ c:\windows\system32\SET1903.tmp
2009-04-09 22:33 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET18FF.tmp
2009-04-09 22:30 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SETCFE.tmp
2009-04-09 22:30 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SETD04.tmp
2009-04-09 22:28 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET84B.tmp
2009-04-09 22:25 . 2006-12-29 00:31 19,569 --a------ c:\windows\003514_.tmp
2009-04-09 22:21 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_005509_.tmp.dll
2009-04-09 02:23 . 2009-04-09 02:29 <DIR> d-------- C:\OPKTools
2009-04-08 02:03 . 2009-04-08 02:03 <DIR> d-------- c:\windows\system32\vmm32
2009-04-08 01:40 . 2009-04-08 01:51 <DIR> d-------- c:\program files\Perfect Uninstaller
2009-04-08 01:40 . 2009-04-08 01:40 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2009-04-08 00:52 . 2009-04-08 00:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-07 14:49 . 2009-04-07 14:49 <DIR> d-------- c:\program files\NETGEAR Print Server
2009-04-07 14:10 . 2009-04-07 14:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-07 13:31 . 2009-04-10 14:42 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-04-07 13:31 . 2009-04-10 14:42 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-04-07 05:34 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1841.tmp
2009-04-07 05:34 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET1813.tmp
2009-04-07 05:34 . 2008-04-14 05:40 177,152 --a------ c:\windows\system32\SET1843.tmp
2009-04-07 05:34 . 2008-04-14 05:42 121,856 --a------ c:\windows\system32\SET180A.tmp
2009-04-07 05:34 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET180E.tmp
2009-04-07 05:34 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET180B.tmp
2009-04-07 05:32 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SETC0A.tmp
2009-04-07 05:32 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SETC10.tmp
2009-04-07 05:30 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET755.tmp
2009-04-07 05:28 . 2006-12-29 00:31 19,569 --a------ c:\windows\003505_.tmp
2009-04-07 05:24 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_005508_.tmp.dll
2009-04-07 04:53 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1752.tmp
2009-04-07 04:53 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET1724.tmp
2009-04-07 04:53 . 2008-04-14 05:40 177,152 --a------ c:\windows\system32\SET1754.tmp
2009-04-07 04:53 . 2008-04-14 05:42 121,856 --a------ c:\windows\system32\SET171B.tmp
2009-04-07 04:53 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET171F.tmp
2009-04-07 04:53 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET171C.tmp
2009-04-07 04:51 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SETB1B.tmp
2009-04-07 04:51 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SETB21.tmp
2009-04-07 04:49 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET619.tmp
2009-04-07 04:48 . 2008-04-14 05:42 483,840 --a------ c:\windows\system32\SET183.tmp
2009-04-07 04:48 . 2008-04-14 05:42 264,192 --a------ c:\windows\system32\SET285.tmp
2009-04-07 04:48 . 2008-04-14 05:42 172,032 --a------ c:\windows\system32\SET2C6.tmp
2009-04-07 04:48 . 2008-04-14 05:42 92,672 --a------ c:\windows\system32\SET2C5.tmp
2009-04-07 04:48 . 2008-04-14 05:42 82,432 --a------ c:\windows\system32\SET248.tmp
2009-04-07 04:48 . 2008-04-14 05:42 52,736 --a------ c:\windows\system32\SET194.tmp
2009-04-07 04:48 . 2008-04-14 05:42 41,984 --a------ c:\windows\system32\SET1E8.tmp
2009-04-07 04:48 . 2008-04-14 05:42 22,528 --a------ c:\windows\system32\SET1DA.tmp
2009-04-07 04:48 . 2008-04-14 05:42 19,968 --a------ c:\windows\system32\SET243.tmp
2009-04-07 04:48 . 2008-04-14 05:42 19,456 --a------ c:\windows\system32\SET202.tmp
2009-04-07 04:48 . 2008-04-14 05:42 18,432 --a------ c:\windows\system32\SET1B8.tmp
2009-04-07 04:48 . 2008-04-14 05:41 5,632 --a------ c:\windows\system32\SET2B7.tmp
2009-04-07 04:46 . 2006-12-29 00:31 19,569 --a------ c:\windows\003496_.tmp
2009-04-07 04:43 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_005507_.tmp.dll
2009-04-07 03:50 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-04-07 02:57 . 2009-04-07 02:57 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-04-07 02:56 . 2009-04-07 03:48 <DIR> d-------- c:\program files\Microsoft
2009-04-07 02:56 . 2009-04-07 02:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-04-07 02:55 . 2009-04-07 02:55 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-04-07 02:55 . 2009-04-07 02:55 <DIR> d-------- c:\program files\Windows Desktop Search
2009-04-07 02:08 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1671.tmp
2009-04-07 02:08 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET1641.tmp
2009-04-07 02:08 . 2008-04-14 05:40 177,152 --a------ c:\windows\system32\SET1673.tmp
2009-04-07 02:08 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET163C.tmp
2009-04-07 02:08 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET1639.tmp
2009-04-07 02:06 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SETA38.tmp
2009-04-07 02:06 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SETA3E.tmp
2009-04-07 02:04 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET4EF.tmp
2009-04-07 02:03 . 2008-04-14 05:42 483,840 --a------ c:\windows\system32\SET1A3.tmp
2009-04-07 02:03 . 2008-04-14 05:42 264,192 --a------ c:\windows\system32\SET225.tmp
2009-04-07 02:03 . 2008-04-14 05:42 91,648 --a------ c:\windows\system32\SET197.tmp
2009-04-07 02:03 . 2008-04-14 05:42 82,432 --a------ c:\windows\system32\SET222.tmp
2009-04-07 02:03 . 2008-04-14 05:42 52,736 --a------ c:\windows\system32\SET1B1.tmp
2009-04-07 02:03 . 2008-04-14 05:42 41,984 --a------ c:\windows\system32\SET1D2.tmp
2009-04-07 02:03 . 2008-04-14 05:42 22,528 --a------ c:\windows\system32\SET1CB.tmp
2009-04-07 02:03 . 2008-04-14 05:42 19,968 --a------ c:\windows\system32\SET220.tmp
2009-04-07 02:03 . 2008-04-14 05:42 19,456 --a------ c:\windows\system32\SET1D9.tmp
2009-04-07 02:03 . 2008-04-14 05:42 18,432 --a------ c:\windows\system32\SET1C4.tmp
2009-04-07 02:01 . 2006-12-29 00:31 19,569 --a------ c:\windows\003303_.tmp
2009-04-07 01:58 . 2008-03-07 09:56 192,000 --a--c--- c:\windows\system32\dllcache\offfilt.dll
2009-04-07 01:58 . 2008-03-07 09:56 98,304 --a--c--- c:\windows\system32\dllcache\nlhtml.dll
2009-04-07 01:58 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_005506_.tmp.dll
2009-04-07 01:58 . 2008-03-07 09:56 29,696 --a--c--- c:\windows\system32\dllcache\mimefilt.dll
2009-04-06 12:40 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET1551.tmp
2009-04-06 12:40 . 2008-04-14 05:40 177,152 --a------ c:\windows\system32\SET1583.tmp
2009-04-06 12:40 . 2008-04-14 05:42 121,856 --a------ c:\windows\system32\SET1548.tmp
2009-04-06 12:40 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET154C.tmp
2009-04-06 12:40 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET1549.tmp
2009-04-06 12:36 . 2008-04-14 05:42 471,552 --a------ c:\windows\system32\SET948.tmp
2009-04-06 12:36 . 2008-04-14 05:41 95,744 --a------ c:\windows\system32\SET94E.tmp
2009-04-06 12:34 . 2008-04-14 05:42 2,843,136 --a------ c:\windows\system32\SET5E5.tmp
2009-04-06 12:33 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET3A3.tmp
2009-04-06 12:32 . 2008-04-14 05:42 483,840 --a------ c:\windows\system32\SET164.tmp
2009-04-06 12:32 . 2008-04-14 05:42 91,648 --a------ c:\windows\system32\SET163.tmp
2009-04-06 12:32 . 2008-04-14 05:42 52,736 --a------ c:\windows\system32\SET170.tmp
2009-04-06 12:32 . 2008-04-14 05:42 22,528 --a------ c:\windows\system32\SET189.tmp
2009-04-06 12:32 . 2008-04-14 05:42 18,432 --a------ c:\windows\system32\SET181.tmp
2009-04-06 12:30 . 2006-12-29 00:31 19,569 --a------ c:\windows\003294_.tmp
2009-04-06 12:25 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_004994_.tmp.dll
2009-04-06 00:59 . 2009-04-09 22:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 00:59 . 2009-04-06 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-06 00:59 . 2009-04-06 00:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-06 00:59 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 00:59 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-06 00:45 . 2009-04-06 00:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-04 02:38 . 2009-04-04 02:38 <DIR> d-------- c:\program files\Microsoft.NET
2009-04-04 02:38 . 2009-04-04 02:38 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-04-03 01:01 . 2009-04-04 01:11 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 00:05 . 2009-04-02 00:05 <DIR> d-------- c:\program files\Trend Micro
2009-03-31 02:32 . 2009-03-31 02:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Auslogics
2009-03-23 00:30 . 2009-03-23 00:30 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 21:38 96,256 ----a-w c:\windows\system32\drivers\sptd1437.sys
2009-04-10 08:34 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-08 09:03 --------- d-----w c:\program files\Dell
2009-04-07 20:31 --------- d-----w c:\program files\Windows Media Connect 2
2009-04-07 11:13 --------- d-----w c:\program files\Windows Live
2009-04-06 09:45 --------- d-----w c:\program files\Microsoft Silverlight
2009-04-06 07:55 --------- d-----w c:\program files\Viewpoint
2009-04-06 07:55 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-06 07:47 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 07:22 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-03-28 20:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-27 06:21 --------- d-----w c:\program files\Java
2009-03-22 19:40 --------- d-----w c:\program files\GameSpy Arcade
2009-03-02 10:54 --------- d-----w c:\program files\Common Files\Ahead
2009-02-17 06:19 --------- d-----w c:\program files\Google
2008-04-27 03:53 80 --sh--r c:\windows\system32\9CE5AA9357.dll
.

------- Sigcheck -------

2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2008-11-28 02:48 295424 40ffc19a8d4875e9e19cecdc76ef9201 c:\windows\system32\termsrv.dll
2004-08-04 05:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-26 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-10 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP62"= SP6X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-26 15:35 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]
S3 SPCA508A;Micro WebCam;c:\windows\system32\drivers\SPCA508A.SYS [2001-04-23 98073]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]

2009-04-11 c:\windows\Tasks\RegCure Program Check.job
- e:\regcure\RegCure.exe []

2009-04-09 c:\windows\Tasks\RegCure.job
- e:\regcure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: {{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5}
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://24.148.121.105:7003/VatDec.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljijx1ov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1043669&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ftascene.com/forum/index.php
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ljijx1ov.default\extensions\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}\components\FFAlert.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBitCometAgent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 01:47:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Completion time: 2009-04-11 1:52:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 08:52:49

Pre-Run: 15,615,619,072 bytes free
Post-Run: 17,628,819,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

830 --- E O F --- 2009-04-11 08:11:05




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users