Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BAT/TCPPARAMS.A infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 Chapter6

Chapter6

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 04 April 2009 - 07:35 PM

My computer has become infected with C:\a.bat BATTCParams.a
It seems to be redirecting my browser when I click on links in google
The most I can tell you is when I use any link in google it redirects me and I have to go back to the search again about 4 times before I get through to where I actually want to go
I also noticed that I have a google toolbar uninstall file that I don't recall having before
CA Antivirus finds 2 instances when I start up
It deletes 1 and says the other's status is infected
This happens every time I reboot

Please help

Here is my DDS Log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chapter VI at 20:19:22.34 on Sat 04/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.287 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\AppleDevice.exe
C:\WINDOWS\system32\wsntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Chapter VI\Desktop\HiJackThis.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Documents and Settings\Chapter VI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uWindow Title = Microsoft Internet Explorer
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteControl]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
uRun: [SB Audigy 2 Startup Menu] "c:\program files\creative\sbaudigy2zs\program\startup menu\ChkColor.EXE"
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [WindowsTaskManager] wsntfy.exe
mRun: [AppleUpdate] Appleinc.exe
mRun: [AppleInc] AppleDevice.exe
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRunServices: [WindowsTaskManager] wsntfy.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chapte~1\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217111545203
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217137365002
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
TCP: {1E3F1F3D-3061-45A4-9421-1D6BD954B468} = 208.67.222.222,208.67.220.220
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chapte~1\applic~1\mozilla\firefox\profiles\qpa2w37w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-20 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-12-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-12-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-12-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-12-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-12-21 32240]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-12-21 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-22 45848]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2008-8-15 15840]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-12-21 255216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-5 24652]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2009-2-14 23040]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-12-21 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-12-21 108368]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-28 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-28 3072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-04-04 20:04 <DIR> --d----- c:\program files\Cobian Backup 9
2009-04-04 00:09 102,400 ---shr-- c:\windows\AppleDevice.exe
2009-04-04 00:09 381,164 a------- c:\windows\winupdate.exe
2009-04-02 23:32 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-02 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-03-31 18:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-30 19:58 <DIR> --d----- c:\program files\BUFFALO
2009-03-29 23:51 1,003,520 a------- c:\windows\system\Magixofa.dll
2009-03-29 23:51 106,496 a------- c:\windows\system\MagixOFA-uk.dll
2009-03-29 23:51 392,704 a------- c:\windows\system\LFCMP13n.dll
2009-03-29 23:51 327,680 a------- c:\windows\system\eModeUpgradeDlg.dll
2009-03-29 23:51 122,880 a------- c:\windows\system\Hhwmprxy7.dll
2009-03-29 23:51 60,416 a------- c:\windows\system\Dsetup.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhwmprxy.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhrashlp.dll
2009-03-29 23:51 118,784 a------- c:\windows\system\Zipdll.dll
2009-03-29 23:51 49,152 a------- c:\windows\system\Cpuinf32.dll
2009-03-29 23:47 49,152 a------- c:\windows\system\Mdll32.dll
2009-03-29 23:43 205,312 a------- c:\windows\system\Ltefx13n.dll
2009-03-29 23:39 265,728 a------- c:\windows\system\Ltdis13n.dll
2009-03-29 23:34 445,952 a------- c:\windows\system\Ltimg13n.dll
2009-03-29 23:29 445,440 a------- c:\windows\system\Ltkrn13n.dll
2009-03-29 23:25 139,264 a------- c:\windows\system\Ltfil13n.dll
2009-03-29 23:20 137,728 a------- c:\windows\system\Ijl10.dll
2009-03-29 23:03 131,072 a------- c:\windows\system\DAC32.DLL
2009-03-29 10:46 <DIR> --d----- c:\program files\AAMS
2009-03-29 08:51 28 a------- c:\windows\Robota.INI
2009-03-29 08:49 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-03-29 08:49 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-03-29 08:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-03-29 08:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-03-29 08:40 5,937 a------- c:\windows\mgxoschk.ini
2009-03-29 08:40 <DIR> --d----- c:\windows\system32\MAGIX
2009-03-29 08:40 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-03-29 01:07 <DIR> --dsh--- c:\documents and settings\chapter vi\IECompatCache
2009-03-29 01:05 <DIR> --dsh--- c:\documents and settings\chapter vi\PrivacIE
2009-03-29 00:59 <DIR> --dsh--- c:\documents and settings\chapter vi\IETldCache
2009-03-29 00:55 <DIR> --d----- c:\windows\ie8updates
2009-03-29 00:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-29 00:42 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-28 18:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-28 17:28 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-25 19:24 <DIR> --d----- C:\Downloads
2009-03-21 10:16 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-20 19:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:06 <DIR> --d----- c:\program files\Lavasoft
2009-03-20 00:57 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-20 00:57 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-20 00:57 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-20 00:57 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-20 00:57 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-20 00:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-20 00:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-20 00:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-17 23:52 232 a------- c:\windows\AudStu.INI
2009-03-17 18:12 118 a------- c:\windows\system32\MRT.INI
2009-03-17 18:10 77 a------- c:\windows\magix.ini
2009-03-17 18:08 106,496 a------- c:\windows\system32\MagixDS.dll
2009-03-17 18:08 35,422 a------- c:\windows\system32\EasiMME.hlp
2009-03-17 18:08 77,824 a------- c:\windows\system32\EASIMME.exe
2009-03-17 18:08 110,592 a------- c:\windows\system32\EASIMME.dll
2009-03-17 18:08 26,624 a------- c:\windows\system32\LOG_DS.AX
2009-03-17 18:08 13,524 a------- c:\windows\MAGIX midi studio g6 deLuxe.PRF
2009-03-17 18:08 <DIR> --d----- C:\MAGIX
2009-03-16 21:08 59 a------- c:\windows\system32\senekapukjqskn.dat
2009-03-16 21:06 888,867 a------- c:\windows\mjctlso010.exe
2009-03-16 21:06 104,458 a------- c:\windows\pkcorwu4.exe
2009-03-16 21:06 888,867 a------- c:\windows\qk62.exe
2009-03-16 21:06 31 a------- c:\windows\system32\hgset.ini
2009-03-16 21:06 888,867 a------- c:\windows\hpqgg758.exe
2009-03-16 21:03 888,867 a------- c:\windows\dlgpn8.exe
2009-03-16 21:03 104,458 a------- c:\windows\kqmmlikgbg033.exe
2009-03-16 21:03 119,296 a------- c:\windows\system32\hgcheck.exe
2009-03-16 21:03 1,169 a------- c:\windows\system32\senekalatkntxo.dat
2009-03-16 21:03 <DIR> --d----- c:\program files\IEToolbar
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui

==================== Find3M ====================

2009-04-04 03:43 171,080 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-04-04 03:43 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-04-04 01:10 40,960 a------- c:\program files\Uninstall_CDS.exe
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-18 03:09 87,608 a------- c:\docume~1\chapte~1\applic~1\inst.exe
2009-01-18 03:09 47,360 a------- c:\docume~1\chapte~1\applic~1\pcouffin.sys
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2008-04-13 20:12 344,064 ---shr-- c:\windows\system32\wsntfy.exe

============= FINISH: 20:21:56.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 05 April 2009 - 12:19 AM

Can anyone assist us? My daughter has to do research for a school project and this problem makes it nearly impossible.

Any help is appreciated.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 08 April 2009 - 04:22 PM

Hi Chapter6,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 08 April 2009 - 05:58 PM

Thank you so much for responding.

I will keep checking for any updates regularly.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 10 April 2009 - 02:13 PM

Hi Chapter6,

Yes, there are signs of infection on your machine.

Firstly,

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


Next we need to run a tool to remove the infections.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please also post a new DDS log in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 12 April 2009 - 08:57 AM

Here is my MBAM Log
___________________________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

4/12/2009 9:26:41 AM
mbam-log-2009-04-12 (09-25-54).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 143284
Time elapsed: 1 hour(s), 57 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
C:\Program Files\IEToolbar\Bullseye Tool Bar (Adware.BullseyeToolbar) -> No action taken.

Files Infected:
C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\tbhelper.dll (Adware.BullseyeToolbar) -> No action taken.
C:\WINDOWS\dlgpn8.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\hpqgg758.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\kqmmlikgbg033.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\mjctlso010.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\pkcorwu4.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\qk62.exe (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\basis.xml (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\date2.html (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\icons.bmp (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\info.txt (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.crc (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lwpopper.html (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popper3.html (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup1.html (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup2.html (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\uninstall.exe (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\version.txt (Adware.BullseyeToolbar) -> No action taken.
C:\Program Files\IEToolbar\Bullseye Tool Bar\your_logo.png (Adware.BullseyeToolbar) -> No action taken.
C:\WINDOWS\system32\senekalatkntxo.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekapukjqskn.dat (Trojan.Agent) -> No action taken.
___________________________________________________________________________________________________________________________________________________________

And here is my DDS Log
___________________________________________________________________________________________________________________________________________________________


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chapter VI at 9:40:02.51 on Sun 04/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.459 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chapter VI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uWindow Title = Microsoft Internet Explorer
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chapte~1\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217111545203
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217137365002
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
TCP: {1E3F1F3D-3061-45A4-9421-1D6BD954B468} = 208.67.222.222,208.67.220.220
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chapte~1\applic~1\mozilla\firefox\profiles\qpa2w37w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-20 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-12-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-12-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-12-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-12-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-12-21 32240]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-12-21 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-22 45848]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2008-8-15 15840]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-12-21 255216]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2009-2-14 23040]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-12-21 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-12-21 108368]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-28 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-28 3072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-12 00:48 <DIR> --d----- c:\docume~1\chapte~1\applic~1\Malwarebytes
2009-04-12 00:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-12 00:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 00:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-12 00:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-04 20:04 <DIR> --d----- c:\program files\Cobian Backup 9
2009-04-02 23:32 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-02 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-03-31 18:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-30 19:58 <DIR> --d----- c:\program files\BUFFALO
2009-03-29 23:51 1,003,520 a------- c:\windows\system\Magixofa.dll
2009-03-29 23:51 106,496 a------- c:\windows\system\MagixOFA-uk.dll
2009-03-29 23:51 392,704 a------- c:\windows\system\LFCMP13n.dll
2009-03-29 23:51 327,680 a------- c:\windows\system\eModeUpgradeDlg.dll
2009-03-29 23:51 122,880 a------- c:\windows\system\Hhwmprxy7.dll
2009-03-29 23:51 60,416 a------- c:\windows\system\Dsetup.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhwmprxy.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhrashlp.dll
2009-03-29 23:51 118,784 a------- c:\windows\system\Zipdll.dll
2009-03-29 23:51 49,152 a------- c:\windows\system\Cpuinf32.dll
2009-03-29 23:47 49,152 a------- c:\windows\system\Mdll32.dll
2009-03-29 23:43 205,312 a------- c:\windows\system\Ltefx13n.dll
2009-03-29 23:39 265,728 a------- c:\windows\system\Ltdis13n.dll
2009-03-29 23:34 445,952 a------- c:\windows\system\Ltimg13n.dll
2009-03-29 23:29 445,440 a------- c:\windows\system\Ltkrn13n.dll
2009-03-29 23:25 139,264 a------- c:\windows\system\Ltfil13n.dll
2009-03-29 23:20 137,728 a------- c:\windows\system\Ijl10.dll
2009-03-29 23:03 131,072 a------- c:\windows\system\DAC32.DLL
2009-03-29 10:46 <DIR> --d----- c:\program files\AAMS
2009-03-29 08:51 28 a------- c:\windows\Robota.INI
2009-03-29 08:49 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-03-29 08:49 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-03-29 08:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-03-29 08:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-03-29 08:40 5,937 a------- c:\windows\mgxoschk.ini
2009-03-29 08:40 <DIR> --d----- c:\windows\system32\MAGIX
2009-03-29 08:40 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-03-29 01:07 <DIR> --dsh--- c:\documents and settings\chapter vi\IECompatCache
2009-03-29 01:05 <DIR> --dsh--- c:\documents and settings\chapter vi\PrivacIE
2009-03-29 00:59 <DIR> --dsh--- c:\documents and settings\chapter vi\IETldCache
2009-03-29 00:55 <DIR> --d----- c:\windows\ie8updates
2009-03-29 00:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-29 00:42 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-28 18:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-28 17:28 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-25 19:24 <DIR> --d----- C:\Downloads
2009-03-21 10:16 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-20 19:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:06 <DIR> --d----- c:\program files\Lavasoft
2009-03-20 00:57 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-20 00:57 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-20 00:57 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-20 00:57 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-20 00:57 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-20 00:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-20 00:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-20 00:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-17 23:52 232 a------- c:\windows\AudStu.INI
2009-03-17 18:12 118 a------- c:\windows\system32\MRT.INI
2009-03-17 18:10 77 a------- c:\windows\magix.ini
2009-03-17 18:08 106,496 a------- c:\windows\system32\MagixDS.dll
2009-03-17 18:08 35,422 a------- c:\windows\system32\EasiMME.hlp
2009-03-17 18:08 77,824 a------- c:\windows\system32\EASIMME.exe
2009-03-17 18:08 110,592 a------- c:\windows\system32\EASIMME.dll
2009-03-17 18:08 26,624 a------- c:\windows\system32\LOG_DS.AX
2009-03-17 18:08 13,524 a------- c:\windows\MAGIX midi studio g6 deLuxe.PRF
2009-03-17 18:08 <DIR> --d----- C:\MAGIX
2009-03-16 21:06 31 a------- c:\windows\system32\hgset.ini
2009-03-16 21:03 <DIR> --d----- c:\program files\IEToolbar

==================== Find3M ====================

2009-04-12 09:29 175,640 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-04-12 09:29 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-04-04 01:10 40,960 a------- c:\program files\Uninstall_CDS.exe
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-18 03:09 87,608 a------- c:\docume~1\chapte~1\applic~1\inst.exe
2009-01-18 03:09 47,360 a------- c:\docume~1\chapte~1\applic~1\pcouffin.sys

============= FINISH: 9:43:06.47 ===============

Attached Files



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 13 April 2009 - 03:55 PM

Hi Chapter6,

Your MalwareBytes Anti-malware log shows "No Action Taken" on the malware that it found.

This means MBAM did nothing but a scan. Please run a quick scan with MBAM, make sure that everything is checked, and click Remove Selected.

Post the log in your next reply. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 13 April 2009 - 08:21 PM

Hey Mo,

When I ran the Mbam I selected to remove the items and it appeared to do that and then it asked me to restart in order to remove all of the items...
I restarted and a report came up showing no action was taken...

I will try it again and see what happens...
Standby for the log...
I will post it by morning...

Thanx again,
6

#9 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 13 April 2009 - 11:36 PM

Here goes the mbam log:

___________________________________________________________

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

4/14/2009 12:29:55 AM
mbam-log-2009-04-14 (00-29-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 143100
Time elapsed: 1 hour(s), 46 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________

I have 25 items in my quarantine...
Should I try to delete them?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 15 April 2009 - 12:41 PM

Hi Chapter6,

That looks a lot better. How is the computer running now?

Don't try and delete the MBAM quarantined files. Let's get the PC back first :thumbup2:

Let's do one last scan.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Post a new DDS log too

Thanks :)
Posted Image
m0le is a proud member of UNITE

#11 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 15 April 2009 - 09:05 PM

I'm on it.

As for the computer's health...
As compared to last week it is running a little better...
I still get redirected in when googling and If I am multitasking sometimes it shuts down without warning...
That never happened before...
Blugh...
But it is a tad bit faster now than it was last week.
Running Kaspersky will post updates when all is done.

Thanks again!

6

Edited by Chapter6, 15 April 2009 - 09:16 PM.


#12 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 15 April 2009 - 09:24 PM

Bad news...

Tried doing the Kaspersky thing...

This is what I got over and over...

I tried many different ways it kept getting same result.

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.



You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Invalid file signature]

I don't get it...

6

#13 Chapter6

Chapter6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 16 April 2009 - 06:51 AM

Okay,

Finally got it to work!

Here's my Kaspersky Scan

_________________________________________________________________________

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 16, 2009 05:26:54
Records in database: 2049617
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 65107
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:50:05


File name / Threat name / Threats count
E:\AVS Video Converter 6.2.4.330+crack by SND.zip Infected: Trojan.Win32.VB.lku 1

The selected area was scanned.

_________________________________________________________________________

Here is my DDS Log

_________________________________________________________________________


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chapter VI at 7:43:40.43 on Thu 04/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.748 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Chapter VI\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uWindow Title = Microsoft Internet Explorer
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chapte~1\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217111545203
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217137365002
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15105/CTPID.cab
TCP: {1E3F1F3D-3061-45A4-9421-1D6BD954B468} = 208.67.222.222,208.67.220.220
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LMIinit - LMIinit.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chapte~1\applic~1\mozilla\firefox\profiles\qpa2w37w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-20 64160]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-12-21 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-12-21 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-12-21 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-12-21 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-12-21 32240]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-12-21 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-22 45848]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2008-8-15 15840]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-12-21 255216]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2009-2-14 23040]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-12-21 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-12-21 108368]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-28 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-28 3072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-15 06:46 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:46 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 06:46 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:46 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:46 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:46 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 06:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-12 00:48 <DIR> --d----- c:\docume~1\chapte~1\applic~1\Malwarebytes
2009-04-12 00:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-12 00:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 00:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-12 00:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-04 20:04 <DIR> --d----- c:\program files\Cobian Backup 9
2009-04-02 23:32 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-02 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-03-31 18:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-30 19:58 <DIR> --d----- c:\program files\BUFFALO
2009-03-29 23:51 1,003,520 a------- c:\windows\system\Magixofa.dll
2009-03-29 23:51 106,496 a------- c:\windows\system\MagixOFA-uk.dll
2009-03-29 23:51 392,704 a------- c:\windows\system\LFCMP13n.dll
2009-03-29 23:51 327,680 a------- c:\windows\system\eModeUpgradeDlg.dll
2009-03-29 23:51 122,880 a------- c:\windows\system\Hhwmprxy7.dll
2009-03-29 23:51 60,416 a------- c:\windows\system\Dsetup.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhwmprxy.dll
2009-03-29 23:51 28,672 a------- c:\windows\system\Hhrashlp.dll
2009-03-29 23:51 118,784 a------- c:\windows\system\Zipdll.dll
2009-03-29 23:51 49,152 a------- c:\windows\system\Cpuinf32.dll
2009-03-29 23:47 49,152 a------- c:\windows\system\Mdll32.dll
2009-03-29 23:43 205,312 a------- c:\windows\system\Ltefx13n.dll
2009-03-29 23:39 265,728 a------- c:\windows\system\Ltdis13n.dll
2009-03-29 23:34 445,952 a------- c:\windows\system\Ltimg13n.dll
2009-03-29 23:29 445,440 a------- c:\windows\system\Ltkrn13n.dll
2009-03-29 23:25 139,264 a------- c:\windows\system\Ltfil13n.dll
2009-03-29 23:20 137,728 a------- c:\windows\system\Ijl10.dll
2009-03-29 23:03 131,072 a------- c:\windows\system\DAC32.DLL
2009-03-29 10:46 <DIR> --d----- c:\program files\AAMS
2009-03-29 08:51 28 a------- c:\windows\Robota.INI
2009-03-29 08:49 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-03-29 08:49 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-03-29 08:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MAGIX
2009-03-29 08:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
2009-03-29 08:40 5,937 a------- c:\windows\mgxoschk.ini
2009-03-29 08:40 <DIR> --d----- c:\windows\system32\MAGIX
2009-03-29 08:40 700,416 a------- c:\windows\system32\mgxoschk.dll
2009-03-29 01:07 <DIR> --dsh--- c:\documents and settings\chapter vi\IECompatCache
2009-03-29 01:05 <DIR> --dsh--- c:\documents and settings\chapter vi\PrivacIE
2009-03-29 00:59 <DIR> --dsh--- c:\documents and settings\chapter vi\IETldCache
2009-03-29 00:55 <DIR> --d----- c:\windows\ie8updates
2009-03-29 00:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-29 00:42 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-28 18:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-28 17:28 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-25 19:24 <DIR> --d----- C:\Downloads
2009-03-21 10:16 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-20 19:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:06 <DIR> --d----- c:\program files\Lavasoft
2009-03-20 00:57 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-20 00:57 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-20 00:57 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-20 00:57 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-20 00:57 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-20 00:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-20 00:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-20 00:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-17 23:52 232 a------- c:\windows\AudStu.INI
2009-03-17 18:12 118 a------- c:\windows\system32\MRT.INI
2009-03-17 18:10 77 a------- c:\windows\magix.ini
2009-03-17 18:08 106,496 a------- c:\windows\system32\MagixDS.dll
2009-03-17 18:08 35,422 a------- c:\windows\system32\EasiMME.hlp
2009-03-17 18:08 77,824 a------- c:\windows\system32\EASIMME.exe
2009-03-17 18:08 110,592 a------- c:\windows\system32\EASIMME.dll
2009-03-17 18:08 26,624 a------- c:\windows\system32\LOG_DS.AX
2009-03-17 18:08 13,524 a------- c:\windows\MAGIX midi studio g6 deLuxe.PRF
2009-03-17 18:08 <DIR> --d----- C:\MAGIX

==================== Find3M ====================

2009-04-15 07:54 179,880 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-04-15 07:54 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-04-04 01:10 40,960 a------- c:\program files\Uninstall_CDS.exe
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-18 03:09 87,608 a------- c:\docume~1\chapte~1\applic~1\inst.exe
2009-01-18 03:09 47,360 a------- c:\docume~1\chapte~1\applic~1\pcouffin.sys

============= FINISH: 7:45:39.90 ===============

Attached Files



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 17 April 2009 - 09:34 AM

Hi Chapter6,

Interesting...when reviewing the Kaspersky Log, it shows this:

E:\AVS Video Converter 6.2.4.330+crack by SND.zip Infected: Trojan.Win32.VB.lku 1

Someone on this system was trying to access cracks or a 'keygen'....this is a certain way to attract malware to your system. As well as being illegal, 'Cracks' and 'Keygens' are often associated or loaded with malware, and should be avoided (along with 'crack' sites).

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AVS Video Converter 6

Additional instructions can be found here if needed.


Then...

Use Windows Explorer to find and delete this file:

E:\AVS Video Converter 6.2.4.330+crack by SND.zip

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Finally...

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
To recap,

I need you to confirm deletion of the file and folder
I need the two OTViewIt logs
and The Gmer scan log

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:49 AM

Posted 19 April 2009 - 04:47 PM

Hi Chapter6,

I have not had a reply from you for 2 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users