Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking Google Searches opens a pop up


  • This topic is locked This topic is locked
47 replies to this topic

#1 PulpFic3

PulpFic3

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 12 April 2009 - 08:28 PM

Hey -

Had this problem at the end of last year as well. If and, hopefully, when I get this problem fixed I would love some suggestions for computer protection.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:11 PM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOW\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW\System32\nvsvc32.exe
C:\WINDOW\system32\HPZipm12.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\System32\WLTRYSVC.EXE
C:\WINDOW\System32\bcmwltry.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOW\ieocx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F45C4B6-6BA0-4996-A792-606AFCBB9D1E}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOW\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOW\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOW\System32\WLTRYSVC.EXE

--
End of file - 3441 bytes

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:36 PM

Posted 26 April 2009 - 12:03 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of both log.txt (<info.txt (< info.txt can also be found at c:\RSIT\info.txt.
Thank you for your patience.



Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.

Edited by SifuMike, 01 May 2009 - 09:07 PM.
inserted info.txt log request

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 01 May 2009 - 12:11 AM

Thanks for your respsonse - I will get the log up ASAP!

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 01 May 2009 - 04:57 PM

Hello PulpFic3,

suebaby41 has been called away, so I will step in an help you.

Please post the RSIT logs and I wiil review them

Edited by SifuMike, 01 May 2009 - 05:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 01 May 2009 - 08:04 PM

Thank you, SifuMike!

Here's the info from the log.txt:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Pulpfic at 2009-05-01 20:00:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 37 MB (0%) free of 57 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:49 PM, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOW\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW\System32\nvsvc32.exe
C:\WINDOW\system32\HPZipm12.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\System32\WLTRYSVC.EXE
C:\WINDOW\System32\bcmwltry.exe
C:\WINDOW\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Pulpfic\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pulpfic.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOW\ieocx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F45C4B6-6BA0-4996-A792-606AFCBB9D1E}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\..\{2D92E630-058F-4E76-8397-7522A0BC3CDA}: NameServer = 85.255.112.181,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.181,85.255.112.81
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOW\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOW\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOW\System32\WLTRYSVC.EXE

--
End of file - 3678 bytes

======Scheduled tasks folder======

C:\WINDOW\tasks\AppleSoftwareUpdate.job
C:\WINDOW\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06ec6572-7280-485a-a712-c380526bc048}]
IEocx Class - C:\WINDOW\ieocx.dll [2009-03-31 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-30 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-02-24 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-02-24 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOW\System32\WLTRAY.exe [2005-12-19 1347584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOW\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2004-03-04 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GC75-Manager-Class]
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe [2004-03-27 721017]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOW\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intense Registry Service]
IntEdReg.exe /CHECK []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOW\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOW\System32\NvCpl.dll [2004-01-08 4866048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOW\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOW\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysav]
C:\Documents and Settings\Pulpfic\Application Data\pcdefender.exe [2009-03-31 1021440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-30 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~2.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~2.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-06-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pulpfic^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-02-08 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOW\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{432a25d2-1afc-11dc-aa63-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceaee33a-dda3-11db-aa47-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======


======List of files/folders modified in the last 1 months======

2009-05-01 20:59:45 ----DC---- C:\WINDOW\temp
2009-05-01 20:59:42 ----DC---- C:\WINDOW
2009-05-01 20:59:36 ----D---- C:\Program Files\Mozilla Firefox
2009-04-13 01:52:18 ----AC---- C:\WINDOW\SchedLgU.Txt
2009-04-12 23:50:08 ----DC---- C:\WINDOW\Prefetch
2009-04-12 23:50:08 ----D---- C:\Documents and Settings\Pulpfic\Application Data\U3
2009-04-12 22:32:39 ----DC---- C:\WINDOW\system32\CatRoot2
2009-04-12 20:17:42 ----DC---- C:\WINDOW\system32
2009-04-12 20:17:42 ----AC---- C:\WINDOW\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOW\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOW\System32\DRIVERS\omci.sys [2004-02-13 17153]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOW\System32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOW\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOW\System32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOW\System32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOW\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOW\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOW\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOW\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOW\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOW\System32\DRIVERS\nv4_mini.sys [2004-01-08 1378636]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOW\system32\drivers\stac97.sys [2004-01-19 256688]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOW\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOW\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOW\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 MCSTRM;MCSTRM; C:\WINDOW\system32\drivers\MCSTRM.sys []
S3 ATWPKT2;ATWPKT2; \??\C:\WINDOW\system32\drivers\ATWPKT2.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOW\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOW\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOW\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOW\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOW\system32\DRIVERS\point32.sys [2006-11-08 21760]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOW\system32\drivers\tbhsd.sys [2006-06-21 15488]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOW\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOW\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOW\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOW\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOW\System32\nvsvc32.exe [2004-01-08 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOW\system32\HPZipm12.exe [2006-03-03 69632]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOW\System32\WLTRYSVC.EXE [2005-12-19 18944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOW\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Here's the info from info.txt:

Logfile of random's system information tool (written by random/random)
Run by Drakattack at 2008-09-09 17:40:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (4%) free of 57 GB
Total RAM: 511 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:48 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\Explorer.EXE
C:\WINDOW\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW\System32\nvsvc32.exe
C:\WINDOW\system32\HPZipm12.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\System32\WLTRYSVC.EXE
C:\WINDOW\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOW\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Drakattack\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Drakattack.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOW\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOW\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOW\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOW\System32\WLTRYSVC.EXE

--
End of file - 3293 bytes

Scheduled tasks folder

C:\WINDOW\tasks\AppleSoftwareUpdate.job
C:\WINDOW\tasks\Microsoft_Hardware_Launch_IType_exe.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOW\System32\NvCpl.dll [2004-01-08 4866048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-30 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-06-10 2321600]
"Aim6"= []
"ctfmon.exe"=C:\WINDOW\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-06-10 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.0\AOL.EXE -b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOW\System32\WLTRAY.exe [2005-12-19 1347584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOW\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2004-03-05 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GC75-Manager-Class]
C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe [2004-03-27 721017]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1175134804\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOW\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intense Registry Service]
C:\WINDOW\system32\IntEdReg.exe [2002-10-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOW\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\WINDOW\system32\nwiz.exe [2004-01-08 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOW\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOW\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun]
C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-30 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
C:\Program Files\Tunebite\tunebite.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~2.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~2.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-06-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Drakattack^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-02-08 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOW\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{432a25d2-1afc-11dc-aa63-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceaee33a-dda3-11db-aa47-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe -a


List of files/folders created in the last three months

2008-09-09 17:40:44 ----DC---- C:\rsit
2008-09-09 16:21:38 ----D---- C:\Program Files\CCleaner
2008-09-01 16:28:58 ----D---- C:\Program Files\Trend Micro
2008-09-01 08:22:26 ----AC---- C:\WINDOW\system32\a.exe
2008-08-26 18:14:37 ----D---- C:\Program Files\Bonjour
2008-08-26 18:14:28 ----DC---- C:\WINDOW\system32\DRVSTORE
2008-08-26 18:13:40 ----D---- C:\Program Files\Common Files\Apple
2008-08-19 20:06:50 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-08-19 20:06:02 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-07-13 00:54:43 ----D---- C:\Program Files\Kate's Video Joiner
2008-07-13 00:54:43 ----D---- C:\Program Files\Common Files\wsm
2008-07-13 00:38:43 ----D---- C:\Program Files\7-Zip
2008-07-02 22:36:23 ----D---- C:\Documents and Settings\Drakattack\Application Data\vlc
2008-07-02 22:18:37 ----D---- C:\Documents and Settings\All Users.WINDOW\Application Data\Apple
2008-06-29 18:50:09 ----AC---- C:\WINDOW\msoffice.ini

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOW\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOW\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOW\System32\DRIVERS\omci.sys [2004-02-13 17153]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOW\System32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOW\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOW\System32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOW\System32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOW\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOW\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOW\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOW\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOW\System32\DRIVERS\nv4_mini.sys [2004-01-08 1378636]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOW\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOW\system32\drivers\stac97.sys [2004-01-19 256688]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOW\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOW\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOW\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 MCSTRM;MCSTRM; C:\WINDOW\system32\drivers\MCSTRM.sys []
S3 ATWPKT2;ATWPKT2; \??\C:\WINDOW\system32\drivers\ATWPKT2.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOW\system32\drivers\bvrp_pci.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOW\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOW\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOW\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOW\system32\drivers\tbhsd.sys [2006-06-21 15488]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOW\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOW\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOW\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOW\System32\nvsvc32.exe [2004-01-08 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOW\system32\HPZipm12.exe [2006-03-03 69632]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOW\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOW\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------



Thank you!

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 01 May 2009 - 09:06 PM

Hi PulpFic3,

The info.txt does not look right.

It can be found at c:\RSIT\info.txt

Please post it again. Thanks. :thumbup2:

Clicking Google Searches opens a pop up

What does the popup say?
BTW, are you using Goolge and Firefox browser? Or are you using Google with IE?

***********

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

***********

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by SifuMike, 01 May 2009 - 09:22 PM.
insert malwarebyes

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 17 May 2009 - 12:22 PM

Hey!

Sorry this has taken such an extremely long time!

In regards to your question, if I Google the word help, for example, the first listing is for help.com. When I click the link it opens up a new tab (in Mozilla Firefox) for the website citysearch. The websites are always different, though. Using Internet Exlporer produces the same results, but as pop-ups.

I am going to download the maleware stuff now. Thank you!

Here is the info.txt file - I must have copied a really old one, I think this one is right.

info.txt logfile of random's system information tool 1.06 2009-05-17 12:16:23

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOW\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
AC-3 ACM Codec-->C:\WINDOW\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOW\INF\AC3ACM.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOW\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOW\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOW\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player-->C:\WINDOW\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOW\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Before You Know It 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86561372-55DC-4925-80A9-9BDEAC0A527D}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell TrueMobile GPRS Driver-->C:\WINDOW\system32\GC75DU.exe verbose
Dell TrueMobile GPRS Manager-->C:\WINDOW\system32\GC75MU.exe verbose
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanelAnyText
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
getPlus®_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOW\inf\GETPLUSd.INF, DefaultUninstall
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOW\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Kate's Video Joiner-->"C:\Program Files\Kate's Video Joiner\unins000.exe"
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOW\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOW\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOW\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOW\System32\nvinstnt.dll,NvUninstallNT4 nvdm.inf
PlayMYDVD-->"C:\Program Files\PlayMYDVD\Uninstall.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Russian Phonetic Student - RusWin.net - Custom-->MsiExec.exe /I{AAEA8C1E-6335-467A-9115-A111F368C695}
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOW\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOW\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOW\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOW\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: PULPFIC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 9119
Source Name: Disk
Time Written: 20080915232207.000000-300
Event Type: warning
User:

Computer Name: PULPFIC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 9118
Source Name: Disk
Time Written: 20080915232206.000000-300
Event Type: warning
User:

Computer Name: PULPFIC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 9117
Source Name: Disk
Time Written: 20080915232206.000000-300
Event Type: warning
User:

Computer Name: PULPFIC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 9116
Source Name: Disk
Time Written: 20080915232205.000000-300
Event Type: warning
User:

Computer Name: PULPFIC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 9115
Source Name: Disk
Time Written: 20080915232203.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: PULPFIC
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 241
Source Name: Application Error
Time Written: 20070519161642.000000-300
Event Type: error
User:

Computer Name: PULPFIC
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.30919, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 239
Source Name: Application Hang
Time Written: 20070518125109.000000-300
Event Type: error
User:

Computer Name: PULPFIC
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.30919, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 238
Source Name: Application Hang
Time Written: 20070518125022.000000-300
Event Type: error
User:

Computer Name: PULPFIC
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.30919, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 228
Source Name: Application Hang
Time Written: 20070511222245.000000-300
Event Type: error
User:

Computer Name: PULPFIC
Event Code: 1001
Message: Detection of product '{91110409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP5Files' failed during request for component '{D362F5FA-9939-40E1-BC1F-EF575164DAB9}'

Record Number: 224
Source Name: MsiInstaller
Time Written: 20070511142559.000000-300
Event Type: warning
User: PULPFIC\PulpFic

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 17 May 2009 - 12:27 PM

I am unable to get the malware stuff to work. CNET is the only website that opnes. After downloading the file, I double click on it and get the message box to "Run" the file. I click run and then nothing happens. The other two pages won't even load, which seems to be part of the virus - I have trouble accessing some fix sites.

Here's the log from the Security check file,

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
ECHO is off.
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

HijackThis 2.0.2
CCleaner (remove only)
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 40 seconds.
`````````End of Log```````````

Edited by PulpFic3, 17 May 2009 - 12:34 PM.


#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 17 May 2009 - 02:22 PM

Hi PulpFic3,


I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed :!:
This is somewhat suicidal in today's digital world. 8O
That's why I want you to install one first!!

Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus :!:

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirus scan is not present which should be able to deal with most and prevent further reinfection.

Edited by SifuMike, 17 May 2009 - 02:25 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 18 May 2009 - 12:46 AM

Thanks for the help! I don't usually use this computer as much - hence the lack of protection - but it does have a lot of information on it I need to back up soon...and I'd like for it to be somewhat clean...Anyway! Thank you for all the help!

Here's the log:

Avira AntiVir Personal
Report file date: Sunday, May 17, 2009 23:33

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PULPFIC

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 14:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 02:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 13:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 20:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 23:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 02:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 17:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 00:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 19:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 02:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 21:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 02:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 19:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 20:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 17:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, May 17, 2009 23:33

Starting search for hidden objects.
c:\window\system32\gaopdxcounter
[INFO] The file is not visible.
c:\window\system32\gaopdxvpnxurrjlyithheepabrewbsbxwetmaw.dll
[INFO] The file is not visible.
c:\window\system32\uacampvajik.dll
[INFO] The file is not visible.
c:\window\system32\uacdytlkekp.dat
[INFO] The file is not visible.
c:\window\system32\uacinit.dll
[INFO] The file is not visible.
c:\window\system32\uacldhqebeb.dll
[INFO] The file is not visible.
c:\window\system32\uaclrxidkcy.dll
[INFO] The file is not visible.
c:\window\system32\uacqwopilmg.log
[INFO] The file is not visible.
c:\window\system32\uactklnlkph.dll
[INFO] The file is not visible.
c:\window\system32\uacxdpxyqyb.dll
[INFO] The file is not visible.
c:\window\system32\drivers\gaopdxsrsnvwqwmqpuymbnmtkyfwkejwmdycrf.sys
[INFO] The file is not visible.
c:\window\system32\drivers\uacwutwhtpa.sys
[INFO] The file is not visible.
c:\documents and settings\PulpFic n. micklin\local settings\temp\uaca4b1.tmp
[INFO] The file is not visible.
[DETECTION] Is the TR/Patched.EQ Trojan
[INFO] No SpecVir entry was found!
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UACd.sys\group
[INFO] The registry entry is invisible.
'55745' objects were checked, '23' hidden objects were found.

The scan of running processes will be started
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C174278
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C174278
[DETECTION] Is the TR/Dldr.U Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32860A16.exe
[DETECTION] Contains recognition pattern of the JAVA/Binny.A Java virus
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34011075.exe
[DETECTION] Is the TR/Agent.aox Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34C26933
[DETECTION] Is the TR/Agent.aox Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34D23B21
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34D23B21
--> Object
[DETECTION] Is the TR/Drop.Agent.CR Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353B7AAE
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353B7AAE
--> Object
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.AA.24 back-door program
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353E24AA
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353E24AA
--> Object
[DETECTION] Is the TR/Drop.Agent.CR Trojan
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550B336D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550B336D.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Improg.1 back-door program
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550E5D69.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550E5D69.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Improg.1 back-door program
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55110766.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55110766.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Improg.1 back-door program
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57501B29.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57501B29.exe
[DETECTION] Contains recognition pattern of the WORM/Eyeveg.m.5.A worm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57641714.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57641714.exe
[DETECTION] Contains recognition pattern of the WORM/Eyeveg.m.5.A worm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F0E2768.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F0E2768.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E797718.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E797718.exe
[DETECTION] Contains recognition pattern of the WORM/Eyeveg.m.5.A worm
C:\QooBox\Quarantine\C\WINDOW\system32\a.exe.vir
[DETECTION] Is the TR/FraudPack.26624 Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\tdssadw.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\tdssl.dll.vir
[DETECTION] Is the TR/Dldr.Small.acri Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\tdsslog.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
C:\QooBox\Quarantine\C\WINDOW\system32\tdssmain.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\tdssserf.dll.vir
[DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\tdssserf1.dll.vir
[DETECTION] Is the TR/Agent.8704.76 Trojan
C:\QooBox\Quarantine\C\WINDOW\system32\drivers\tdssserv.sys.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.aow.1 back-door program
C:\QooBox\Quarantine\C\WINDOWS\xpupdate.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\WINDOW\ieocx.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\nnlkj.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\sjurrmdj.dll
[DETECTION] Contains recognition pattern of the ADSPY/Virtumonde.AR.2 adware or spyware
C:\WINDOWS\system32\yabba.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\ynwiyywl.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [1005]: The volume does not contain a recognized file system.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [1005]: The volume does not contain a recognized file system.

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4a84f623.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C174278
[NOTE] The file was moved to '4a41f5f6.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32860A16.exe
[DETECTION] Contains recognition pattern of the JAVA/Binny.A Java virus
[NOTE] The file was moved to '4a48f5e5.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34011075.exe
[DETECTION] Is the TR/Agent.aox Trojan
[NOTE] The file was moved to '4a40f5e7.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34C26933
[DETECTION] Is the TR/Agent.aox Trojan
[NOTE] The file was moved to '4a53f5e7.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34D23B21
[NOTE] The file was moved to '4a54f5e7.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353B7AAE
[NOTE] The file was moved to '4a43f5e8.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\353E24AA
[NOTE] The file was moved to '49b302b9.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550B336D.exe
[NOTE] The file was moved to '4a40f5e8.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550E5D69.exe
[NOTE] The file was moved to '49ae3a99.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55110766.exe
[NOTE] The file was moved to '4a41f5e8.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57501B29.exe
[NOTE] The file was moved to '4a45f5ea.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57641714.exe
[NOTE] The file was moved to '4a46f5ea.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F0E2768.exe
[NOTE] The file was moved to '4a40f5fa.qua'!
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E797718.exe
[NOTE] The file was moved to '4a47f5f9.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\a.exe.vir
[DETECTION] Is the TR/FraudPack.26624 Trojan
[NOTE] The file was moved to '4a75f5e2.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdssadw.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a83f619.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdssl.dll.vir
[DETECTION] Is the TR/Dldr.Small.acri Trojan
[NOTE] The file was moved to '4e97da32.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdsslog.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
[NOTE] The file was moved to '4e96c5ea.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdssmain.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e95cda2.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdssserf.dll.vir
[DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
[NOTE] The file was moved to '4e94b59a.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\tdssserf1.dll.vir
[DETECTION] Is the TR/Agent.8704.76 Trojan
[NOTE] The file was moved to '4e9bbd52.qua'!
C:\QooBox\Quarantine\C\WINDOW\system32\drivers\tdssserv.sys.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.aow.1 back-door program
[NOTE] The file was moved to '4e99acc2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\xpupdate.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4a85f625.qua'!
C:\WINDOW\ieocx.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b809b0b.qua'!
C:\WINDOWS\system32\nnlkj.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a7cf627.qua'!
C:\WINDOWS\system32\sjurrmdj.dll
[DETECTION] Contains recognition pattern of the ADSPY/Virtumonde.AR.2 adware or spyware
[NOTE] The file was moved to '4a85f623.qua'!
C:\WINDOWS\system32\yabba.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a72f61a.qua'!
C:\WINDOWS\system32\ynwiyywl.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a87f627.qua'!


End of the scan: Monday, May 18, 2009 00:44
Used time: 1:09:59 Hour(s)

The scan has been done completely.

11686 Scanned directories
336137 Files were scanned
30 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
29 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
336106 Files not concerned
2376 Archives were scanned
2 Warnings
30 Notes
55745 Objects were scanned with rootkit scan
23 Hidden objects were found

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 18 May 2009 - 09:10 AM

Hi PulpFic3,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

I double click on it and get the message box to "Run" the file. I click run and then nothing happens.


If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan.


BTW, did you run ComboFix on you own? :thumbup2:

And did you used to have Norton Internet Security\Norton AntiVirus on this computer? Has it expired?

Edited by SifuMike, 18 May 2009 - 09:13 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 18 May 2009 - 03:10 PM

Java update/removal done!

The Malewarebytes still does not work. I cannot get passed the first stage of double clicking on mbam-setup.exe to install the application. I click Run there and nothing happens.

I think I may have run ComboFix a while ago with someone when I was trying to fix my computer.

My Norton expired a long time ago, I believe (I think it came with the computer). Probably some 3-5 years ago. Like I said, I don't use this computer too much.

Thanks for all the help!

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 18 May 2009 - 03:41 PM

Hi PulpFic3,


If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

Post the log it produces.

I think I may have run ComboFix a while ago with someone when I was trying to fix my computer.


You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.

If you have Combofix on your desktop, then delete it.
See if you have still have C:\Combofix.txt. If so, then post it.


My Norton expired a long time ago, I believe (I think it came with the computer). Probably some 3-5 years ago.



I see remnants of Norton present here, because it was not properly uninstalled previously

* To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm

Edited by SifuMike, 18 May 2009 - 03:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 PulpFic3

PulpFic3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 20 May 2009 - 01:40 PM

Hi -

I don't have a ComboFix folder.

I was able to get MBAM to install, however it did not launch after I clicked finish. I went to the mbam.exe file and renamed it newtool.exe and double clicked and it still will not launch.

I do not know which Norton product I have as it came with this computer many years ago...nor do I have the product key on me.

Thanks!

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:36 PM

Posted 20 May 2009 - 03:13 PM

Hi,

See if you have ComboFix on you desktop, if so delete it.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

Delete C:\Qoobox folde, if it exists.

Let me know when you have done this and we will continue.

Edited by SifuMike, 20 May 2009 - 03:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users