Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Firefox Add-On With 220,000+ Installs Caught Collecting Users’ Browsing History

Featured Deal: Get 73% off of a Sticky Password Premium: Lifetime Subscription Deal

Photo

Infected by rogue spyware

Started by serum79 , Jul 02 2009 04:56 AM

  • Please log in to reply
9 replies to this topic

#1 serum79

serum79

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:01:20 PM

Posted 02 July 2009 - 04:56 AM

Hello,

Thanks for helping me with this issue.
I cannot get rid of a rogue spyware application.
I tried using Malware Byte's and VIPRE anti-virus software. VIPRE keeps finding the virus after each scan of my computer, but whether I choose quarantine or remove the virus remains and I still see the red circle/white x icon in my systray that tries to install antivirusagent or system guard.

Here is my DDS.txt log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brian at 5:46:03.29 on Thu 07/02/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.496 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe
C:\WINDOWS\System32\brastia.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost
C:\DOCUME~1\Brian\LOCALS~1\Temp\C.tmp
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRun: [brastia] c:\windows\system32\brastia.exe
uRun: [defender32.exe] c:\docume~1\brian\locals~1\temp\defender32.exe
mRun: [HostManager] c:\program files\common files\aol\1233955266\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [brastia] c:\windows\system32\brastia.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
StartupFolder: c:\documents and settings\brian\start menu\programs\startup\legupd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: lij.edu
Trusted Zone: northshorelij.com
Trusted Zone: nshs.edu
Trusted Zone: nslij.com
Trusted Zone: nslijhs.net
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxps://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139566713078
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxps://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rap.northshorelij.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
TCP: {5AE999A2-ED35-4D12-A1C6-F49136389E55} = 218.93.202.110,218.93.202.111
TCP: {B9447DF0-7BFB-4AEC-B54A-16B9C36EA4BA} = 218.93.202.110,218.93.202.111
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
AppInit_DLLs: bbqxvp.dll hzibov.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\5s0eun4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: XUL Cache: {0337F271-AD89-4799-B6CD-9C3D6B1B84A9} - c:\documents and settings\brian\local settings\application data\{0337F271-AD89-4799-B6CD-9C3D6B1B84A9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R?Unknown {13F4BB54-6686-4243-B759AD85582EDAF0};{13F4BB54-6686-4243-B759AD85582EDAF0}; [x]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [2009-3-26 64480]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-7-1 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-4-30 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-7-1 202928]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-6-10 980264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-7-1 77616]
RUnknown {2B02B401-1EE7-4007-B21ECF1EA6BBDB6E};{2B02B401-1EE7-4007-B21ECF1EA6BBDB6E}; [x]

=============== Created Last 30 ================

2009-07-02 05:38 29,184 a------- c:\windows\system32\gdi32lib.dll
2009-07-02 05:38 <DIR> --d----- c:\documents and settings\brian\XP Deluxe Protector
2009-07-02 05:36 <DIR> --d----- c:\windows\system32\kªÂwÐüT
2009-07-01 21:04 77,616 a------- c:\windows\system32\drivers\sbapifs.sys
2009-07-01 21:04 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-07-01 20:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-07-01 20:46 <DIR> --d----- c:\docume~1\brian\applic~1\Sunbelt
2009-07-01 20:45 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-07-01 20:45 <DIR> --d----- c:\program files\Sunbelt Software
2009-07-01 20:36 26,624 a------- c:\windows\system32\winarps32.exe
2009-07-01 20:33 9,728 a------- c:\windows\system32\brastia.exe
2009-06-21 06:05 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-21 06:05 1,409 a------- c:\windows\QTFont.for
2009-06-10 06:00 68,392 a------- c:\windows\system32\sbbd.exe

==================== Find3M ====================


============= FINISH: 5:46:40.03 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:06:20 PM

Posted 02 July 2009 - 08:43 AM

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 serum79

serum79
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:01:20 PM

Posted 02 July 2009 - 03:26 PM

Thank you for your help

Here is the GooredFix log:

GooredFix by jpshortstuff (30.06.09)
Log created at 16:05 on 02/07/2009 (Brian)
Firefox version 2.0.0.20 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{0337F271-AD89-4799-B6CD-9C3D6B1B84A9} -> Success!
Deleting C:\Documents and Settings\Brian\Local Settings\Application Data\{0337F271-AD89-4799-B6CD-9C3D6B1B84A9} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
talkback@mozilla.org [10:04 24/05/2008]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:03 16/08/2006]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:09 27/12/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:09 27/12/2008]

-=E.O.F=-


Here is the ComboFix log:

ComboFix 09-07-01.04 - Brian 07/02/2009 16:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.710 [GMT -4:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brian\Application Data\wiaserva.log
c:\documents and settings\Brian\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Brian\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Brian\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Brian\Start Menu\Programs\Startup\legupd32.exe
c:\documents and settings\Brian\XP Deluxe Protector
c:\windows\Installer\14f9e4.msi
c:\windows\system32\brastia.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\wiaserviv.log

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{B2A4B0B9-4CD5-401B-91D8-50FA3E82993D}\RP191\A0018342.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 20:12 . 2001-08-23 12:00 45056 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-02 20:12 . 2001-08-23 12:00 45056 ----a-w- c:\windows\system32\proquota.exe
2009-07-02 09:38 . 2009-07-02 09:38 29184 ----a-w- c:\windows\system32\gdi32lib.dll
2009-07-02 09:36 . 2009-07-02 09:36 -------- d-----w- c:\windows\system32\kªÂwÐüT
2009-07-02 01:04 . 2009-05-13 21:30 77616 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-07-02 01:04 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\documents and settings\Brian\Application Data\Sunbelt
2009-07-02 00:45 . 2008-10-09 13:48 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-07-02 00:45 . 2009-07-02 00:45 -------- d-----w- c:\program files\Sunbelt Software
2009-07-02 00:36 . 2009-07-02 09:35 26624 ----a-w- c:\windows\system32\winarps32.exe
2009-06-10 10:00 . 2009-06-10 10:00 68392 ----a-w- c:\windows\system32\sbbd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 09:30 . 2007-07-13 17:58 -------- d-----w- c:\documents and settings\Brian\Application Data\Juniper Networks
2009-07-02 09:23 . 2008-12-20 12:28 -------- d-----w- c:\documents and settings\Brian\Application Data\uTorrent
2009-07-02 00:37 . 2009-05-18 22:15 -------- d-----w- c:\program files\Centricity
2009-07-02 00:37 . 2008-12-15 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 00:14 . 2006-02-11 05:02 -------- d-----w- c:\program files\Soulseek
2009-06-27 12:12 . 2006-02-11 01:11 -------- d-----w- c:\program files\mIRC
2009-06-09 22:50 . 2007-07-13 17:58 37021 ----a-w- c:\documents and settings\Brian\Application Data\Juniper Networks\Setup\uninstall.exe
2009-05-19 22:13 . 2009-05-19 22:13 38962 ----a-w- c:\documents and settings\Brian\Application Data\Juniper Networks\Host Checker\uninstall.exe
2009-05-19 22:10 . 2007-07-13 17:58 -------- d-----w- c:\program files\Juniper Networks
2009-05-19 21:36 . 2009-05-19 21:35 -------- d-----w- c:\documents and settings\Brian\Application Data\Download Manager
2009-05-19 05:36 . 2009-06-15 20:17 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-15 20:17 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-15 20:17 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-15 20:17 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-15 20:17 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-15 20:17 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-15 20:17 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-15 20:17 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-18 22:15 . 2007-03-07 17:12 -------- d-----w- c:\program files\Citrix
2009-04-30 17:56 . 2009-04-30 17:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2008-12-19 00:33 . 2006-08-16 09:03 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 00:33 . 2006-08-16 09:03 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 00:33 . 2007-10-03 14:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 00:33 . 2007-10-03 14:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 00:33 . 2006-08-16 09:03 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-15 09:31 . 2008-04-15 09:28 24 --sh--w- c:\windows\S3EC63087.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1233955266\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-15 286720]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-06-10 959784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-8-2 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-7-26 581632]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-11-29 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [12/27/2007 11:23 PM 64160]
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/1/2009 9:04 PM 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [7/1/2009 8:45 PM 202928]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [7/1/2009 9:04 PM 77616]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]

2006-05-10 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8139615946.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brastia - c:\windows\System32\brastia.exe
HKLM-Run-brastia - c:\windows\System32\brastia.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: lij.edu
Trusted Zone: northshorelij.com
Trusted Zone: nshs.edu
Trusted Zone: nslij.com
Trusted Zone: nslijhs.net
TCP: {5AE999A2-ED35-4D12-A1C6-F49136389E55} = 218.93.202.110,218.93.202.111
TCP: {B9447DF0-7BFB-4AEC-B54A-16B9C36EA4BA} = 218.93.202.110,218.93.202.111
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\5s0eun4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 16:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(672)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-07-02 16:15
ComboFix-quarantined-files.txt 2009-07-02 20:15

Pre-Run: 1,498,791,936 bytes free
Post-Run: 1,930,809,344 bytes free

158 --- E O F --- 2009-01-14 05:32


Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:03 PM, on 7/2/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.lij.edu (HKLM)
O15 - Trusted Zone: *.northshorelij.com (HKLM)
O15 - Trusted Zone: *.nshs.edu (HKLM)
O15 - Trusted Zone: *.nslij.com (HKLM)
O15 - Trusted Zone: *.nslijhs.net (HKLM)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139566713078
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://rap.northshorelij.com/dana-cached/s...perSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE999A2-ED35-4D12-A1C6-F49136389E55}: NameServer = 218.93.202.110,218.93.202.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9447DF0-7BFB-4AEC-B54A-16B9C36EA4BA}: NameServer = 218.93.202.110,218.93.202.111
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe

--
End of file - 8312 bytes

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:06:20 PM

Posted 03 July 2009 - 03:46 AM

Hi,

Please go to VirSCAN and have this file scanned:
c:\windows\system32\winarps32.exe
Let me know the result.

Unless you recognize it, please delete this folder:
c:\windows\system32\kªÂwÐüT

How are things running at the moment? Please run MalwareBytes' Anti-Malware, update it, and run a Full Scan so we can see if there's anything left.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 serum79

serum79
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:01:20 PM

Posted 03 July 2009 - 08:06 AM

Thank you for your help!!

I tired to upload c:\windows\system32\winarps32.exe into virscan, but got the error that the file cannot be found. I ran to the system32 folder and did not see that file.

I deleted the folder c:\windows\system32\kªÂwÐüT

I think that the combo of VIPRE/Malware byte's got rid of the red circle white x icon, but there is definitely some trojan still left on my machine because it is running really bad. If I open firefox, aol, windows media player, or any application really, then my computer the app will freeze or not load properly and then my computer will freeze and I have to reboot, this happens every 20 minutes on my computer.
My brother who is normally good with these sort of things stopped by and tried a few things, but to no effect.

I have updated Malware Byte's and it finds 3 trojans, but I cannot remove them. I have tried about 6 times after multiple reboots too
Each time i click remove files Malware byte's goes straight to not responding.
I feel like my computer is barely usable at this point because of the constant freezing

Here is the Malwarebyte's log:

Malwarebytes' Anti-Malware 1.38
Database version: 2365
Windows 5.1.2600 Service Pack 1

7/3/2009 8:58:26 AM
mbam-log-2009-07-03 (08-58-23).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 178582
Time elapsed: 30 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{b2a4b0b9-4cd5-401b-91d8-50fa3e82993d}\RP192\A0020443.exe (Trojan.Backdoor) -> No action taken.
c:\system volume information\_restore{b2a4b0b9-4cd5-401b-91d8-50fa3e82993d}\RP192\A0020445.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{b2a4b0b9-4cd5-401b-91d8-50fa3e82993d}\RP192\A0020446.exe (Trojan.Backdoor) -> No action taken.

Edited by serum79, 03 July 2009 - 08:09 AM.

#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:06:20 PM

Posted 03 July 2009 - 08:12 AM

Don't worry about those items MBAM is finding, they are in your System Restore which will be cleared when we finish.

Nothing bad is jumping out at me, let's have another look.

Please run DDS again and post both of the logs. In addition, please run this Anti-Rootkit scan.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 serum79

serum79
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:01:20 PM

Posted 03 July 2009 - 10:38 AM

Thanks again for your help.

Here is the DDS.txt. log


DDS (Ver_09-06-26.01) - NTFSx86
Run by Brian at 9:11:29.90 on Fri 07/03/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.546 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AOL 9.1\shellmon.exe
C:\Documents and Settings\Brian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [HostManager] c:\program files\common files\aol\1233955266\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: lij.edu
Trusted Zone: northshorelij.com
Trusted Zone: nshs.edu
Trusted Zone: nslij.com
Trusted Zone: nslijhs.net
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxps://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139566713078
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxps://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://rap.northshorelij.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
TCP: {5AE999A2-ED35-4D12-A1C6-F49136389E55} = 218.93.202.110,218.93.202.111
TCP: {B9447DF0-7BFB-4AEC-B54A-16B9C36EA4BA} = 218.93.202.110,218.93.202.111
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
AppInit_DLLs: bbqxvp.dll hzibov.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\5s0eun4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [2009-3-26 64480]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38160]

=============== Created Last 30 ================

2009-07-02 21:13 749,568 ac------ c:\windows\system32\dllcache\setup_wm.exe
2009-07-02 21:13 192,512 ac------ c:\windows\system32\dllcache\unregmp2.exe
2009-07-02 21:13 98,304 ac------ c:\windows\system32\dllcache\wmpshell.dll
2009-07-02 21:13 73,728 ac------ c:\windows\system32\dllcache\wmplayer.exe
2009-07-02 21:13 7,680 ac------ c:\windows\system32\dllcache\asferror.dll
2009-07-02 21:13 98,304 a------- c:\windows\system32\wmpshell.dll
2009-07-02 21:13 7,680 a------- c:\windows\system32\asferror.dll
2009-07-02 20:43 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-21 06:05 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-21 06:05 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 18,456 a------- c:\windows\system32\drivers\mbam.sys

============= FINISH: 9:11:51.43 ===============


Here is the Attach.txt log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2006 12:00:55 AM
System Uptime: 7/3/2009 8:18:42 AM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 478 | 3066/133mhz
Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 478 | 3066/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 1.829 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 151 GiB total, 18.717 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_57701462&REV_02\3&13C0B0C5&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_57701462&REV_02\3&13C0B0C5&0&FB
Service:

==== System Restore Points ===================

RP100: 4/4/2009 8:17:17 AM - System Checkpoint
RP101: 4/4/2009 2:51:15 PM - Installed Data Lifeguard Tools
RP102: 4/4/2009 3:00:20 PM - Removed Data Lifeguard Tools
RP103: 4/5/2009 4:04:47 PM - System Checkpoint
RP104: 4/6/2009 6:14:52 PM - System Checkpoint
RP105: 4/6/2009 8:49:49 PM - Configured PartitionMagic
RP106: 4/7/2009 9:09:21 PM - System Checkpoint
RP107: 4/8/2009 10:35:47 PM - System Checkpoint
RP108: 4/9/2009 10:42:06 PM - System Checkpoint
RP109: 4/10/2009 11:09:22 PM - System Checkpoint
RP110: 4/11/2009 11:10:26 PM - System Checkpoint
RP111: 4/13/2009 12:09:22 AM - System Checkpoint
RP112: 4/14/2009 1:09:21 AM - System Checkpoint
RP113: 4/15/2009 2:09:21 AM - System Checkpoint
RP114: 4/16/2009 3:09:22 AM - System Checkpoint
RP115: 4/17/2009 4:09:22 AM - System Checkpoint
RP116: 4/18/2009 5:09:22 AM - System Checkpoint
RP117: 4/19/2009 6:09:23 AM - System Checkpoint
RP118: 4/20/2009 6:10:27 AM - System Checkpoint
RP119: 4/21/2009 7:09:22 AM - System Checkpoint
RP120: 4/22/2009 8:07:31 AM - System Checkpoint
RP121: 4/23/2009 9:07:31 AM - System Checkpoint
RP122: 4/24/2009 9:24:19 AM - System Checkpoint
RP123: 4/25/2009 10:07:31 AM - System Checkpoint
RP124: 4/26/2009 11:08:36 AM - System Checkpoint
RP125: 4/27/2009 12:07:31 PM - System Checkpoint
RP126: 4/28/2009 12:27:14 PM - System Checkpoint
RP127: 4/29/2009 1:07:32 PM - System Checkpoint
RP128: 4/30/2009 2:07:31 PM - System Checkpoint
RP129: 5/1/2009 3:07:31 PM - System Checkpoint
RP130: 5/2/2009 4:08:37 PM - System Checkpoint
RP131: 5/3/2009 5:11:49 PM - System Checkpoint
RP132: 5/4/2009 6:08:36 PM - System Checkpoint
RP133: 5/5/2009 7:27:23 PM - System Checkpoint
RP134: 5/6/2009 7:51:03 PM - System Checkpoint
RP135: 5/7/2009 8:30:18 PM - System Checkpoint
RP136: 5/8/2009 9:14:10 PM - System Checkpoint
RP137: 5/9/2009 9:30:17 PM - System Checkpoint
RP138: 5/10/2009 10:37:45 PM - System Checkpoint
RP139: 5/11/2009 10:45:34 PM - System Checkpoint
RP140: 5/12/2009 11:30:19 PM - System Checkpoint
RP141: 5/14/2009 12:30:19 AM - System Checkpoint
RP142: 5/15/2009 1:30:20 AM - System Checkpoint
RP143: 5/16/2009 2:30:20 AM - System Checkpoint
RP144: 5/17/2009 3:30:20 AM - System Checkpoint
RP145: 5/18/2009 4:30:20 AM - System Checkpoint
RP146: 5/18/2009 3:52:47 PM - Removed Citrix Presentation Server Client - Web Only
RP147: 5/19/2009 5:12:54 PM - System Checkpoint
RP148: 5/19/2009 5:37:29 PM - Installed Citrix XenApp Web Plugin
RP149: 5/19/2009 5:38:06 PM - Removed Citrix Presentation Server Client
RP150: 5/19/2009 6:11:01 PM - Removed Citrix XenApp Web Plugin
RP151: 5/20/2009 6:57:14 PM - System Checkpoint
RP152: 5/21/2009 7:57:14 PM - System Checkpoint
RP153: 5/22/2009 8:57:14 PM - System Checkpoint
RP154: 5/23/2009 9:57:14 PM - System Checkpoint
RP155: 5/24/2009 10:57:14 PM - System Checkpoint
RP156: 5/25/2009 11:57:14 PM - System Checkpoint
RP157: 5/27/2009 12:57:15 AM - System Checkpoint
RP158: 5/28/2009 1:57:14 AM - System Checkpoint
RP159: 5/29/2009 2:57:15 AM - System Checkpoint
RP160: 5/30/2009 3:52:48 AM - System Checkpoint
RP161: 5/31/2009 4:52:46 AM - System Checkpoint
RP162: 6/1/2009 5:53:53 AM - System Checkpoint
RP163: 6/2/2009 6:00:30 AM - System Checkpoint
RP164: 6/3/2009 6:40:09 AM - System Checkpoint
RP165: 6/4/2009 7:39:04 AM - System Checkpoint
RP166: 6/5/2009 8:39:07 AM - System Checkpoint
RP167: 6/6/2009 8:56:57 AM - System Checkpoint
RP168: 6/7/2009 9:40:10 AM - System Checkpoint
RP169: 6/8/2009 10:39:07 AM - System Checkpoint
RP170: 6/9/2009 11:39:07 AM - System Checkpoint
RP171: 6/10/2009 11:56:16 AM - System Checkpoint
RP172: 6/11/2009 12:56:17 PM - System Checkpoint
RP173: 6/12/2009 1:33:49 PM - System Checkpoint
RP174: 6/13/2009 1:56:20 PM - System Checkpoint
RP175: 6/14/2009 2:56:21 PM - System Checkpoint
RP176: 6/15/2009 3:56:20 PM - System Checkpoint
RP177: 6/16/2009 5:27:26 PM - System Checkpoint
RP178: 6/17/2009 6:23:12 PM - System Checkpoint
RP179: 6/18/2009 7:29:12 PM - System Checkpoint
RP180: 6/19/2009 9:08:18 PM - System Checkpoint
RP181: 6/20/2009 9:11:30 PM - System Checkpoint
RP182: 6/21/2009 9:44:24 PM - System Checkpoint
RP183: 6/22/2009 10:44:22 PM - System Checkpoint
RP184: 6/23/2009 11:02:40 PM - System Checkpoint
RP185: 6/25/2009 12:02:42 AM - System Checkpoint
RP186: 6/26/2009 1:02:38 AM - System Checkpoint
RP187: 6/27/2009 1:24:31 AM - System Checkpoint
RP188: 6/28/2009 2:24:35 AM - System Checkpoint
RP189: 6/29/2009 3:24:35 AM - System Checkpoint
RP190: 6/30/2009 4:24:34 AM - System Checkpoint
RP191: 7/1/2009 5:46:22 AM - System Checkpoint
RP192: 7/1/2009 8:45:05 PM - Installed VIPRE Antivirus + Antispyware.
RP193: 7/2/2009 5:15:18 PM - Software Distribution Service 3.0
RP194: 7/2/2009 8:13:25 PM - Removed VIPRE Antivirus + Antispyware.
RP195: 7/2/2009 8:42:09 PM - Restore Operation
RP196: 7/2/2009 9:09:44 PM - Installed Windows Media Player 9 Series
RP197: 7/2/2009 9:12:50 PM - Installed Windows Media Player 9 Series

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0.1
Adobe Reader 7.1.0
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AudioCatalyst
Bejeweled Deluxe 1.87
BitPim 0.9.06
BUM
Centricity Enterprise Web 3.0 Client (1400.22)
Citrix Presentation Server Client
DivX Content Uploader
DivX Web Player
eMule
ESET Online Scanner
HijackThis 2.0.2
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
iPod for Windows 2006-06-28
iTunes
Java™ 6 Update 11
jetAudio Basic
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client Activex Control
KODAK EASYSHARE Gallery Easy Upload, v2.0
LG USB Modem driver
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Fireworks 3
Malwarebytes' Anti-Malware
Max Media Creator
MaxDrive PS2
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
mIRC
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MultiRes (remove only)
Nintendo Wi-Fi USB Connector Registration Tool
NVIDIA Windows 2000/XP Display Drivers
OfotoNow
Paint Shop Pro 7 Evaluation
Pearl Jam Live
PLAYSTATION®Network Downloader
QuickTime
RealPlayer
Roxio Easy Media Creator 8 Suite
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB914798)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
SoulSeek Client 156c
Sprint PCS Connection Manager
Spybot - Search & Destroy 1.5.2.20
System Requirements Lab
Total Recorder 6.0
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.4a
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839017
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB897715
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See q329112 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
WinRAR archiver
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

7/2/2009 4:16:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
7/2/2009 4:09:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
7/2/2009 12:30:40 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.
7/2/2009 12:29:29 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/2/2009 12:07:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/2/2009 1:21:42 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Genuine Advantage Notification (KB905474).
7/1/2009 5:07:32 PM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
7/1/2009 4:39:14 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================


Here is the GMER.txt log

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-03 11:31:45
Windows 5.1.2600 Service Pack 1


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 00882B80
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 00882B3D
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 00882B01
.text C:\WINDOWS\System32\alg.exe[592] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 008829AA
.text C:\WINDOWS\System32\alg.exe[592] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 00882A64
.text C:\WINDOWS\System32\alg.exe[592] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 00882972
.text C:\WINDOWS\System32\alg.exe[592] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 008829E2
.text C:\WINDOWS\System32\alg.exe[592] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 00882AE6
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 01732B80
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 01732B3D
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 01732B01
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 017329AA
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 01732A64
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 01732972
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 017329E2
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 01732AE6
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 01F229AA
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 01F22A64
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 01F22972
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 01F229E2
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 01F22AE6
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 01F22B80
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 01F22B3D
.text C:\Program Files\Java\jre6\bin\jqs.exe[896] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 01F22B01
.text C:\WINDOWS\Explorer.EXE[1408] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 01322B80
.text C:\WINDOWS\Explorer.EXE[1408] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 01322B3D
.text C:\WINDOWS\Explorer.EXE[1408] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 01322B01
.text C:\WINDOWS\Explorer.EXE[1408] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 013229AA
.text C:\WINDOWS\Explorer.EXE[1408] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 01322A64
.text C:\WINDOWS\Explorer.EXE[1408] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 01322972
.text C:\WINDOWS\Explorer.EXE[1408] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 013229E2
.text C:\WINDOWS\Explorer.EXE[1408] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 01322AE6
.text C:\Program Files\AOL 9.1\waol.exe[1624] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 06CA2B80
.text C:\Program Files\AOL 9.1\waol.exe[1624] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 06CA2B3D
.text C:\Program Files\AOL 9.1\waol.exe[1624] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 06CA2B01
.text C:\Program Files\AOL 9.1\waol.exe[1624] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 06CA29AA
.text C:\Program Files\AOL 9.1\waol.exe[1624] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 06CA2A64
.text C:\Program Files\AOL 9.1\waol.exe[1624] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 06CA2972
.text C:\Program Files\AOL 9.1\waol.exe[1624] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 06CA29E2
.text C:\Program Files\AOL 9.1\waol.exe[1624] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 06CA2AE6
.text C:\WINDOWS\System32\wdfmgr.exe[2164] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 00842B80
.text C:\WINDOWS\System32\wdfmgr.exe[2164] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 00842B3D
.text C:\WINDOWS\System32\wdfmgr.exe[2164] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 00842B01
.text C:\WINDOWS\System32\wdfmgr.exe[2164] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 008429AA
.text C:\WINDOWS\System32\wdfmgr.exe[2164] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 00842A64
.text C:\WINDOWS\System32\wdfmgr.exe[2164] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 00842972
.text C:\WINDOWS\System32\wdfmgr.exe[2164] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 008429E2
.text C:\WINDOWS\System32\wdfmgr.exe[2164] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 00842AE6
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] ADVAPI32.dll!CryptDestroyKey 77DDA9AA 7 Bytes JMP 00DA2B80
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] ADVAPI32.dll!CryptDecrypt 77DDE737 7 Bytes JMP 00DA2B3D
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] ADVAPI32.dll!CryptEncrypt 77DDE8FE 7 Bytes JMP 00DA2B01
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] WS2_32.dll!recv 71ABA0EF 6 Bytes JMP 00DA29AA
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] WS2_32.dll!WSARecv 71ABA285 5 Bytes JMP 00DA2A64
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] WS2_32.dll!send 71ABBFC8 6 Bytes JMP 00DA2972
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] WS2_32.dll!WSASend 71ABC142 5 Bytes JMP 00DA29E2
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2536] WS2_32.dll!closesocket 71ABCD88 14 Bytes JMP 00DA2AE6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\System32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[800] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1233955266\ee\AOLSoftware.exe[1556] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[1624] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_630_14121.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_12507.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\ACPI \Device\00000041 860281C0
Device \Driver\ACPI \Device\00000050 860281C0
Device \Driver\ACPI \Device\00000051 860281C0
Device \Driver\ACPI \Device\00000052 860281C0
Device \Driver\ACPI \Device\00000053 860281C0
Device \Driver\ACPI \Device\00000054 860281C0
Device \Driver\ACPI \Device\00000047 860281C0

AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_630_14121.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_12507.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\ACPI \Device\00000059 860281C0
Device \Driver\ACPI \Device\0000003d 860281C0
Device \Driver\ACPI \Device\0000004a 860281C0
Device \Driver\ACPI \Device\0000004b 860281C0
Device \Driver\ACPI \Device\0000004c 860281C0
Device \Driver\ACPI \Device\0000004d 860281C0
Device \Driver\ACPI \Device\0000005a 860281C0
Device \Driver\ACPI \Device\0000004e 860281C0

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_630_14121.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_12507.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\ACPI \Device\0000005d 860281C0

AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_630_14121.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_12507.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\ACPI \Device\0000005e 860281C0
Device \Driver\ACPI \Device\0000005f 860281C0

---- Threads - GMER 1.0.15 ----

Thread System [4:468] 8605E1A0
Thread System [4:472] 86048F9F
Thread System [4:480] 8607C517
Thread System [4:360] 8604BC11

---- EOF - GMER 1.0.15 ----

#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:06:20 PM

Posted 03 July 2009 - 11:35 AM

There's a few things there.

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:files
C:\bbqxvp.dll /s
C:\hzibov.dll /s
C:\digeste.dll/s

:Commands
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Let's get a thorough scan so we can catch anything else left. First, please update your Java.

Next, please right-click Internet Explorer and hit Run As Administrator. Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Let me know how things are running now.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 serum79

serum79
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:01:20 PM

Posted 03 July 2009 - 01:57 PM

Thanks for your help.
The computer seems to be running better than before although I still have some issues with windows media player and firefox freezing up which results in me having to turn off my computer. This didn't start happening until after my computer was initially infected with the antivirus agent malware. Do you have any suggestions for that issue?

Here is the OTM log:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== FILES ==========
File/Folder C:\bbqxvp.dll not found.
File/Folder C:\hzibov.dll not found.
File/Folder C:\digeste.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 47380551 bytes
->Temporary Internet Files folder emptied: 16611850 bytes
->Java cache emptied: 25660460 bytes
->FireFox cache emptied: 4451658 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1099814 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.
Windows Temp folder emptied: 777174 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.57 mb


OTM by OldTimer - Version 3.0.0.3 log created on 07032009_124027

Files moved on Reboot...
C:\WINDOWS\temp\$$$dq3e moved successfully.
C:\WINDOWS\temp\$$yt7.$$ moved successfully.
C:\WINDOWS\temp\$67we.$ moved successfully.

Registry entries deleted on Reboot...

I ran Kaspersky, but the save report as button was grayed out. There is one item on the report, but it is mirc.exe which it lists as not a threat.

Edited by serum79, 03 July 2009 - 02:02 PM.

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:06:20 PM

Posted 03 July 2009 - 02:03 PM

Hi,

Log looks good :thumbup2:

Click Start >> Run, and then type ComboFix /u and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.
  • You need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.

  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    Download Spybot Search and Destroy 1.5 from here
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·