Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM doesnt work, Redirections, and Warning symbol.


  • This topic is locked This topic is locked
2 replies to this topic

#1 504area

504area

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 05 August 2009 - 07:54 PM

Hi. I recently was infected and now I'm getting redirections.

I now have PC Antispyware 2010 installed on my computer (unknownigly). Now I get redirected urls, can't scan with MBAM, and theres a warning symbol in the bottom right corner about that I should pay for the thing to be uninfected. I tried renaming MBAM and even installed it to my desktop and it gets disable.

Thanks

Here are the logs.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 19:26:40.17 on Wed 08/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2942.2304 [GMT -5:00]

AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: avast! antivirus 4.8.1335 [VPS 090805-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.myspace.com/
uWindow Title = Windows Internet Explorer provided by MySpace
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [braviax] "c:\windows\system32\braviax.exe"
mRun: [High Definition Audio Property Page Shortcut] "c:\windows\system32\HDAShCut.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [amd_dc_opt] "c:\program files\amd\dual-core optimizer\amd_dc_opt.exe"
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [SetRefresh] "c:\program files\compaq\setrefresh\SetRefresh.exe"
mRun: [Recguard] "c:\windows\sminst\Recguard.exe"
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Scheduler] "c:\windows\sminst\Scheduler.exe"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [MSConfig] "c:\windows\pchealth\helpctr\binaries\MSConfig.exe" /auto
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "c:\progra~1\alwils~1\avast4\ashDisp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
mRun: [braviax] braviax.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [iLike] c:\program files\ilike\1.2.14\ilikesidebar.exe /checkforupdate
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{c4609419-c11e-4ce6-b369-f3f8a7ddd94c}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZKman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0cca191d-13a6-4e29-b746-314dee697d83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: cru629.dat
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-18 114768]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2009-1-19 108296]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-18 20560]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-1-19 1205760]
S2 0299041233332426mcinstcleanup;McAfee Application Installer Cleanup (0299041233332426);c:\docume~1\admini~1\locals~1\temp\029904~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\029904~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 avast! antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-18 138680]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-2-24 28762]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
S3 avast! mail scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-18 254040]
S3 avast! web scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-18 352920]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\virtdisk.sys [2008-12-17 57344]

=============== Created Last 30 ================

2009-08-05 19:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 19:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-05 19:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 18:38 19,905 a------- c:\windows\odag.dat
2009-08-05 18:38 16,687 a------- c:\docume~1\alluse~1\applic~1\fozyqobeg.bat
2009-08-05 18:38 15,983 a------- c:\program files\common files\ubyha.bin
2009-08-05 18:38 15,716 a------- c:\windows\system32\ocetuqalu.dl
2009-08-05 18:38 14,723 a------- c:\windows\welesicy.bin
2009-08-05 18:38 14,703 a------- c:\windows\zapyn.scr
2009-08-05 18:38 14,330 a------- c:\windows\system32\ivajebubed.inf
2009-08-05 18:38 13,922 a------- c:\windows\system32\bafucoqy.reg
2009-08-05 18:38 13,371 a------- c:\windows\dehubaxyku.sys
2009-08-05 18:38 13,093 a------- c:\windows\esun.bat
2009-08-05 18:38 12,536 a------- c:\windows\fovobi.db
2009-08-05 18:38 12,065 a------- c:\windows\evizari.dll
2009-08-05 18:38 11,900 a------- c:\windows\system32\lewaqa.ban
2009-08-05 18:38 11,623 a------- c:\windows\system32\yjyhuquzyj.exe
2009-08-05 18:38 <DIR> --d----- c:\program files\PC_Antispyware2010
2009-08-05 17:45 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-05 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-05 17:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\TeamViewer
2009-08-05 17:42 <DIR> --d----- c:\program files\TeamViewer
2009-08-05 17:41 <DIR> --d----- c:\documents and settings\administrator\temp
2009-08-05 17:32 346,621 a------- c:\windows\system32\_scui.cpl
2009-08-05 17:26 <DIR> --d----- c:\windows\system32\CatRoot
2009-08-05 17:25 11,264 a------- c:\windows\braviax.exe
2009-08-05 17:25 6,144 a------- c:\windows\system32\cru629.dat
2009-08-05 17:25 6,144 a------- c:\windows\cru629.dat
2009-08-05 17:23 19,456 a------- C:\rcvbm.exe
2009-08-05 17:23 9,728 a------- C:\umoikchf.exe
2009-08-05 17:23 69,640 a------- C:\yedfjdy.exe
2009-08-05 17:23 19,456 a------- C:\niawndos.exe
2009-08-05 17:23 19,456 a------- C:\hcel.exe
2009-08-05 17:23 190,061 a------- c:\windows\system32\wisdstr.exe
2009-08-05 17:23 11,264 a------- c:\windows\system32\braviax.exe
2009-08-05 16:50 <DIR> --d----- c:\program files\World of Warcraft Trial
2009-08-02 15:59 <DIR> --d----- c:\docume~1\admini~1\applic~1\Home Sweet Home Christmas
2009-07-29 01:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-07-24 23:58 34 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2009-07-24 23:57 <DIR> --d----- c:\windows\.jagex_cache_32
2009-07-14 19:35 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-14 19:26 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-07-14 15:59 2 a------- c:\windows\0535251103110107106.xvb
2009-07-14 15:59 2 a------- c:\windows\0101120101465749.dat
2009-07-14 15:59 2 a------- c:\windows\0101120101465752.dat
2009-07-14 14:59 2 a------- c:\windows\0101120101464849.dat
2009-07-14 14:59 1 a------- c:\windows\934fdfg34fgjf23
2009-07-14 14:59 2 a------- c:\windows\010112010146118114.dat
2009-07-13 23:01 1 a------- c:\windows\system32\q1.dat
2009-07-13 23:01 1 a------- c:\windows\system32\idm.dat
2009-07-13 23:01 1 a------- c:\windows\system32\ck.dat
2009-07-13 23:01 1 a------- c:\windows\system32\c2d.dat
2009-07-13 16:36 524 a------- c:\windows\system32\rxf
2009-07-12 17:01 <DIR> --d----- c:\program files\Disney
2009-07-11 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Artist Colony

==================== Find3M ====================

2009-08-05 18:38 14,422 a------- c:\program files\common files\iqof.lib
2009-08-05 17:23 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-08-05 17:23 29,184 a------- c:\windows\system32\dllcache\beep.sys
2009-06-20 13:44 108,296 a------- c:\windows\system32\drivers\pwipf6.sys
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll

============= FINISH: 19:26:47.65 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2009 6:54:58 PM
System Uptime: 8/5/2009 6:31:47 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 0A64h
Processor: AMD Athlon™ Dual Core Processor 4450B | XU1 PROCESSOR | 2294/1000mhz
Processor: AMD Athlon™ Dual Core Processor 4450B | XU1 PROCESSOR | 2294/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 154.907 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.297 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP86: 5/8/2009 8:16:49 AM - Software Distribution Service 3.0
RP87: 5/9/2009 9:40:02 AM - Software Distribution Service 3.0
RP88: 5/10/2009 10:29:45 AM - Software Distribution Service 3.0
RP89: 5/11/2009 3:00:14 AM - Software Distribution Service 3.0
RP90: 5/11/2009 7:53:39 AM - Removed Apple Mobile Device Support
RP91: 5/12/2009 8:03:31 AM - Software Distribution Service 3.0
RP92: 5/13/2009 8:06:01 AM - Software Distribution Service 3.0
RP93: 5/14/2009 8:06:07 AM - Software Distribution Service 3.0
RP94: 5/15/2009 8:04:26 AM - Software Distribution Service 3.0
RP95: 5/16/2009 9:46:39 AM - Software Distribution Service 3.0
RP96: 5/17/2009 3:00:14 AM - Software Distribution Service 3.0
RP97: 5/18/2009 10:10:04 AM - Software Distribution Service 3.0
RP98: 5/19/2009 9:46:48 AM - Software Distribution Service 3.0
RP99: 5/20/2009 8:16:07 AM - Software Distribution Service 3.0
RP100: 5/21/2009 8:00:35 AM - Software Distribution Service 3.0
RP101: 5/22/2009 7:56:59 AM - Software Distribution Service 3.0
RP102: 5/23/2009 3:59:01 AM - Software Distribution Service 3.0
RP103: 5/23/2009 4:02:54 AM - Software Distribution Service 3.0
RP104: 5/31/2009 12:40:07 AM - System Checkpoint
RP105: 5/31/2009 10:13:47 AM - Software Distribution Service 3.0
RP106: 6/1/2009 11:15:12 AM - Software Distribution Service 3.0
RP107: 6/1/2009 5:18:04 PM - Installed Windows Media Player 11
RP108: 6/1/2009 5:18:42 PM - Software Distribution Service 3.0
RP109: 6/1/2009 5:25:59 PM - Installed Windows XP Wudf01000.
RP110: 6/2/2009 10:38:34 AM - Software Distribution Service 3.0
RP111: 6/3/2009 11:05:19 AM - Software Distribution Service 3.0
RP112: 6/4/2009 3:00:14 AM - Software Distribution Service 3.0
RP113: 6/4/2009 3:42:05 PM - Installed PayPal Plug-In
RP114: 6/5/2009 3:08:42 AM - Software Distribution Service 3.0
RP115: 6/6/2009 3:02:37 AM - Software Distribution Service 3.0
RP116: 6/7/2009 4:12:19 PM - Removed Safari
RP117: 6/7/2009 4:19:40 PM - Removed Apple Mobile Device Support
RP118: 6/7/2009 4:25:34 PM - Removed MobileMe Control Panel
RP119: 6/9/2009 7:58:41 PM - System Checkpoint
RP120: 6/10/2009 8:07:41 PM - System Checkpoint
RP121: 6/11/2009 9:25:18 PM - System Checkpoint
RP122: 6/12/2009 11:36:36 PM - System Checkpoint
RP123: 6/14/2009 11:06:36 AM - System Checkpoint
RP124: 6/15/2009 4:30:22 PM - System Checkpoint
RP125: 6/16/2009 7:24:58 PM - System Checkpoint
RP126: 6/17/2009 3:57:06 PM - Restore Operation
RP127: 6/18/2009 6:55:59 PM - System Checkpoint
RP128: 6/20/2009 1:10:31 PM - System Checkpoint
RP129: 6/22/2009 10:59:15 AM - System Checkpoint
RP130: 6/23/2009 10:29:42 PM - System Checkpoint
RP131: 6/25/2009 8:26:43 AM - System Checkpoint
RP132: 6/26/2009 11:06:52 AM - System Checkpoint
RP133: 6/27/2009 12:02:41 PM - System Checkpoint
RP134: 6/28/2009 1:52:27 PM - System Checkpoint
RP135: 6/29/2009 6:15:10 PM - System Checkpoint
RP136: 6/30/2009 7:19:18 AM - Removed Battlefield 2™
RP137: 6/30/2009 7:43:53 AM - Installed Battlefield 2™
RP138: 6/30/2009 7:50:51 AM - Installed Battlefield 2™
RP139: 7/1/2009 3:46:43 PM - System Checkpoint
RP140: 7/4/2009 12:19:26 PM - System Checkpoint
RP141: 7/5/2009 11:26:55 PM - System Checkpoint
RP142: 7/7/2009 11:33:49 AM - System Checkpoint
RP143: 7/8/2009 1:08:30 PM - System Checkpoint
RP144: 7/9/2009 3:15:55 PM - System Checkpoint
RP145: 7/10/2009 9:22:05 PM - System Checkpoint
RP146: 7/11/2009 9:49:41 PM - System Checkpoint
RP147: 7/13/2009 9:02:14 AM - System Checkpoint
RP148: 7/14/2009 10:18:25 AM - System Checkpoint
RP149: 7/14/2009 7:22:51 PM - Installed Microsoft Office Enterprise 2007
RP150: 7/14/2009 7:35:52 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP151: 7/15/2009 8:36:56 PM - System Checkpoint
RP152: 7/17/2009 12:57:41 PM - System Checkpoint
RP153: 7/18/2009 3:47:50 PM - System Checkpoint
RP154: 7/19/2009 4:42:22 PM - System Checkpoint
RP155: 7/20/2009 10:19:45 PM - System Checkpoint
RP156: 7/22/2009 12:28:29 AM - System Checkpoint
RP157: 7/23/2009 3:54:27 PM - System Checkpoint
RP158: 7/25/2009 5:59:07 AM - System Checkpoint
RP159: 7/26/2009 1:56:21 PM - System Checkpoint
RP160: 7/28/2009 12:26:39 AM - System Checkpoint
RP161: 7/29/2009 3:48:05 AM - System Checkpoint
RP162: 7/30/2009 4:35:50 AM - System Checkpoint
RP163: 7/31/2009 1:25:23 PM - System Checkpoint
RP164: 8/1/2009 3:59:12 PM - System Checkpoint
RP165: 8/2/2009 6:46:55 PM - System Checkpoint
RP166: 8/3/2009 7:42:50 PM - System Checkpoint
RP167: 8/4/2009 9:17:42 PM - System Checkpoint

==== Installed Programs ======================


2007 Microsoft Office system
2009 Hallmark Bonus Pack
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11
Ant War (remove only)
Apple Mobile Device Support
Apple Software Update
Artist Colony (remove only)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Problem Report Wizard
avast! Antivirus
Bonjour
Broadcom Management Programs
Broadcom TPM Driver Installer
BufferChm
Business Contact Manager for Outlook 2007 SP1
CameraDrivers
Champion Chef (remove only)
Destinations
DeviceManagementQFolder
Diner Dash Flo Through Time (remove only)
Disney Pirates of the Caribbean Online
DQ Tycoon (remove only)
Dual-Core Optimizer
eSupportQFolder
EVE Online (remove only)
Fairy Godmother Tycoon (remove only)
Fitness Dash (remove only)
GameSpy Arcade
Garden Defense (remove only)
Google Toolbar for Internet Explorer
Hallmark Card Studio 2009 Deluxe
Hells Kitchen (remove only)
High Definition Audio Driver Package - KB888111
Home Sweet Home (remove only)
Home Sweet Home 2 Kitchens and Baths (remove only)
Home Sweet Home Christmas Edition (remove only)
Hotfix for Windows XP (KB895246)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager
HP Help and Support
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
Ice Cream Craze - Tycoon Takeover
iLike Sidebar
InterVideo Register Manager
InterVideo WinDVD
iTunes
iWin Games (remove only)
iWin Toolbar
Java™ SE Runtime Environment 6 Update 1
Lost in Reefs (remove only)
Magic Farm (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
My Web Search (Webfetti)
PayPal Plug-In
PC Antispyware 2010
PS8200
PSPrinters08
PSTAPlugin
QuickTime
Realtek High Definition Audio Driver
Restaurant Empire (remove only)
RollerCoaster Tycoon 3 Platinum
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SolutionCenter
Spy Sweeper Core
Status
TeamViewer 4
The Apprentice Los Angeles (remove only)
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934391)
Update for Office System 2007 Setup (KB929722)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB911164)
Update for Windows XP (KB925720)
Update for Windows XP (KB931836)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Webroot Internet Security Essentials
Wedding Dash 3 Ready, Aim, Love (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB815304
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Youda Marina (remove only)

==== Event Viewer Messages From Past Week ========

8/5/2009 6:34:10 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: Access is denied.
8/5/2009 6:34:10 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
8/5/2009 6:33:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! antivirus service to connect.
8/5/2009 6:33:50 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
8/5/2009 6:33:50 PM, error: Service Control Manager [7000] - The avast! antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2009 6:33:50 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
8/5/2009 6:05:11 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/5/2009 6:03:44 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 5:27:22 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\scecli.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
8/5/2009 5:27:22 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\netlogon.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

==== End Of File ===========================








Thanks

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:06 PM

Posted 07 August 2009 - 05:04 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:06 PM

Posted 26 August 2009 - 07:19 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users