Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outlook Express Repeater Infection - Help Please!


  • This topic is locked This topic is locked
13 replies to this topic

#1 Millright

Millright

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 11 August 2009 - 04:27 PM

I seem to have a repeater infection with my email client (Outlook Express). OE will send multiple copies of emails of which I am not even sending. I will paste the TXT file below. Any and all help is greatly appreciated! Thank you.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:23:07.74 on Tue 08/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.296 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: Extensions - c:\winnt\system32\k0lqla351d.dll
Notify: SharedDLLs - c:\winnt\system32\mncomput.dll
Notify: Shell Extensions - c:\winnt\system32\g022lafo1d2c.dll
Notify: Uninstall - c:\winnt\system32\q4rq0e95eh.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93296]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-6 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-11 17:23 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2ec.dat
2009-08-11 15:06 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-16 07:08 1,391 a------- c:\winnt\imsins.BAK
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat

==================== Find3M ====================

2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2009-06-16 00:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-16 00:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-03 03:15 795,408 a------- c:\winnt\system32\quartz.dll
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 19:13 10,156,943 a------- c:\program files\AVG.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:23:35.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 23 August 2009 - 06:19 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 August 2009 - 08:03 PM

No problem about the delay. Here is the DDS.text.




DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:23:07.74 on Tue 08/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.296 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: Extensions - c:\winnt\system32\k0lqla351d.dll
Notify: SharedDLLs - c:\winnt\system32\mncomput.dll
Notify: Shell Extensions - c:\winnt\system32\g022lafo1d2c.dll
Notify: Uninstall - c:\winnt\system32\q4rq0e95eh.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93296]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-6 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-11 17:23 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2ec.dat
2009-08-11 15:06 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-16 07:08 1,391 a------- c:\winnt\imsins.BAK
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat

==================== Find3M ====================

2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2009-06-16 00:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-16 00:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-03 03:15 795,408 a------- c:\winnt\system32\quartz.dll
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 19:13 10,156,943 a------- c:\program files\AVG.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:23:35.42 ===============

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:23:07.74 on Tue 08/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.296 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: Extensions - c:\winnt\system32\k0lqla351d.dll
Notify: SharedDLLs - c:\winnt\system32\mncomput.dll
Notify: Shell Extensions - c:\winnt\system32\g022lafo1d2c.dll
Notify: Uninstall - c:\winnt\system32\q4rq0e95eh.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93296]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-6 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-11 17:23 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2ec.dat
2009-08-11 15:06 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-16 07:08 1,391 a------- c:\winnt\imsins.BAK
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat

==================== Find3M ====================

2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2009-06-16 00:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-16 00:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-03 03:15 795,408 a------- c:\winnt\system32\quartz.dll
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 19:13 10,156,943 a------- c:\program files\AVG.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:23:35.42 ===============

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:23:07.74 on Tue 08/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.296 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: Extensions - c:\winnt\system32\k0lqla351d.dll
Notify: SharedDLLs - c:\winnt\system32\mncomput.dll
Notify: Shell Extensions - c:\winnt\system32\g022lafo1d2c.dll
Notify: Uninstall - c:\winnt\system32\q4rq0e95eh.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93296]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-6 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-11 17:23 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2ec.dat
2009-08-11 15:06 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-16 07:08 1,391 a------- c:\winnt\imsins.BAK
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat

==================== Find3M ====================

2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2009-06-16 00:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-16 00:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-03 03:15 795,408 a------- c:\winnt\system32\quartz.dll
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 19:13 10,156,943 a------- c:\program files\AVG.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:23:35.42 ===============

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:23:07.74 on Tue 08/11/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.296 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: Extensions - c:\winnt\system32\k0lqla351d.dll
Notify: SharedDLLs - c:\winnt\system32\mncomput.dll
Notify: Shell Extensions - c:\winnt\system32\g022lafo1d2c.dll
Notify: Uninstall - c:\winnt\system32\q4rq0e95eh.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93296]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-6 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-6 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-11 17:23 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2ec.dat
2009-08-11 15:06 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-16 07:08 1,391 a------- c:\winnt\imsins.BAK
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat

==================== Find3M ====================

2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2009-06-16 00:48 165,136 a------- c:\winnt\system32\t2embed.dll
2009-06-16 00:48 81,168 a------- c:\winnt\system32\fontsub.dll
2009-06-03 03:15 795,408 a------- c:\winnt\system32\quartz.dll
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 19:13 10,156,943 a------- c:\program files\AVG.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:23:35.42 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 03 September 2009 - 09:40 AM

Hi Millright,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


Step3

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step4
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.MBAM log
3.Look2Me-Destroyer.txt
4.RSIT log.txt and info.txt.

If the logs can't fit in one post, you may use multiple posts. Thanks.

#5 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:01 PM

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 9/5/2009 3:06:09 PM

Infected! C:\WINNT\system32\k0lqla351d.dll
Infected! C:\WINNT\system32\q4rq0e95eh.dll
Infected! C:\WINNT\system32\mncomput.dll
Infected! C:\WINNT\system32\g022lafo1d2c.dll

Attempting to delete infected files...

Attempting to delete: C:\WINNT\system32\q4rq0e95eh.dll
C:\WINNT\system32\q4rq0e95eh.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\welcome

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E6EF5C3E-74A9-4B02-811B-C7DB13D68032}"
HKCR\Clsid\{E6EF5C3E-74A9-4B02-811B-C7DB13D68032}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E213D78-3292-46D4-96F5-3948DE535B7D}"
HKCR\Clsid\{5E213D78-3292-46D4-96F5-3948DE535B7D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{370663F2-E72C-4DFB-B56C-CFAED9A3293A}"
HKCR\Clsid\{370663F2-E72C-4DFB-B56C-CFAED9A3293A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{277BC921-8498-41DF-9D2A-14F2D05F2EFA}"
HKCR\Clsid\{277BC921-8498-41DF-9D2A-14F2D05F2EFA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{05589B0D-B9AB-4017-9531-B277B30C568B}"
HKCR\Clsid\{05589B0D-B9AB-4017-9531-B277B30C568B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CF6F6C04-A3CD-42FE-9DFD-CF5FCA70A644}"
HKCR\Clsid\{CF6F6C04-A3CD-42FE-9DFD-CF5FCA70A644}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81559C35-8464-49F7-BB0E-07A383BEF910}"
HKCR\Clsid\{81559C35-8464-49F7-BB0E-07A383BEF910}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#6 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:15 PM

Mispost

Edited by Millright, 05 September 2009 - 03:45 PM.


#7 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:16 PM

Malwarebytes' Anti-Malware 1.40
Database version: 2745
Windows 5.0.2195 Service Pack 4

9/5/2009 3:35:25 PM
mbam-log-2009-09-05 (15-35-25).txt

Scan type: Quick Scan
Objects scanned: 76220
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AVG.exe (Trojan.Banker) -> Quarantined and deleted successfully.

#8 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:33 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-05 16:31:56
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 65 GB (85%) free of 76 GB
Total RAM: 510 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:08 PM, on 9/5/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136511720681
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://camera.buffalotrace.com/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera4.buffalotrace.com/activex/AxisCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4053/ftp...02/cpbrkpie.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...731/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5720 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"=C:\WINNT\StartupMonitor.exe [2000-05-20 86016]
"Synchronization Manager"=mobsync.exe /logon []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-01 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-15 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"=C:\Program Files\IE New Window Maximizer\iemaximizer.exe [2005-02-09 356352]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-09-05 15:43:24 ----D---- C:\Program Files\trend micro
2009-09-05 15:43:23 ----D---- C:\rsit
2009-09-05 15:22:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-05 15:21:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-05 15:21:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-05 09:12:39 ----D---- C:\WINNT\McAfee.com
2009-08-13 06:31:37 ----HDC---- C:\WINNT\$NtUninstallKB961371-V2$
2009-08-13 06:31:29 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2009-08-13 06:31:18 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9L$
2009-08-13 06:31:09 ----HDC---- C:\WINNT\$NtUninstallKB958470$
2009-08-13 06:30:57 ----HDC---- C:\WINNT\$NtUninstallKB973354-OE6SP1-20090710.120000$
2009-08-13 06:30:48 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2009-08-13 06:30:39 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2009-08-13 06:30:28 ----HDC---- C:\WINNT\$NtUninstallKB971557$

======List of files/folders modified in the last 1 months======

2009-09-05 15:43:24 ----AD---- C:\WINNT\system32
2009-09-05 15:43:24 ----AD---- C:\Program Files
2009-09-05 15:40:05 ----AD---- C:\WINNT\Temp
2009-09-05 15:40:04 ----D---- C:\WINNT\system32\NtmsData
2009-09-05 15:39:31 ----AD---- C:\WINNT\Debug
2009-09-05 15:38:47 ----AD---- C:\WINNT
2009-09-05 15:37:07 ----A---- C:\WINNT\SchedLgU.Txt
2009-09-05 15:37:04 ----AD---- C:\WINNT\system32\drivers
2009-09-05 15:12:45 ----SHD---- C:\WINNT\CSC
2009-09-05 15:12:41 ----ASD---- C:\WINNT\Tasks
2009-09-05 15:06:47 ----AD---- C:\WINNT\security
2009-09-05 09:12:55 ----SD---- C:\WINNT\Downloaded Program Files
2009-09-05 09:12:38 ----HD---- C:\WINNT\inf
2009-08-28 16:51:51 ----AD---- C:\WINNT\Help
2009-08-17 12:10:20 ----A---- C:\WINNT\system32\aswBoot.exe
2009-08-13 06:31:40 ----RASHDC---- C:\WINNT\system32\dllcache
2009-08-13 06:31:03 ----D---- C:\Program Files\Common Files\System
2009-08-13 06:31:02 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 BANTExt;Belarc SMBios Access; C:\WINNT\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2007-02-20 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-02-14 23420]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys [2009-08-17 93392]
R2 hidusb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-12-07 13904]
R3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [1999-10-23 61712]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINNT\system32\drivers\es1371mp.sys [1999-11-06 44528]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 i81x;i81x; C:\WINNT\System32\DRIVERS\i81xnt5.sys [1999-12-07 68336]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [1999-12-07 11664]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [1999-12-07 32144]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [1999-12-07 40016]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [1999-10-26 22064]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [1999-10-13 12400]
R3 Winacpci;Winacpci; C:\WINNT\System32\DRIVERS\winacpci.sys [1999-09-24 602128]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2000-10-21 15264]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2000-10-21 13984]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2000-11-03 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2000-10-21 86016]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2000-10-21 10016]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2000-10-21 13920]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 vsdatant;vsdatant; C:\WINNT\System32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2000-10-21 18208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-01 152984]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [1999-12-07 65296]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINNT\system32\spupdsvc.exe [2007-07-27 26488]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------

Edited by Millright, 05 September 2009 - 03:44 PM.


#9 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:42 PM

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-05 15:02:36
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBBA9D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBBA9D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBBA9DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBBA9D14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBBA9D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBBA9D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBBA9D0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBBA9D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBBA9D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBBA9D8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


For some reason I only get the one log (log.txt) to open at the end of the RSIT program. The info.txt doesn't seem to appear. Once again, thank you for your help Sundavis.

Edited by Millright, 05 September 2009 - 03:47 PM.


#10 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 05 September 2009 - 03:47 PM

Mispost.

Edited by Millright, 05 September 2009 - 03:49 PM.


#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 05 September 2009 - 04:08 PM

Hi Millright,



Looks better. :thumbup2: We need to run online scanner to locate some remnants. It will take some time to run the full course. Please be patient and do the following:


Step1


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 13
    Java™ SE Development Kit 6 Update 13

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.


Step2


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.Kas Online Scan Report
2.Fresh DDS log

Tell me how your pc is running now.

#12 Millright

Millright
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 06 September 2009 - 04:54 PM

sundavis, here are the latest logs. Thank you for your help, I have been conversing with my son on the phone to get this completed. I have been refraining from using Outlook Express for fear that I would clog the inboxes of my friends and family with multiple copies of emails. Would you think it will be safe to start using the program for email again, based on these results?

Thanks again,
Millright




DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:44:10.16 on Sun 09/06/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.347 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [^SetupICWDesktop]
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136511720681
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://camera.buffalotrace.com/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera4.buffalotrace.com/activex/AxisCamControl.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38397.6371759259
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5731/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SEH: {81559C35-8464-49F7-BB0E-07A383BEF910} - No File

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2009-7-6 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2009-7-6 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2009-7-6 93392]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-26 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-26 352920]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-2-14 61712]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2005-2-14 602128]
S2 spupdsvc;Windows Service Pack Installer update service;c:\winnt\system32\spupdsvc.exe [2005-2-14 26488]
S3 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-09-06 15:46 16,384 a------t c:\winnt\system32\Perflib_Perfdata_598.dat
2009-09-06 15:46 73,728 a------- c:\winnt\system32\javacpl.cpl
2009-09-06 15:37 <DIR> a-d----- c:\winnt\system32\appmgmt
2009-09-05 15:43 <DIR> --d----- c:\program files\trend micro
2009-09-05 15:22 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-09-05 15:21 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-05 15:21 18,456 a------- c:\winnt\system32\drivers\mbam.sys
2009-09-05 15:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-05 09:12 <DIR> --d----- c:\winnt\McAfee.com
2009-09-04 17:05 16,384 a------t c:\winnt\system32\Perflib_Perfdata_238.dat
2009-08-27 10:27 16,384 a------t c:\winnt\system32\Perflib_Perfdata_220.dat
2009-08-21 14:44 16,384 a------t c:\winnt\system32\Perflib_Perfdata_228.dat
2009-08-21 08:25 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1fc.dat
2009-08-12 16:29 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f0.dat
2009-08-11 12:48 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f4.dat

==================== Find3M ====================

2009-09-06 15:46 411,368 a------- c:\winnt\system32\deploytk.dll
2009-08-07 10:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_23c.dat
2009-08-05 01:04 90,164 a------- c:\winnt\system32\atl.dll
2009-07-29 03:08 16,384 a------t c:\winnt\system32\Perflib_Perfdata_240.dat
2009-07-27 07:27 165,136 a------- c:\winnt\system32\t2embed.dll
2009-07-27 07:27 81,168 a------- c:\winnt\system32\fontsub.dll
2009-07-14 12:22 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1f8.dat
2009-07-13 09:13 78,608 a------- c:\winnt\system32\avifil32.dll
2009-07-13 02:18 233,472 a------- c:\winnt\system32\wmpdxm.dll
2009-07-11 19:41 97,280 a------- c:\winnt\system32\ATL80.dll
2009-07-10 12:49 601,088 a------- c:\winnt\system32\INETCOMM.DLL
2009-07-10 12:49 47,616 a------- c:\winnt\system32\INETRES.DLL
2009-07-10 12:49 229,376 a------- c:\winnt\system32\MSOEACCT.DLL
2009-07-10 12:49 91,136 a------- c:\winnt\system32\MSOERT2.DLL
2009-07-10 12:47 44,032 a------- c:\winnt\system32\MSIDENT.DLL
2009-07-06 18:31 16,384 a------t c:\winnt\system32\Perflib_Perfdata_22c.dat
2009-06-26 11:53 576,512 a------- c:\winnt\system32\WININET.DLL
2007-09-04 23:03 60,968 a------- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2006-02-01 10:53 774,144 a------- c:\program files\RngInterstitial.dll
2005-03-08 08:46 23,232 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2005-02-14 21:43 167 a------- c:\program files\_FEAD_error.log
2005-02-14 21:43 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-02-14 19:13 2,636,408 a------- c:\program files\AdAware.exe
2005-02-14 18:42 21,952 ----h--- c:\program files\folder.htt
2005-02-14 18:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 17:44:35.87 ===============

Attached Files


Edited by Millright, 06 September 2009 - 04:58 PM.


#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 07 September 2009 - 02:49 AM

Hi Millright,


Would you think it will be safe to start using the program for email again, based on these results

Yes, the culprit is gone. You can use OE as daily routine. but you can remove some emails such as commercial ad, suspicious attachments or unknown senders and make some maintenance if needed. For more info:Go to Here

The Kas online scanner picks up one infected file on your system. Please delete it manually.

C:\WINNT\system32\lqj0uvv8.ini

Other than that, your logs appear to be clear now. :thumbup2: If you have no remaining issues on your pc, let's do some tidy up and we can send you on your way.


Step1

Download OTC by OldTimer and save it to your desktop.
  • Double click OTC and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 08 September 2009 - 03:23 AM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users