Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Removal Help Needed


  • This topic is locked This topic is locked
4 replies to this topic

#1 superrcae

superrcae

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 09 October 2009 - 07:28 PM

I have tried over and over again to remove this virus but nothing works. When I am on the internet I get several pop-ups and my computer is running slow.

Please help me get rid of this nasty thing. DDS log below, Attach.txt and ark.txt are attached.

Thanks!!!


Here is the text from the DDS log:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Caesar Garcia at 16:44:09.31 on Fri 10/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1136 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
H:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
H:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
H:\WINDOWS\System32\HPZipm12.exe
H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\Program Files\Canon\CAL\CALMAIN.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\WinPortrait\wpctrl.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
H:\Program Files\WinPortrait\floater.exe
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Logitech\MouseWare\system\em_exec.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\HP\hpcoretech\hpcmpmgr.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
H:\Documents and Settings\Caesar Garcia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=h:\windows\system32\Userinit.exe
uWindows: load=U???
BHO: {01b16768-942e-4ac0-a4e7-09a315c82fb2} - h:\windows\system32\hpzjfw0132.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {099c575c-d554-48a1-d273-675504db274f} - h:\windows\system32\uovuent.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - h:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PowerBar]
uRun: [Polar Sync]
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LDM] \Program\BackWeb-8876480.exe
mRun: [PivotSoftware] "h:\program files\winportrait\wpctrl.exe"
mRun: [SunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] h:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "h:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
mRun: [OneCareUI] "h:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] h:\windows\system32\NeroCheck.exe
mRun: [MaxMenuMgr] "h:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [InCD] h:\program files\ahead\incd\InCD.exe
mRun: [hpqSRMon] h:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] h:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "h:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "h:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [2131743181] e:\ureg\pentax_win_gm_10042005.exe /r "e:\ureg\Pentax_Win_GM_10042005.rpd"
StartupFolder: h:\docume~1\caesar~1\startm~1\programs\startup\adobeg~1.lnk - h:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - h:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - h:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - h:\program files\microsoft office\office10\OSA.EXE
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - h:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/244e0aed5985bc292e06/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133219352959
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133219334490
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - hxxp://autos.msn.com/components/ocx/exterior/Outside.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - h:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: e400d5d8684 - h:\windows\system32\FILECOPY32.dll
AppInit_DLLs: h:\windows\system32\FILECOPY32.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - h:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\caesar~1\applic~1\mozilla\firefox\profiles\5p4wmdhe.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;h:\windows\system32\drivers\BsStor.sys [2004-2-19 9344]
R2 FreeAgentGoNext Service;Seagate Service;h:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-9-10 156968]
R2 IntuitUpdateService;Intuit Update Service;h:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 OcHealthMon;Windows Live OneCare Health Monitor;h:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R3 echo24;Mia Service;h:\windows\system32\drivers\echo24.sys [2003-5-19 546560]
S3 PortlUSB;PortlUSB;h:\windows\system32\drivers\SiriusUSB.sys [2008-4-17 7552]
S3 stusb2ir;USB 2.0 IrDA Bridge;h:\windows\system32\drivers\stusb2ir.sys [2008-3-25 40856]
S3 UKS11LDR;Midiman USB Keystation Loader;h:\windows\system32\drivers\uks11ldr.sys [2008-9-9 15740]
S3 USBKS1X1;Midiman USB Keystation USB Driver;h:\windows\system32\drivers\usbks1x1.sys [2008-9-9 23392]
S3 USBKT1X1;M-Audio USB Keystation;h:\windows\system32\drivers\usbkt1x1.sys [2007-12-23 22304]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;h:\windows\system32\drivers\usbmidim.sys [2008-9-9 5664]

=============== Created Last 30 ================

2009-10-09 09:47 116,736 a------- h:\windows\system32\hpzjfw0132.dll
2009-10-09 09:47 615 a------- h:\windows\system32\zaxnCVgLKh7Th.vbs
2009-10-07 17:55 456 a------- h:\windows\system32\miniPortInfo.dat
2009-10-07 17:39 <DIR> -cd-h--- h:\windows\ie8
2009-10-07 17:25 1,745 a--sh--- h:\windows\system32\GroupPolicy000.dat
2009-10-07 17:25 <DIR> --dsh--- h:\windows\system32\LocalService
2009-10-03 19:35 <DIR> --d----- H:\VundoFix Backups
2009-10-02 16:27 0 a------- h:\windows\system32\1440.tmp
2009-10-02 16:27 0 a------- h:\windows\system32\143F.tmp
2009-10-01 10:35 <DIR> --d----- h:\program files\AVG
2009-09-30 19:01 4,319,264 a--sh--- h:\windows\system32\drivers\fidbox.dat
2009-09-30 19:01 143,648 a--sh--- h:\windows\system32\drivers\fidbox2.dat
2009-09-30 19:01 52,736 a--sh--- h:\windows\system32\drivers\fidbox.idx
2009-09-30 19:01 15,584 a--sh--- h:\windows\system32\drivers\fidbox2.idx
2009-09-30 18:59 <DIR> --d----- h:\program files\common files\ParetoLogic
2009-09-30 18:59 <DIR> --d----- h:\docume~1\alluse~1\applic~1\ParetoLogic
2009-09-29 19:19 <DIR> --d----- h:\docume~1\caesar~1\applic~1\Malwarebytes
2009-09-29 19:18 <DIR> --d----- h:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 17:09 13,646 a------- h:\windows\system32\wpa.dbl
2009-09-28 16:55 <DIR> --d----- h:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-28 16:55 <DIR> --d----- h:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-28 13:52 122,368 a------- h:\windows\system32\FILECOPY32.doc
2009-09-28 13:52 122,368 a------- h:\windows\system32\FILECOPY32.dll
2009-09-18 11:38 <DIR> --d----- h:\program files\Seesmic Desktop
2009-09-16 11:43 0 a------- h:\windows\hpqEmlSz.INI
2009-09-16 11:29 19,500 a------- h:\windows\hpqins13.dat

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- h:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- h:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- h:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- h:\windows\system32\OGAEXEC.exe
2009-07-25 05:23 411,368 a------- h:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- h:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- h:\windows\system32\wmpdxm.dll
2009-04-23 21:56 70,984 a------- h:\documents and settings\caesar garcia\g2mdlhlpx.exe
2004-10-01 16:00 40,960 a------- h:\program files\Uninstall_CDS.exe
2004-08-25 13:34 1,092 ac------ h:\program files\INSTALL.LOG
2003-07-31 02:53 147,456 ac------ h:\windows\inf\EL2K_XP.sys
2003-07-31 02:50 448,768 ac------ h:\windows\inf\EL2K_N64.sys
2003-07-31 02:43 147,456 ac------ h:\windows\inf\EL2K_2K.sys
2001-09-28 17:00 164,864 ac------ h:\program files\UNWISE.EXE
2008-09-20 10:23 32,768 ac-sh--- h:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 16:46:58.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:27 PM

Posted 21 October 2009 - 02:24 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 superrcae

superrcae
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 21 October 2009 - 06:08 PM

Hi Blade81

Thank you for your response. Below you will find the new dds log.

I am also attaching a new Attach.txt and ark.txt

Here is the new dds:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Caesar Garcia at 15:43:34.60 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1162 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
svchost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
H:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
H:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
H:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
H:\WINDOWS\System32\HPZipm12.exe
H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
H:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
H:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
H:\Program Files\Microsoft Windows OneCare Live\winss.exe
H:\Program Files\Canon\CAL\CALMAIN.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
H:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
H:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
H:\Program Files\HP\hpcoretech\hpcmpmgr.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\Logitech\MouseWare\system\em_exec.exe
H:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\DOCUME~1\CAESAR~1\Desktop\DDSSCR~1.SCR

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=h:\windows\system32\Userinit.exe
uWindows: load=U???
BHO: {01b16768-942e-4ac0-a4e7-09a315c82fb2} - h:\windows\system32\dmserver32.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {099c575c-d554-48a1-d273-675504db274f} - h:\windows\system32\uovuent.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - h:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [PowerBar]
uRun: [Polar Sync]
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LDM] \Program\BackWeb-8876480.exe
uRun: [SMSystemAnalyzer] h:\program files\iolo\system mechanic professional 6\SMSystemAnalyzer.exe
mRun: [SoundMAXPnP] h:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [OneCareUI] "h:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] h:\windows\system32\NeroCheck.exe
mRun: [MaxMenuMgr] "h:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] h:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Component Manager] "h:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Photo Downloader] "h:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [2131743181] e:\ureg\pentax_win_gm_10042005.exe /r "e:\ureg\Pentax_Win_GM_10042005.rpd"
mRun: [SystemGuardAlerter] h:\program files\iolo\system mechanic professional 6\SystemGuardAlerter.exe
mRunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
StartupFolder: h:\docume~1\caesar~1\startm~1\programs\startup\adobeg~1.lnk - h:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - h:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - h:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - h:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/244e0aed5985bc292e06/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133219352959
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133219334490
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - hxxp://autos.msn.com/components/ocx/exterior/Outside.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - h:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: e400d5d8684 - h:\windows\system32\FILECOPY32.dll
AppInit_DLLs: h:\windows\system32\FILECOPY32.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - h:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\caesar~1\applic~1\mozilla\firefox\profiles\5p4wmdhe.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;h:\windows\system32\drivers\BsStor.sys [2004-2-19 9344]
R0 IoloFilter;IoloFilter;h:\windows\system32\drivers\IoloFltr.sys [2009-10-19 66176]
R2 FreeAgentGoNext Service;Seagate Service;h:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-9-10 156968]
R2 IntuitUpdateService;Intuit Update Service;h:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 OcHealthMon;Windows Live OneCare Health Monitor;h:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R3 echo24;Mia Service;h:\windows\system32\drivers\echo24.sys [2003-5-19 546560]
S3 PortlUSB;PortlUSB;h:\windows\system32\drivers\SiriusUSB.sys [2008-4-17 7552]
S3 stusb2ir;USB 2.0 IrDA Bridge;h:\windows\system32\drivers\stusb2ir.sys [2008-3-25 40856]
S3 UKS11LDR;Midiman USB Keystation Loader;h:\windows\system32\drivers\uks11ldr.sys [2008-9-9 15740]
S3 USBKS1X1;Midiman USB Keystation USB Driver;h:\windows\system32\drivers\usbks1x1.sys [2008-9-9 23392]
S3 USBKT1X1;M-Audio USB Keystation;h:\windows\system32\drivers\usbkt1x1.sys [2007-12-23 22304]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;h:\windows\system32\drivers\usbmidim.sys [2008-9-9 5664]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-21 15:20 202,240 a------- h:\windows\system32\dmserver32.dll
2009-10-21 15:20 615 a------- h:\windows\system32\g7LnXPsXB0RZmv5.vbs
2009-10-21 09:37 456 a------- h:\windows\system32\miniPortInfo.dat
2009-10-21 09:23 0 a------- h:\windows\system32\C19.tmp
2009-10-20 11:25 254 a------- h:\windows\SysMech6.INI
2009-10-20 08:45 406 a------- h:\windows\system32\ioloBootDefrag.cfg
2009-10-20 08:32 202,240 a------- h:\windows\system32\dpnhupnp32.dll
2009-10-20 08:32 615 a------- h:\windows\system32\YLrN9Bw3pmArYr5.vbs
2009-10-20 08:29 1,629 a--sh--- h:\windows\system32\GroupPolicy000.dat
2009-10-20 08:14 202,240 a------- h:\windows\system32\drmstor32.dll
2009-10-20 08:14 615 a------- h:\windows\system32\1L7VBpgp65ui7cY.vbs
2009-10-19 21:29 202,240 a------- h:\windows\system32\credui32.dll
2009-10-19 21:28 615 a------- h:\windows\system32\aHzQTIoIKrbEyqc.vbs
2009-10-19 20:37 4,096 a------- H:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup
2009-10-19 20:37 4,096 a------- H:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
2009-10-19 20:37 4,096 a------- H:\00007E00-90359035_Backup
2009-10-19 20:37 4,096 a------- H:\00007E00-90359035
2009-10-19 20:35 <DIR> --d----- h:\program files\common files\Kaspersky Lab
2009-10-19 20:34 <DIR> --d----- h:\program files\Kaspersky Lab
2009-10-19 20:33 9,728 a------- h:\windows\system32\drivers\filedisk.sys
2009-10-19 20:33 1,731,584 a------- h:\windows\system32\XercesLib.dll
2009-10-19 20:33 1,500,160 a------- h:\windows\system32\CC3260MT.DLL
2009-10-19 20:33 325,120 a------- h:\windows\system32\xercesxmldom.dll
2009-10-19 20:32 66,176 a------- h:\windows\system32\drivers\IoloFltr.sys
2009-10-19 20:32 30,942 a------- h:\windows\system32\iolobtdfg.exe
2009-10-19 20:32 25,264 a------- h:\windows\system32\smrgdf.exe
2009-10-19 20:32 1,209,344 a------- h:\windows\system32\Incinerator.dll
2009-10-19 20:32 <DIR> --d----- h:\program files\iolo
2009-10-19 16:48 202,240 a------- h:\windows\system32\hpzjsn0132.dll
2009-10-19 16:48 615 a------- h:\windows\system32\FdD8xn8tDxoZTEq.vbs
2009-10-19 15:46 202,240 a------- h:\windows\system32\dmsynth32.dll
2009-10-19 15:45 615 a------- h:\windows\system32\1x41q.vbs
2009-10-19 13:27 202,240 a------- h:\windows\system32\dbnetlib32.dll
2009-10-19 13:27 615 a------- h:\windows\system32\6pyZLU4uBw9u0.vbs
2009-10-18 12:41 200,192 a------- h:\windows\system32\filemgmt32.dll
2009-10-18 12:41 615 a------- h:\windows\system32\XCxLf.vbs
2009-10-17 12:41 200,192 a------- h:\windows\system32\dxtmsft32.dll
2009-10-17 12:41 615 a------- h:\windows\system32\BLvs1.vbs
2009-10-16 17:23 <DIR> --d----- h:\program files\Nova Development
2009-10-16 12:10 200,192 a------- h:\windows\system32\dpserial32.dll
2009-10-16 12:10 615 a------- h:\windows\system32\oYM935xQc0Em6mD.vbs
2009-10-15 11:23 200,192 a------- h:\windows\system32\commdlg32.dll
2009-10-15 11:22 615 a------- h:\windows\system32\jBDho5D.vbs
2009-10-14 13:00 116,736 a------- h:\windows\system32\comsnap32.dll
2009-10-14 13:00 615 a------- h:\windows\system32\37k5X.vbs
2009-10-14 09:48 <DIR> --d----- h:\program files\Seesmic Desktop
2009-10-13 19:46 116,736 a------- h:\windows\system32\divxdec_040732.dll
2009-10-13 19:46 615 a------- h:\windows\system32\VHFct.vbs
2009-10-12 19:45 116,736 a------- h:\windows\system32\expsrv32.dll
2009-10-12 19:45 615 a------- h:\windows\system32\z6OHr.vbs
2009-10-10 22:48 116,736 a------- h:\windows\system32\esent32.dll
2009-10-09 09:47 116,736 a------- h:\windows\system32\hpzjfw0132.dll
2009-10-07 17:39 <DIR> -cd-h--- h:\windows\ie8
2009-10-07 17:25 <DIR> --dsh--- h:\windows\system32\LocalService
2009-10-03 19:35 <DIR> --d----- H:\VundoFix Backups
2009-10-01 10:35 <DIR> --d----- h:\program files\AVG
2009-09-30 19:01 4,319,264 a--sh--- h:\windows\system32\drivers\fidbox.dat
2009-09-30 19:01 143,648 a--sh--- h:\windows\system32\drivers\fidbox2.dat
2009-09-30 19:01 52,736 a--sh--- h:\windows\system32\drivers\fidbox.idx
2009-09-30 19:01 15,584 a--sh--- h:\windows\system32\drivers\fidbox2.idx
2009-09-30 18:59 <DIR> --d----- h:\program files\common files\ParetoLogic
2009-09-30 18:59 <DIR> --d----- h:\docume~1\alluse~1\applic~1\ParetoLogic
2009-09-29 19:19 <DIR> --d----- h:\docume~1\caesar~1\applic~1\Malwarebytes
2009-09-29 19:18 <DIR> --d----- h:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 17:09 13,646 a------- h:\windows\system32\wpa.dbl
2009-09-28 16:55 <DIR> --d----- h:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-28 16:55 <DIR> --d----- h:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-28 13:52 122,368 a------- h:\windows\system32\FILECOPY32.doc
2009-09-28 13:52 122,368 a------- h:\windows\system32\FILECOPY32.dll

==================== Find3M ====================

2009-09-16 11:31 19,500 a------- h:\windows\hpqins13.dat
2009-09-11 07:18 136,192 a------- h:\windows\system32\msv1_0.dll
2009-09-04 14:03 58,880 a------- h:\windows\system32\msasn1.dll
2009-08-29 01:08 916,480 a------- h:\windows\system32\wininet.dll
2009-08-26 01:00 247,326 a------- h:\windows\system32\strmdll.dll
2009-08-20 15:09 1,193,832 a------- h:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- h:\windows\system32\mswebdvd.dll
2009-08-04 08:13 2,145,280 a------- h:\windows\system32\ntoskrnl.exe
2009-08-04 07:20 2,023,936 a------- h:\windows\system32\ntkrnlpa.exe
2009-08-03 15:07 403,816 a------- h:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- h:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- h:\windows\system32\OGAEXEC.exe
2009-07-25 05:23 411,368 a------- h:\windows\system32\deploytk.dll
2009-04-23 21:56 70,984 a------- h:\documents and settings\caesar garcia\g2mdlhlpx.exe
2004-10-01 16:00 40,960 a------- h:\program files\Uninstall_CDS.exe
2004-08-25 13:34 1,092 ac------ h:\program files\INSTALL.LOG
2003-07-31 02:53 147,456 ac------ h:\windows\inf\EL2K_XP.sys
2003-07-31 02:50 448,768 ac------ h:\windows\inf\EL2K_N64.sys
2003-07-31 02:43 147,456 ac------ h:\windows\inf\EL2K_2K.sys
2001-09-28 17:00 164,864 ac------ h:\program files\UNWISE.EXE
2008-09-20 10:23 32,768 ac-sh--- h:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 15:46:30.18 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:27 PM

Posted 22 October 2009 - 12:41 AM

Hi,

You seem to have P2P file sharing software installed there (Limewire at least). To lower risk of getting infected I recommend to uninstall it.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

h:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:27 PM

Posted 29 October 2009 - 11:43 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users