Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help removing malware please


  • This topic is locked This topic is locked
2 replies to this topic

#1 RandomStyl

RandomStyl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 29 October 2009 - 11:46 AM

Hi,

I have tried to remove all the malware that is on my computer. I have used Malwarebytes, spybot search and destroy and spysweeper. All programs were up todate on as the most recent release and the definitions were also up todate. All programs found viruses and malwares and removed them. My system currently says that no viruses or malwares are present, but I still can't view certain webpages like microsoft.com, trendmicro.com etc.. I also can't do any windows updates.

Please help me to remove the malware that is still present, thank you for your time!!

DDS.txt

------------


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bran at 12:26:21.98 on Thu 10/29/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.444 [GMT -8:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe C:\WINDOWS\TEMP\VRT6.tmp
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Bran\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SpySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\memeoa~1.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bran\applic~1\mozilla\firefox\profiles\4sviyoxs.default\
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-13 29808]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 25088]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-10-24 1180976]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-10-24 231424]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]
RUnknown BtwSrv;BtwSrv; [x]

=============== Created Last 30 ================

2009-10-29 20:14:21 3251 ----a-w- c:\windows\system32\wbem\Outlook_01ca58d46679fe64.mof
2009-10-29 19:35:56 0 d-----w- c:\program files\Trend Micro
2009-10-29 18:42:30 0 d-s---w- c:\documents and settings\bran\UserData
2009-10-29 18:40:12 88 ----a-w- c:\windows\wininit.ini
2009-10-29 17:08:32 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-10-29 17:08:19 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-10-29 07:21:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 07:21:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-29 01:43:51 0 d--h--r- C:\VProRecovery
2009-10-26 21:12:54 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-26 20:12:41 0 d-----w- c:\docume~1\bran\applic~1\Memeo
2009-10-26 20:12:36 0 d-s---w- c:\docume~1\alluse~1\applic~1\Memeo
2009-10-26 20:12:26 0 d-----w- c:\program files\common files\eSellerate
2009-10-26 20:12:20 0 d-----w- c:\program files\Memeo
2009-10-26 20:08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-26 20:08:51 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-26 19:30:13 0 d--h--w- C:\_Memeo
2009-10-26 19:29:58 0 d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2009-10-26 19:26:01 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-25 05:51:24 8192 --s-a-r- C:\BOOTSECT.BAK
2009-10-25 05:51:22 438840 --sha-r- C:\bootmgr
2009-10-25 05:51:21 0 d-sh--w- C:\Boot
2009-10-25 05:05:13 0 d-sh--w- C:\$RECYCLE.BIN
2009-10-25 05:04:34 171136 --sha-r- C:\grldr
2009-10-25 04:27:58 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2009-10-25 01:06:17 215144 ----a-r- c:\windows\patchw32.dll
2009-10-25 01:05:19 215144 ----a-r- c:\windows\pw32a.dll
2009-10-25 01:05:15 0 d-----w- c:\docume~1\bran\applic~1\Symantec
2009-10-25 01:02:51 0 d-----w- c:\windows\pss
2009-10-25 00:56:15 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-10-25 00:56:15 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-10-25 00:56:15 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-10-25 00:56:13 0 d-----w- c:\program files\Symantec
2009-10-25 00:55:25 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-10-25 00:55:24 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-10-25 00:55:23 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-10-25 00:55:21 138080 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-10-25 00:55:10 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-25 00:55:02 0 d-----w- c:\program files\Norton Ghost
2009-10-25 00:55:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-25 00:52:09 0 d-----w- c:\program files\PowerISO
2009-10-25 00:50:54 0 d-----w- c:\program files\dvdSanta
2009-10-25 00:50:29 0 d-----w- c:\docume~1\bran\applic~1\Malwarebytes
2009-10-25 00:50:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 00:50:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-25 00:50:00 0 d-----w- c:\program files\DVD Shrink
2009-10-25 00:49:15 1553784 ----a-w- c:\windows\WRSetup.dll
2009-10-25 00:49:15 0 d-----w- c:\program files\Webroot
2009-10-25 00:49:15 0 d-----w- c:\docume~1\bran\applic~1\Webroot
2009-10-25 00:49:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2009-10-25 00:49:00 0 d-----w- c:\windows\SHELLNEW
2009-10-25 00:48:13 0 d-----w- c:\program files\VideoLAN
2009-10-25 00:41:38 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-25 00:34:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-10-25 00:34:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-25 00:33:36 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-10-25 00:33:36 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2009-10-25 00:33:36 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-10-25 00:33:35 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2009-10-25 00:33:35 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2009-10-25 00:30:22 90112 ----a-w- c:\windows\system32\bcmwlD2K.EXE
2009-10-25 00:29:36 0 d-----w- c:\program files\Broadcom
2009-10-25 00:29:30 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-25 00:28:10 78720 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-10-25 00:28:00 90112 ------w- c:\windows\system32\hpqnt.dll
2009-10-25 00:28:00 45056 ----a-w- c:\windows\system32\hpBat.cpl
2009-10-25 00:27:10 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-10-25 00:20:44 0 d-----w- c:\windows\system32\XPSViewer
2009-10-25 00:20:18 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-25 00:10:59 32285 ------w- c:\windows\system32\hsfcisp2.dll
2009-10-25 00:09:25 0 d-----w- c:\windows\ServicePackFiles
2009-10-25 00:06:11 19569 ----a-w- c:\windows\002610_.tmp
2009-10-25 00:06:03 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-25 00:03:58 0 d-----w- c:\windows\EHome
2009-10-24 23:58:54 0 d-----w- c:\program files\Stardock
2009-10-24 23:46:51 0 d-----w- c:\program files\iTunes
2009-10-24 23:46:51 0 d-----w- c:\program files\iPod
2009-10-24 23:32:19 0 d-----w- c:\program files\common files\TiVo Shared
2009-10-24 23:31:39 0 d-----w- c:\program files\Sonic
2009-10-24 23:31:39 0 d-----w- c:\program files\common files\SureThing Shared
2009-10-24 23:31:02 0 d-----w- c:\program files\common files\Sonic Shared
2009-10-24 23:23:06 0 d-----w- c:\program files\Hp
2009-10-24 23:20:32 0 d-----w- c:\program files\InterVideo
2009-10-24 23:18:44 0 d-----w- c:\program files\HPQ
2009-10-24 23:17:17 0 d-----w- c:\program files\ATI Technologies
2009-10-24 23:16:40 0 d-----w- c:\program files\Synaptics
2009-10-24 23:15:01 0 d-----w- c:\program files\WIDCOMM
2009-10-24 23:14:28 0 d-----w- c:\program files\CONEXANT
2009-10-24 23:05:49 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-24 23:05:31 0 d--h--w- c:\program files\WindowsUpdate
2009-10-24 23:04:36 0 d-----w- c:\program files\common files\MSSoap
2009-10-24 23:03:11 0 d-----w- c:\program files\Online Services
2009-10-24 23:03:06 0 d-----w- c:\program files\Messenger
2009-10-24 23:03:02 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-24 23:02:18 0 d-----w- c:\program files\Windows NT
2009-10-24 15:55:36 0 d-----w- c:\program files\common files\ODBC
2009-10-24 15:55:32 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-24 15:55:08 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-10-24 23:22:42 1589 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv8000 (EE298AV)_YN_0Pavi_QCND54710R6_EU_46_I309B_SHP_V49.55_BF.42_T060621_WXH2_L409_M1023_J250_7AMD_8Turion 64 Technology ML-37_91.99_#091024_N10EC8139_(EE298AV)_XMOBILE_CN10_Z10024378_2F.42.MRK
2009-10-24 23:03:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 12:27:06.56 ===============



hijackthis.txt

-------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:05 PM, on 10/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 6886 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:45 AM

Posted 04 November 2009 - 10:31 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:45 AM

Posted 09 November 2009 - 07:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users