Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware?Malware? HELP with Removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hinkmama

Hinkmama

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 22 November 2009 - 04:04 PM

The other day I clicked on a file in my facebook and ever since then my internet has not worked well. Everytime I try and google soemthing it redirects me, then yesterday it started working okay, and then today we are back to not working correctly and it keeps kicking me off saying that it is not connected to my network but everything else, phones laptop and such that is connected to the network are working fine. Please help me. Below are my root report, dds, and attach reports. THanks.

Root Repeal Report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/22 14:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF0F0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BBA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF8545000 Size: 352256 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF8507000 Size: 180224 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x82c38318

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x82cb4730

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x82cd02e0

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x82d31990

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x82be0a60

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xef491210

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x82970858

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x82adda28

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x82cc4688

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x82cbf5d0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xef491490

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xef4919f0

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "IPVNMon.sys" at address 0xf840d803

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x82ccf690

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x82cdfc08

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x82d3bcd0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x82d98cd0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x82badb80

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x82cc48c0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x82ccccd0

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xef4917a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x82cc9c88

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x82cc1050

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x82dde378

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x82cce0b8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x82b92098

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x82e42cd0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x82e64cd0

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x82cebfc0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x82eefcd0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xef491c40

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82d333a8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82dd8380

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82e51a20

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x82bec2a8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x82cb3d90

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x82cd8dc8

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x82ed5bf0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x82ed5d08

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x82ed5d40

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x82ed5cd0

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x82acadd8

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0xffa089f8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0xff9f9b58

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0xff9b10b8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0xffab8348

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x82ac9ed8

==EOF==

DSS REport


DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 20:43:34.87 on Thu 11/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.99 [GMT -6:00]

AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\IntelliTax\2006\ITAU.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
c:\documents and settings\administrator\local settings\temp\81.tmp\temp00
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183768853968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1101000.013\SymDS.sys [2009-11-17 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1101000.013\SymEFA.sys [2009-11-17 171056]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20091104.001\BHDrvx86.sys [2009-11-4 524848]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1101000.013\cchpx86.sys [2009-11-17 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1101000.013\Ironx86.sys [2009-11-17 114736]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.1.0.19\ccSvcHst.exe [2009-11-17 126392]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-17 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-17 329592]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]
S2 gupdate1ca366f30168072;Google Update Service (gupdate1ca366f30168072);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-6-4 457472]

=============== Created Last 30 ================

2009-11-19 21:46:02 504 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-17 06:59:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-17 06:57:07 0 d-----w- c:\program files\STOPzilla!
2009-11-17 06:57:03 0 d-----w- c:\program files\common files\iS3
2009-11-17 06:56:59 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-17 03:40:46 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 03:40:46 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 03:40:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 03:40:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 03:40:46 0 d-----w- c:\program files\Symantec
2009-11-17 03:39:24 0 d-----w- c:\windows\system32\drivers\NAV
2009-11-17 03:39:13 0 d-----w- c:\program files\Norton AntiVirus
2009-11-17 03:20:38 0 d-----w- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-11-17 00:07:04 92672 ----a-w- c:\windows\zwer_1258416420.exe
2009-11-16 22:38:21 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-16 22:27:55 92672 ----a-w- c:\windows\zwer_1258410469.exe
2009-11-16 21:22:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 21:14:31 92672 ----a-w- c:\windows\zwer_1258406066.exe
2009-11-16 18:54:31 36352 ----a-w- c:\windows\zwer_1258397669.exe
2009-11-16 18:54:28 92672 ----a-w- c:\windows\zwer_1258397662.exe
2009-11-16 18:23:14 0 ----a-w- c:\windows\zwer_1258395773.exe
2009-11-16 18:22:52 92672 ----a-w- c:\windows\zwer_1258395762.exe
2009-11-16 18:22:42 2 ----a-w- c:\windows\0101120101465255.xxe
2009-11-15 01:15:29 106496 ----a-w- c:\windows\zwer_1258247726.exe
2009-11-15 01:11:16 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-11-15 01:11:12 1 ---h--w- c:\windows\bk23567.dat
2009-11-15 01:11:10 2 ----a-w- c:\windows\0101120101465155.xxe
2009-11-15 01:11:08 2 ----a-w- c:\windows\010112010146116101.xxe
2009-11-12 03:24:22 1569 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2009-11-12 03:23:11 0 d-----w- c:\documents and settings\administrator\.thumbnails
2009-11-12 02:05:37 0 d-----w- c:\documents and settings\administrator\.gimp-2.6
2009-11-12 02:05:33 0 d-----w- c:\documents and settings\administrator\.gegl-0.0
2009-11-12 02:02:07 0 d-----w- c:\program files\Gimp-2.0
2009-11-12 02:01:59 0 d-----w- c:\docume~1\admini~1\applic~1\Smart-Shopper
2009-11-12 02:01:57 0 d-----w- c:\program files\Smart-Shopper
2009-11-12 02:01:50 0 d-----w- c:\program files\My.Freeze.com Toolbar
2009-11-05 17:42:51 0 d-----w- c:\docume~1\admini~1\applic~1\Camfrog
2009-11-05 17:42:27 0 d-----w- c:\program files\Camfrog
2009-11-03 23:42:53 0 d-----w- c:\program files\iPod
2009-11-03 23:42:30 0 d-----w- c:\program files\iTunes
2009-10-27 16:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 16:08:14 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 15:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-25 20:15:43 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-25 03:10:23 0 d-----w- c:\windows\system32\drivers\NSS
2009-10-25 03:10:23 0 d-----w- c:\program files\Norton Security Scan
2009-10-25 03:10:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-25 03:10:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-25 03:10:18 0 d-----w- c:\program files\NortonInstaller
2009-10-25 03:10:18 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-25 00:09:26 0 d-----w- c:\windows\system32\Adobe
2009-10-24 02:40:51 22016 ----a-w- C:\Conference+Gameson.xls

==================== Find3M ====================

2009-11-12 02:23:12 49024 ----a-w- c:\windows\fonts\Devil_inside.ttf
2009-11-12 01:44:34 13932 ----a-w- c:\windows\fonts\kryptonian.TTF
2009-10-20 19:40:34 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 19:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 19:38:16 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 19:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 19:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 19:35:40 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 19:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 19:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 19:31:52 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 03:36:13 21268 ------w- c:\windows\fonts\Ocean View Initials.ttf
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-03-19 20:26:19 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 20:46:25.59 ===============

ATTAch Report


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2007 8:33:24 AM
System Uptime: 11/19/2009 3:41:50 PM (5 hours ago)

Motherboard: Intel Corporation | | D845GEBV2
Processor: Intel® Pentium® 4 CPU 2.40GHz | J2E1 | 2400/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 56.131 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP186: 7/12/2008 1:42:01 PM - System Checkpoint
RP187: 8/29/2009 6:25:56 PM - System Checkpoint
RP188: 8/30/2009 1:20:28 AM - Software Distribution Service 3.0
RP189: 8/30/2009 1:49:01 PM - Printer Driver Microsoft XPS Document Writer Installed
RP190: 8/31/2009 3:00:20 AM - Software Distribution Service 3.0
RP191: 9/1/2009 3:00:17 AM - Software Distribution Service 3.0
RP192: 9/2/2009 3:16:19 AM - System Checkpoint
RP193: 9/3/2009 4:16:20 AM - System Checkpoint
RP194: 9/4/2009 5:16:19 AM - System Checkpoint
RP195: 9/5/2009 6:16:22 AM - System Checkpoint
RP196: 9/6/2009 7:16:03 AM - System Checkpoint
RP197: 9/7/2009 8:16:02 AM - System Checkpoint
RP198: 9/7/2009 10:59:38 AM - Printer Driver Lexmark X74-X75 Installed
RP199: 9/8/2009 3:04:44 AM - Software Distribution Service 3.0
RP200: 9/9/2009 3:56:13 AM - System Checkpoint
RP201: 9/10/2009 3:00:17 AM - Software Distribution Service 3.0
RP202: 9/11/2009 3:16:32 AM - System Checkpoint
RP203: 9/12/2009 4:16:34 AM - System Checkpoint
RP204: 9/13/2009 5:16:36 AM - System Checkpoint
RP205: 9/13/2009 8:54:39 PM - Installed Windows XP WgaNotify.
RP206: 9/13/2009 9:31:49 PM - Installed iTunes
RP207: 9/13/2009 9:39:02 PM - Software Distribution Service 3.0
RP208: 9/14/2009 1:01:10 PM - Installed PC VGA Camer@ Plus
RP209: 9/15/2009 3:00:19 AM - Software Distribution Service 3.0
RP210: 9/16/2009 3:00:20 AM - Software Distribution Service 3.0
RP211: 9/17/2009 3:32:40 AM - System Checkpoint
RP212: 9/19/2009 7:26:33 AM - System Checkpoint
RP213: 9/20/2009 7:31:55 AM - System Checkpoint
RP214: 9/21/2009 9:05:00 AM - System Checkpoint
RP215: 9/22/2009 9:44:45 AM - System Checkpoint
RP216: 9/23/2009 10:44:43 AM - System Checkpoint
RP217: 9/24/2009 11:31:54 AM - System Checkpoint
RP218: 9/25/2009 12:31:50 PM - System Checkpoint
RP219: 9/26/2009 12:41:01 PM - Installed 2WIRE Wireless LAN - USB Driver
RP220: 9/27/2009 1:18:30 PM - System Checkpoint
RP221: 9/28/2009 2:18:12 PM - System Checkpoint
RP222: 9/30/2009 7:59:42 PM - System Checkpoint
RP223: 10/1/2009 8:44:57 PM - System Checkpoint
RP224: 10/2/2009 9:46:00 PM - System Checkpoint
RP225: 10/3/2009 10:44:56 PM - System Checkpoint
RP226: 10/4/2009 11:44:56 PM - System Checkpoint
RP227: 10/6/2009 12:44:41 AM - System Checkpoint
RP228: 10/7/2009 7:16:26 AM - System Checkpoint
RP229: 10/8/2009 7:57:41 AM - System Checkpoint
RP230: 10/9/2009 8:44:42 AM - System Checkpoint
RP231: 10/10/2009 8:45:47 AM - System Checkpoint
RP232: 10/11/2009 9:44:41 AM - System Checkpoint
RP233: 10/12/2009 9:38:28 AM - Software Distribution Service 3.0
RP234: 10/13/2009 3:00:22 AM - Software Distribution Service 3.0
RP235: 10/14/2009 3:00:22 AM - Software Distribution Service 3.0
RP236: 10/15/2009 3:22:29 AM - System Checkpoint
RP237: 10/16/2009 3:27:00 AM - System Checkpoint
RP238: 10/17/2009 4:26:56 AM - System Checkpoint
RP239: 10/18/2009 5:27:00 AM - System Checkpoint
RP240: 10/19/2009 12:41:41 PM - System Checkpoint
RP241: 10/20/2009 1:35:54 PM - System Checkpoint
RP242: 10/21/2009 2:27:26 PM - System Checkpoint
RP243: 10/22/2009 2:39:26 PM - System Checkpoint
RP244: 10/23/2009 3:27:29 PM - System Checkpoint
RP245: 10/24/2009 7:48:15 PM - System Checkpoint
RP246: 10/25/2009 8:05:59 PM - System Checkpoint
RP247: 10/26/2009 11:05:36 PM - System Checkpoint
RP248: 10/27/2009 11:39:05 PM - System Checkpoint
RP249: 10/30/2009 12:05:10 PM - System Checkpoint
RP250: 10/31/2009 12:35:48 PM - System Checkpoint
RP251: 11/1/2009 1:25:12 PM - System Checkpoint
RP252: 11/2/2009 2:01:13 PM - System Checkpoint
RP253: 11/3/2009 3:28:57 PM - System Checkpoint
RP254: 11/4/2009 2:27:22 PM - Software Distribution Service 3.0
RP255: 11/5/2009 2:53:55 PM - Software Distribution Service 3.0
RP256: 11/6/2009 2:59:49 PM - System Checkpoint
RP257: 11/7/2009 3:31:20 PM - System Checkpoint
RP258: 11/8/2009 2:33:08 PM - System Checkpoint
RP259: 11/9/2009 3:21:29 PM - System Checkpoint
RP260: 11/10/2009 4:56:53 PM - System Checkpoint
RP261: 11/11/2009 6:22:47 PM - System Checkpoint
RP262: 11/12/2009 3:00:23 AM - Software Distribution Service 3.0
RP263: 11/13/2009 3:23:34 AM - System Checkpoint
RP264: 11/14/2009 4:23:31 AM - System Checkpoint
RP265: 11/15/2009 8:34:11 AM - System Checkpoint
RP266: 11/16/2009 9:16:44 AM - System Checkpoint
RP267: 11/16/2009 3:21:43 PM - Installed Java™ 6 Update 17
RP268: 11/17/2009 12:56:42 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP269: 11/18/2009 1:53:04 AM - System Checkpoint
RP270: 11/19/2009 2:43:54 AM - System Checkpoint

==== Installed Programs ======================

2Wire Wireless Client
2WIRE Wireless LAN - USB Driver
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
Bonjour
CorePLS_Full_QFolder
CorePLS_Min_QFolder
CustomerResearchQFolder
DocuPrinterPro 4.08
Gimp 2.6.2 Debug
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Care Pack Core
HP Care Pack Products
HP Extended Capabilities 6.0
HP LaserJet P2015 Series 1.0
HP Smart Web Printing 1.0
HP Update
hppFonts
hppIOFiles
hppLJP2015
hppManualsP2015
hppMSRedist
hppTLBXFXP2015
hppusgP2015
hppWebRegMM
hpzTLBXFX
Inspiration 8
Intel® 536EP Modem
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
IntelliTax Classic for 2005
IntelliTax for Windows 2006
iPhone Configuration Utility
iS3 STOPzilla Toolbar
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 17
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Lexmark X74-X75
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Professional
Microsoft SQL Server Desktop Engine
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 6 Service Pack 2 (KB954459)
My.Freeze.com Toolbar
Norton AntiVirus
Norton Security Scan
PC VGA Camer@ Plus
Product_SF_Full_QFolder
Product_SF_Min_QFolder
QuickBooks Pro Edition 2004
Quicken 2006
QuickTime
RealArcade
RegistryFix v6.1
Safari
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
SoundMAX
STOPzilla
Super TextTwist
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Wal-Mart Digital Photo Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

11/19/2009 3:45:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2009 3:45:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/17/2009 12:26:58 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
11/17/2009 1:15:45 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2009 1:15:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/17/2009 1:15:37 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/17/2009 1:09:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
11/17/2009 1:03:09 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the fioo32 service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/17/2009 1:02:11 AM, error: Service Control Manager [7031] - The fioo32 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2009 9:49:57 PM, error: Service Control Manager [7000] - The Symantec Eraser Control driver service failed to start due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2.
11/15/2009 8:14:33 AM, error: Service Control Manager [7022] - The fioo32 service hung on starting.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 AM

Posted 28 November 2009 - 01:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 AM

Posted 03 December 2009 - 01:08 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users