Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this Log - Internet Redirecting - Like Crazy!!


  • This topic is locked This topic is locked
11 replies to this topic

#1 cmatta24

cmatta24

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 November 2009 - 06:35 PM

When using any of my browsers - clicking on links redirects me away from the site intended to another site - usually a ad page. (I beielve the primary culprit is mywebsearch, but could it be others)

Thanks,
Matt



DDS (Ver_09-11-29.01) - NTFSx86
Run by Precom1 at 14:55:37.26 on Mon 11/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.380 [GMT -8:00]

AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1228620942\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Precom1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uSearch Page = hxxp://www.google.com
mStart Page = www.yahoo.com
mSearch Page = hxxp://www.google.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Google Find Bar: {e16dc1fe-7c34-43f2-b754-f3ad12ddf97c} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HostManager] c:\program files\common files\aol\1228620942\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CTCheck] c:\program files\creative\zen media explorer\CTCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: Voice Editing Launcher - c:\program files\panasonic\voice editing\VEd1_IEMenu.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {89C5F560-2B24-4C86-9FC8-9A28AC245218} = 68.94.156.1 68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\precom1\applic~1\mozilla\firefox\profiles\7l83x43t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\precom1\application data\mozilla\firefox\profiles\7l83x43t.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-22 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-22 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-22 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-11-30 17432]
S2 wriqtnls;wriqtnls;c:\windows\system32\drivers\oxqkqdcgwellme.sys [2009-11-30 78720]
S4 DataPreserve Remote Backup Scheduler;DataPreserve Remote Backup Scheduler;c:\program files\datapreserve\remote backup\client\BackupSchedulerService.exe [2006-11-27 155648]

=============== Created Last 30 ================

2009-11-30 22:23:35 78720 ----a-w- c:\windows\system32\drivers\oxqkqdcgwellme.sys
2009-11-30 21:11:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-30 21:10:53 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 21:10:53 0 d-----w- c:\docume~1\precom1\applic~1\SUPERAntiSpyware.com
2009-11-30 21:09:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-18 21:50:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-10-18 18:37:06 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101820081019\index.dat
2008-12-24 03:49:04 16384 -csha-w- c:\windows\temp\cookies\index.dat
2008-12-24 03:49:04 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2008-12-24 03:49:04 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:57:31.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:02 AM

Posted 30 November 2009 - 06:52 PM

Hi, cmatta24 :(

Welcome.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it where you can easily find it, such as your desktop and post its contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 November 2009 - 06:58 PM

OK, I'm on it now.

#4 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 November 2009 - 08:51 PM

Attached you will find the Ark.txt file.

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:02 AM

Posted 30 November 2009 - 11:14 PM

It isn't attached. Open it in Notepad and copy and paste its contents in a reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 30 November 2009 - 11:21 PM

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-30 17:49:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Precom1\LOCALS~1\Temp\fgtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE3B86B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE3B8574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE3B8A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE3B814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE3B864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE3B808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE3B80F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE3B876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE3B872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE3B88AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF1070B0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEE3C182E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEE3C1678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEE3C17AC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat B6213D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86F64618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  ark.txt   4.49KB   0 downloads


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:02 AM

Posted 30 November 2009 - 11:37 PM

Hi, cmatta24 :(

Please read and follow all these instructions very carefully.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

=====================================================================


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new DDS log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

=====================================================================


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 01 December 2009 - 02:47 AM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/30/2009 10:25:34 PM
mbam-log-2009-11-30 (22-25-34).txt

Scan type: Quick Scan
Objects scanned: 113475
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.





ComboFix 09-11-30.02 - Precom1 11/30/2009 23:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.286 [GMT -8:00]
Running from: c:\documents and settings\Precom1\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ehahenis.ini
c:\windows\system32\enomemem.ini
c:\windows\system32\izagikeb.ini
c:\windows\system32\system
c:\windows\system32\system\BugSlayerUtil.dll
c:\windows\system32\system\cygcrypt-0.dll
c:\windows\system32\system\cygwin1.dll
c:\windows\system32\system\k.exe
c:\windows\system32\system\libeay32.dll
c:\windows\system32\system\ms-java.ini
c:\windows\system32\system\MS-JAVA.log
c:\windows\system32\system\Mssvc.exe
c:\windows\system32\system\mybot.log
c:\windows\system32\system\mybot.log.2008-12-18
c:\windows\system32\system\mybot.pid
c:\windows\system32\system\mybot.state
c:\windows\system32\system\mybot.state~
c:\windows\system32\system\mybot.txt
c:\windows\system32\system\mybot.txt~
c:\windows\system32\system\REC.dll
c:\windows\system32\system\rec.reg
c:\windows\system32\system\rec\PRUEBA DE VELOCIDAD Y FIREWALL.txt
c:\windows\system32\system\run.bat
c:\windows\system32\system\RUN.PIF
c:\windows\system32\system\ServUDaemon.ini
c:\windows\system32\system\ServUStartUpLog.txt
c:\windows\system32\system\ssleay32.dll
c:\windows\system32\system\TzoLibr.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 06:10 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 06:10 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 06:10 . 2009-12-01 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 22:23 . 2009-11-30 22:23 78720 ----a-w- c:\windows\system32\drivers\oxqkqdcgwellme.sys
2009-11-30 21:11 . 2009-11-30 21:11 117760 ----a-w- c:\documents and settings\Precom1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-30 21:11 . 2009-11-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-30 21:10 . 2009-11-30 21:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 21:10 . 2009-11-30 21:10 -------- d-----w- c:\documents and settings\Precom1\Application Data\SUPERAntiSpyware.com
2009-11-30 21:09 . 2009-11-30 21:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-18 21:50 . 2009-11-18 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-18 21:35 . 2009-11-18 21:35 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-18 21:31 . 2009-11-18 21:31 -------- d-----w- c:\program files\Safari
2009-11-18 21:28 . 2009-11-18 21:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 20:24 . 2008-12-08 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-30 18:29 . 2008-12-26 20:53 -------- d-----w- c:\program files\XoftSpySE
2009-11-18 21:51 . 2009-07-12 22:37 -------- d-----w- c:\program files\iTunes
2009-11-18 21:50 . 2009-07-12 22:37 -------- d-----w- c:\program files\iPod
2009-11-18 21:48 . 2008-03-31 20:45 -------- d-----w- c:\program files\QuickTime
2009-11-18 21:30 . 2009-07-12 22:32 -------- d-----w- c:\program files\Common Files\Apple
2009-11-12 11:09 . 2007-12-06 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-30 10:53 . 2008-01-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-21 20:39 . 2006-11-21 22:18 69624 ----a-w- c:\documents and settings\Precom1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:11 . 2008-10-20 22:46 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 16:16 . 2009-10-05 16:16 -------- d-----w- c:\documents and settings\Precom1\Application Data\Ahead
2009-09-15 04:57 . 2009-09-15 04:57 104064 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-02-11 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"HostManager"="c:\program files\Common Files\AOL\1228620942\ee\AOLSoftware.exe" [2008-11-06 41264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896]
"CTCheck"="c:\program files\Creative\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-12-7 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1228620942\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\searchprotocolhost.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/22/2008 2:23 PM 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 2:11 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/22/2008 2:23 PM 20560]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [11/30/2006 9:36 AM 17432]
S2 wriqtnls;wriqtnls;c:\windows\system32\drivers\oxqkqdcgwellme.sys [11/30/2009 2:23 PM 78720]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S4 DataPreserve Remote Backup Scheduler;DataPreserve Remote Backup Scheduler;c:\program files\DataPreserve\Remote Backup\Client\BackupSchedulerService.exe [11/27/2006 7:04 AM 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-08 01:25]

2008-12-11 c:\windows\Tasks\WebReg photosmart 2600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 23:45]

2009-12-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 06:18]

2009-12-01 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]

2009-11-28 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-12-23 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
mStart Page = www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: Voice Editing Launcher - c:\program files\Panasonic\Voice Editing\VEd1_IEMenu.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Precom1\Application Data\Mozilla\Firefox\Profiles\7l83x43t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\Precom1\Application Data\Mozilla\Firefox\Profiles\7l83x43t.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Uniblue RegistryBooster 2009 - c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe REMOVE=TRUE MODIFY=FALSE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 23:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-30 23:26
ComboFix-quarantined-files.txt 2009-12-01 07:25

Pre-Run: 250,863,226,880 bytes free
Post-Run: 251,650,392,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 38349633FE9CAE31B2CE29AF418BFA59

Attached Files



#9 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 01 December 2009 - 02:52 AM

DDS (Ver_09-11-29.01) - NTFSx86
Run by Precom1 at 23:49:20.98 on Mon 11/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.420 [GMT -8:00]

AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Precom1\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
mStart Page = www.yahoo.com
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,8,0.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Google Find Bar: {e16dc1fe-7c34-43f2-b754-f3ad12ddf97c} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HostManager] c:\program files\common files\aol\1228620942\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CTCheck] c:\program files\creative\zen media explorer\CTCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: Voice Editing Launcher - c:\program files\panasonic\voice editing\VEd1_IEMenu.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {89C5F560-2B24-4C86-9FC8-9A28AC245218} = 68.94.156.1 68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\precom1\applic~1\mozilla\firefox\profiles\7l83x43t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\precom1\application data\mozilla\firefox\profiles\7l83x43t.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-22 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-22 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-22 254040]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-11-30 17432]
S2 wriqtnls;wriqtnls;c:\windows\system32\drivers\oxqkqdcgwellme.sys [2009-11-30 78720]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-22 352920]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S4 DataPreserve Remote Backup Scheduler;DataPreserve Remote Backup Scheduler;c:\program files\datapreserve\remote backup\client\BackupSchedulerService.exe [2006-11-27 155648]

=============== Created Last 30 ================

2009-12-01 06:51:38 0 d-sha-r- C:\cmdcons
2009-12-01 06:47:13 98816 ----a-w- c:\windows\sed.exe
2009-12-01 06:47:13 77312 ----a-w- c:\windows\MBR.exe
2009-12-01 06:47:13 260608 ----a-w- c:\windows\PEV.exe
2009-12-01 06:47:13 161792 ----a-w- c:\windows\SWREG.exe
2009-12-01 06:10:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 06:10:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 06:10:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 22:23:35 78720 ----a-w- c:\windows\system32\drivers\oxqkqdcgwellme.sys
2009-11-30 21:11:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-30 21:10:53 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 21:10:53 0 d-----w- c:\docume~1\precom1\applic~1\SUPERAntiSpyware.com
2009-11-30 21:09:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-18 21:50:03 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-10-18 18:37:06 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101820081019\index.dat

============= FINISH: 23:49:44.04 ===============

Attached Files

  • Attached File  DDS.txt   12.03KB   0 downloads


#10 cmatta24

cmatta24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 01 December 2009 - 02:55 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 11/6/2006 3:03:59 PM
System Uptime: 11/30/2009 11:02:31 PM (0 hours ago)

Motherboard: Intel Corporation | | D945GNT
Processor: Intel® Pentium® D CPU 3.40GHz | J3E1 | 3399/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 234.397 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 37 GiB total, 23.769 GiB free.
G: is FIXED (NTFS) - 149 GiB total, 111.07 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1049: 9/2/2009 3:00:17 AM - Software Distribution Service 3.0
RP1050: 9/3/2009 3:00:21 AM - Software Distribution Service 3.0
RP1051: 9/4/2009 3:00:17 AM - Software Distribution Service 3.0
RP1052: 9/5/2009 3:00:19 AM - Software Distribution Service 3.0
RP1053: 9/5/2009 12:38:05 PM - Software Distribution Service 3.0
RP1054: 9/6/2009 3:00:11 AM - Software Distribution Service 3.0
RP1055: 9/7/2009 3:47:16 AM - System Checkpoint
RP1056: 9/7/2009 1:22:41 PM - Software Distribution Service 3.0
RP1057: 9/8/2009 3:00:19 AM - Software Distribution Service 3.0
RP1058: 9/9/2009 3:00:29 AM - Software Distribution Service 3.0
RP1059: 9/10/2009 3:51:04 AM - System Checkpoint
RP1060: 9/11/2009 4:51:02 AM - System Checkpoint
RP1061: 9/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP1062: 9/12/2009 3:41:35 PM - Installed LG USB Modem driver
RP1063: 9/13/2009 3:00:17 AM - Software Distribution Service 3.0
RP1064: 9/14/2009 3:00:20 AM - Software Distribution Service 3.0
RP1065: 9/14/2009 9:02:31 PM - Installed Magellan RoadMate Tools
RP1066: 9/14/2009 9:07:56 PM - Unsigned driver install
RP1067: 9/14/2009 9:15:12 PM - Software Distribution Service 3.0
RP1068: 9/14/2009 9:36:34 PM - Installed Magellan RoadMate Tools
RP1069: 9/14/2009 10:01:01 PM - Unsigned driver install
RP1070: 9/15/2009 3:00:19 AM - Software Distribution Service 3.0
RP1071: 9/15/2009 1:38:33 PM - Software Distribution Service 3.0
RP1072: 9/16/2009 3:00:12 AM - Software Distribution Service 3.0
RP1073: 9/17/2009 4:52:37 AM - System Checkpoint
RP1074: 9/18/2009 6:34:32 AM - System Checkpoint
RP1075: 9/18/2009 9:57:54 PM - Software Distribution Service 3.0
RP1076: 9/19/2009 3:00:19 AM - Software Distribution Service 3.0
RP1077: 9/20/2009 3:00:20 AM - Software Distribution Service 3.0
RP1078: 9/21/2009 3:00:19 AM - Software Distribution Service 3.0
RP1079: 9/22/2009 3:00:21 AM - Software Distribution Service 3.0
RP1080: 9/23/2009 3:00:22 AM - Software Distribution Service 3.0
RP1081: 9/24/2009 3:00:19 AM - Software Distribution Service 3.0
RP1082: 9/25/2009 3:00:21 AM - Software Distribution Service 3.0
RP1083: 9/26/2009 3:00:20 AM - Software Distribution Service 3.0
RP1084: 9/27/2009 11:18:26 AM - Software Distribution Service 3.0
RP1085: 9/28/2009 3:00:19 AM - Software Distribution Service 3.0
RP1086: 9/29/2009 3:00:20 AM - Software Distribution Service 3.0
RP1087: 9/30/2009 3:00:19 AM - Software Distribution Service 3.0
RP1088: 10/1/2009 3:00:19 AM - Software Distribution Service 3.0
RP1089: 10/1/2009 11:40:26 PM - Software Distribution Service 3.0
RP1090: 10/2/2009 3:00:18 AM - Software Distribution Service 3.0
RP1091: 10/3/2009 3:00:17 AM - Software Distribution Service 3.0
RP1092: 10/4/2009 3:00:17 AM - Software Distribution Service 3.0
RP1093: 10/5/2009 3:00:18 AM - Software Distribution Service 3.0
RP1094: 10/5/2009 11:24:49 AM - Software Distribution Service 3.0
RP1095: 10/6/2009 3:00:23 AM - Software Distribution Service 3.0
RP1096: 10/6/2009 12:15:11 PM - Software Distribution Service 3.0
RP1097: 10/7/2009 3:00:18 AM - Software Distribution Service 3.0
RP1098: 10/8/2009 3:00:19 AM - Software Distribution Service 3.0
RP1099: 10/9/2009 3:00:20 AM - Software Distribution Service 3.0
RP1100: 10/10/2009 3:00:20 AM - Software Distribution Service 3.0
RP1101: 10/11/2009 3:00:21 AM - Software Distribution Service 3.0
RP1102: 10/11/2009 12:27:49 PM - Software Distribution Service 3.0
RP1103: 10/12/2009 3:00:18 AM - Software Distribution Service 3.0
RP1104: 10/13/2009 3:01:04 AM - Software Distribution Service 3.0
RP1105: 10/14/2009 3:00:35 AM - Software Distribution Service 3.0
RP1106: 10/15/2009 3:33:37 AM - System Checkpoint
RP1107: 10/16/2009 11:49:22 AM - System Checkpoint
RP1108: 10/17/2009 1:28:58 PM - System Checkpoint
RP1109: 10/18/2009 3:00:17 AM - Software Distribution Service 3.0
RP1110: 10/19/2009 3:00:18 AM - Software Distribution Service 3.0
RP1111: 10/20/2009 3:00:22 AM - Software Distribution Service 3.0
RP1112: 10/20/2009 11:31:50 PM - Software Distribution Service 3.0
RP1113: 10/21/2009 11:37:48 PM - System Checkpoint
RP1114: 10/22/2009 3:00:12 AM - Software Distribution Service 3.0
RP1115: 10/23/2009 3:37:48 AM - System Checkpoint
RP1116: 10/24/2009 3:00:12 AM - Software Distribution Service 3.0
RP1117: 10/25/2009 3:37:48 AM - System Checkpoint
RP1118: 10/26/2009 3:00:16 AM - Software Distribution Service 3.0
RP1119: 10/27/2009 3:35:21 AM - System Checkpoint
RP1120: 10/27/2009 10:17:42 PM - Software Distribution Service 3.0
RP1121: 10/28/2009 11:43:14 PM - System Checkpoint
RP1122: 10/29/2009 3:00:21 AM - Software Distribution Service 3.0
RP1123: 10/29/2009 3:13:45 PM - Software Distribution Service 3.0
RP1124: 10/30/2009 5:12:03 PM - System Checkpoint
RP1125: 10/31/2009 3:00:14 AM - Software Distribution Service 3.0
RP1126: 11/1/2009 3:49:51 AM - System Checkpoint
RP1127: 11/1/2009 4:00:11 AM - Software Distribution Service 3.0
RP1128: 11/2/2009 4:21:05 AM - System Checkpoint
RP1129: 11/2/2009 1:50:29 PM - Software Distribution Service 3.0
RP1130: 11/3/2009 6:51:08 PM - System Checkpoint
RP1131: 11/4/2009 4:00:19 AM - Software Distribution Service 3.0
RP1132: 11/5/2009 4:00:21 AM - Software Distribution Service 3.0
RP1133: 11/5/2009 7:32:33 AM - Software Distribution Service 3.0
RP1134: 11/6/2009 12:27:25 AM - Software Distribution Service 3.0
RP1135: 11/6/2009 4:01:18 AM - Software Distribution Service 3.0
RP1136: 11/7/2009 4:00:17 AM - Software Distribution Service 3.0
RP1137: 11/8/2009 3:00:16 AM - Software Distribution Service 3.0
RP1138: 11/9/2009 3:00:23 AM - Software Distribution Service 3.0
RP1139: 11/10/2009 3:00:19 AM - Software Distribution Service 3.0
RP1140: 11/11/2009 3:00:22 AM - Software Distribution Service 3.0
RP1141: 11/12/2009 3:00:41 AM - Software Distribution Service 3.0
RP1142: 11/12/2009 11:43:56 AM - Software Distribution Service 3.0
RP1143: 11/13/2009 3:00:24 AM - Software Distribution Service 3.0
RP1144: 11/13/2009 9:43:33 AM - Software Distribution Service 3.0
RP1145: 11/14/2009 3:00:19 AM - Software Distribution Service 3.0
RP1146: 11/14/2009 5:54:35 PM - Software Distribution Service 3.0
RP1147: 11/15/2009 3:00:21 AM - Software Distribution Service 3.0
RP1148: 11/16/2009 3:00:22 AM - Software Distribution Service 3.0
RP1149: 11/17/2009 3:00:22 AM - Software Distribution Service 3.0
RP1150: 11/18/2009 3:00:19 AM - Software Distribution Service 3.0
RP1151: 11/19/2009 3:00:13 AM - Software Distribution Service 3.0
RP1152: 11/20/2009 3:08:00 AM - System Checkpoint
RP1153: 11/20/2009 10:41:14 AM - Software Distribution Service 3.0
RP1154: 11/20/2009 7:41:14 PM - Software Distribution Service 3.0
RP1155: 11/21/2009 3:00:20 AM - Software Distribution Service 3.0
RP1156: 11/22/2009 3:00:18 AM - Software Distribution Service 3.0
RP1157: 11/23/2009 12:19:25 AM - Software Distribution Service 3.0
RP1158: 11/23/2009 5:49:51 PM - Software Distribution Service 3.0
RP1159: 11/24/2009 3:00:19 AM - Software Distribution Service 3.0
RP1160: 11/25/2009 3:00:20 AM - Software Distribution Service 3.0
RP1161: 11/26/2009 3:00:20 AM - Software Distribution Service 3.0
RP1162: 11/27/2009 3:00:22 AM - Software Distribution Service 3.0
RP1163: 11/28/2009 3:00:23 AM - Software Distribution Service 3.0
RP1164: 11/29/2009 3:00:23 AM - Software Distribution Service 3.0
RP1165: 11/30/2009 3:00:34 AM - Software Distribution Service 3.0
RP1166: 11/30/2009 12:18:23 PM - Software Distribution Service 3.0
RP1167: 11/30/2009 1:10:51 PM - Installed SUPERAntiSpyware Free Edition
RP1168: 11/30/2009 10:01:55 PM - Software Distribution Service 3.0

==== Installed Programs ======================


2600
2600_Help
2600Trb
32 Bit HP CIO Components Installer
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Contribute CS3
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop 4.0 LE
Adobe Reader 7.0.9
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
AiO_Scan
AiOSoftware
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
ATT-PRT22
ATT-RemoteControl
AudibleManager
AutoBackup
avast! Antivirus
BitPim 1.0.7.20090805
Bonjour
BufferChm
Canon MF Drivers
CCleaner (remove only)
ClanGrantScreensaver_lg Screen Saver
Compatibility Pack for the 2007 Office system
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
DataPreserve Remote Backup Client
deskPDF 2.5 Standard Edition
Destinations
Director
DNA
DocProc
Docudesk GPL Ghostscript 8.15
DocumentViewer
Download Updater (AOL LLC)
DriverAgent by eSupport.com
Fax
FreeAgent Pro Tools
GoFTP v2
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
Inkscape 0.46
InstantShare
Intel Audio Studio 2.0
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 7
Jetcast 1.1.1
Laugh, Smile & Learn™
LG USB Modem driver
LiveUpdate 1.80 (Symantec Corporation)
Magellan RoadMate Tools
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visio 2000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Service Pack 3
Mozilla Firefox (3.5.5)
MP3 Player Recovery Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
Norton Ghost
OpenOffice.org Installer 1.0
PanoStandAlone
PartyPoker
PhotoGallery
PowerDVD
ProductContext
QFolder
QuickTime
Readme
RealSpeak_Solo_Common_for_Panasonic
RealSpeak_Solo_English_for_Panasonic
RegistryFix v7.0
Revo Uninstaller 1.75
Rhapsody
SAPI5_Common
SAPI5_English
SBC Yahoo! DSL
SBC Yahoo! DSL Utilities
SBC Yahoo! Internet Mail
SBC Yahoo! Parental Controls
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
SkinsHP1
SmartDraw 2007
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
TrayApp
Uniblue RegistryBooster 2009
Uninstall AOL Emergency Connect Utility 1.0
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA
Viewpoint Media Player
VNC Free Edition 4.1.1
Voice Editing
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xerox Support Centre
XoftSpySE
Yahoo! Companion
Yahoo! Login
ZEN Media Explorer
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

11/30/2009 12:24:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
11/30/2009 12:24:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AutoBackup service to connect.
11/30/2009 12:24:27 PM, error: Service Control Manager [7000] - The AutoBackup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/30/2009 12:21:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/30/2009 12:21:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/30/2009 11:06:52 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
11/25/2009 5:14:40 PM, error: DCOM [10000] - Unable to start a DCOM Server: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}. The error: "%2" Happened while starting this command: C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe -Embedding
11/25/2009 3:23:26 AM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
11/25/2009 3:23:26 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/25/2009 3:23:26 AM, error: Service Control Manager [7000] - The IC Recorder Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/23/2009 9:31:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
11/23/2009 9:31:35 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2009 5:56:14 PM, error: Service Control Manager [7022] - The AutoBackup service hung on starting.

==== End Of File ===========================


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:34 on 30/11/2009 by Precom1 (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"

Attached Files



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:02 AM

Posted 01 December 2009 - 10:09 AM

The SystemLook report seems incomplete. Please run it once again and allow enough time to complete.

Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,931 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:02 AM

Posted 07 December 2009 - 08:13 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users