Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet explorer wont load most sites


  • This topic is locked This topic is locked
9 replies to this topic

#1 montanarane

montanarane

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 04 December 2009 - 12:42 AM

A few unknown popups flashed on the screen and I quickly closed them. They may have been a blue and white shield with text something like antispyware 2009 but I never saw them again and didn't note what they were (I will pay more attention next time). I rebooted and ran malwarebytes and a full scan with avira antivir premium which both came up clean. Internet explorer wont load www.google.com or www.yahoo.com or microsoft updates but it will load mail.yahoo.com and www.gmail.com. I upgraded to IE8 but it did not help. Firefox 3.5 has no trouble loading all sites.

Thanks for your help

Montana

Attached Files


Edited by montanarane, 04 December 2009 - 12:44 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:16 PM

Posted 04 December 2009 - 08:15 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 montanarane

montanarane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 04 December 2009 - 02:39 PM

Hi Sam, Thanks for taking the time to help me. I really appreciate it. Here are the logs you requested:

OTL logfile created on: 12/4/2009 11:30:05 AM - Run 1
OTL by OldTimer - Version 3.1.11.5 Folder = C:\Documents and Settings\Rane Family\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 512.89 Mb Available Physical Memory | 50.56% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 278.77 Gb Free Space | 93.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAYCED520
Current User Name: Rane Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/04 11:29:10 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rane Family\My Documents\Downloads\OTL.exe
PRC - [2009/11/02 19:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/07 05:04:44 | 03,872,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/10/07 04:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/08/27 16:59:24 | 00,398,672 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/08/27 16:19:26 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 14:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2009/05/11 10:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/10 16:03:15 | 00,417,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/10/24 17:00:34 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2008/10/24 17:00:34 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2008/10/24 17:00:28 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2007/08/14 21:07:44 | 00,914,160 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2007/05/23 06:39:16 | 00,696,320 | ---- | M] () -- C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
PRC - [2007/03/30 19:00:16 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/03/30 18:59:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/03/30 18:59:26 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/10/07 13:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 15:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/12/21 22:28:58 | 00,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/06/28 22:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2009/12/04 11:29:10 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rane Family\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/07 04:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/08/27 16:19:26 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/12 14:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/05/11 10:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/12/10 16:03:15 | 00,417,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/24 17:00:34 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/08/14 21:07:44 | 00,914,160 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/12/21 22:28:58 | 00,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2002/08/01 09:22:40 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-630328440-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKU\S-1-5-21-299502267-630328440-1606980848-1003\S-1-5-21-299502267-630328440-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-299502267-630328440-1606980848-1003\S-1-5-21-299502267-630328440-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-299502267-630328440-1606980848-1003\S-1-5-21-299502267-630328440-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 21:09:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 21:09:41 | 00,000,000 | ---D | M]

[2009/11/24 21:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\Mozilla\Extensions
[2009/12/02 07:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\Mozilla\Firefox\Profiles\1astnmkw.default\extensions
[2009/11/24 21:09:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-630328440-1606980848-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbamer.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-630328440-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://209.220.177.194/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1241132862015 (WUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 14:37:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/29 14:37:20 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/12/03 21:08:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/03 21:02:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Rane Family\PrivacIE
[2009/12/03 21:01:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Rane Family\IETldCache
[2009/12/03 20:56:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/03 18:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/12/02 07:29:37 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/12/02 07:29:37 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/02 07:29:37 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/12/02 07:29:37 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/02 07:29:37 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/12/02 07:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/02 07:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/01 19:20:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rane Family\Local Settings\Application Data\aeqktw
[2009/11/24 21:09:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rane Family\Local Settings\Application Data\Mozilla
[2009/11/24 21:09:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rane Family\Application Data\Mozilla
[2009/11/24 21:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/03 21:08:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Rane Family\Desktop\HijackThis.lnk
[2009/12/03 21:06:31 | 00,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/03 21:06:31 | 00,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/03 21:06:31 | 00,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 21:02:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 21:02:26 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/12/03 21:01:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/03 21:01:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/03 21:01:00 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Rane Family\NTUSER.DAT
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 07:29:48 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/12/01 20:18:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rane Family\ntuser.ini
[2009/12/01 20:18:14 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Rane Family\Local Settings\Application Data\IconCache.db
[2009/11/30 22:21:20 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\Rane Family\My Documents\Untitled.nbi
[2009/11/24 21:09:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/24 21:09:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 20:16:57 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/03 21:08:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Rane Family\Desktop\HijackThis.lnk
[2009/12/02 07:29:48 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/30 22:39:44 | 73,522,3808 | ---- | C] () -- C:\Documents and Settings\Rane Family\Desktop\zoom-good.avi
[2009/11/24 21:09:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/24 21:09:41 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/23 20:16:57 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/10/12 19:18:57 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}_WiseFW.ini
[2009/06/07 17:04:36 | 00,017,582 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2009/05/15 15:19:11 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/15 13:45:44 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Rane Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 15:03:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/04/30 15:02:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/30 15:02:27 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2001/07/31 10:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009/08/31 19:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/10/06 21:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/10/12 19:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/11/30 18:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2009/08/31 19:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\ACD Systems
[2009/10/06 21:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\Cisco
[2009/05/23 06:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\Leadertech
[2009/09/16 21:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\TeamViewer
[2009/05/23 06:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rane Family\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2008/07/20 21:44:44 | 00,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >



OTL Extras logfile created on: 12/4/2009 11:30:05 AM - Run 1
OTL by OldTimer - Version 3.1.11.5 Folder = C:\Documents and Settings\Rane Family\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 512.89 Mb Available Physical Memory | 50.56% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 278.77 Gb Free Space | 93.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAYCED520
Current User Name: Rane Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-299502267-630328440-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0D52EF-D7FE-495E-AFD0-BC34E832A6A5}" = LeapFrog Connect
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28AAE6A5-B887-4E19-B06C-E367F3C43EDB}" = Cisco AnyConnect VPN Client
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}" = NetGear PS121v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B18CEC65-463D-49CA-9D5F-19B63E48015D}" = Diskeeper Professional Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF461F1E-61C0-4AE9-B469-2A0A433BB8F0}" = LeapFrog My Pals Plugin
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Burn4Free" = Burn4Free CD and DVD
"Digital Editions" = Adobe Digital Editions
"DreamAqua" = Dream Aquarium
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NB40" = NewsBin Pro 4.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickPar" = QuickPar 0.9
"RealVNC_is1" = VNC Enterprise Edition E4.3.1
"TeamViewer 4" = TeamViewer 4
"UPCShell" = LeapFrog Connect
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.9
"VNCMirror_is1" = VNC Mirror Driver 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-630328440-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2009 1:26:28 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/7/2009 1:26:28 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/7/2009 1:26:28 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/7/2009 1:26:28 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/7/2009 1:26:28 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/7/2009 1:26:31 AM | Computer Name = KAYCED520 | Source = vpndownloader | ID = 50659329
Description =

Error - 10/11/2009 11:23:24 PM | Computer Name = KAYCED520 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.9.0, faulting module libvlccore.dll,
version 0.9.9.0, fault address 0x00074447.

Error - 11/7/2009 10:46:11 PM | Computer Name = KAYCED520 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 7.0.8.218, faulting module
unknown, version 0.0.0.0, fault address 0x24002bcb.

Error - 11/15/2009 3:09:10 AM | Computer Name = KAYCED520 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2009 11:30:23 AM | Computer Name = KAYCED520 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ Cisco AnyConnect VPN Client Events ]
Error - 11/30/2009 10:09:11 PM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 11/30/2009 10:09:11 PM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/2/2009 12:18:53 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/2/2009 12:18:53 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/3/2009 10:43:21 PM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/3/2009 10:43:21 PM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/4/2009 12:40:34 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/4/2009 12:40:34 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/4/2009 1:01:31 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 12/4/2009 1:01:31 AM | Computer Name = KAYCED520 | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

[ System Events ]
Error - 12/4/2009 2:08:56 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:09:30 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:10:02 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:10:34 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:11:05 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:11:40 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:12:10 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:12:39 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 2:13:07 AM | Computer Name = KAYCED520 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/4/2009 3:13:57 PM | Computer Name = KAYCED520 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.31.141 for the Network Card with network
address 001E4CBE9EB7 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:16 PM

Posted 04 December 2009 - 07:04 PM

How about the Gmer log?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 montanarane

montanarane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 05 December 2009 - 03:15 AM

oops, here it is;

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 00:12:33
Windows 5.1.2600 Service Pack 3
Running: eg6b8hji.exe; Driver: C:\DOCUME~1\RANEFA~1\LOCALS~1\Temp\uwdyipog.sys


---- System - GMER 1.0.15 ----

SSDT F7CE3C9E ZwCreateKey
SSDT F7CE3C94 ZwCreateThread
SSDT F7CE3CA3 ZwDeleteKey
SSDT F7CE3CAD ZwDeleteValueKey
SSDT F7CE3CB2 ZwLoadKey
SSDT F7CE3C80 ZwOpenProcess
SSDT F7CE3C85 ZwOpenThread
SSDT F7CE3CBC ZwReplaceKey
SSDT F7CE3CB7 ZwRestoreKey
SSDT F7CE3CA8 ZwSetValueKey
SSDT F7CE3C8F ZwTerminateProcess

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA330100007706010000000020\Usage@PDFMakerForIE 998507961

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:16 PM

Posted 05 December 2009 - 10:27 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 montanarane

montanarane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 05 December 2009 - 10:49 AM

ComboFix 09-12-04.05 - Rane Family 12/05/2009 7:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.359 [GMT -8:00]
Running from: c:\documents and settings\Rane Family\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-04 05:08 . 2009-12-04 05:08 -------- d-----w- c:\program files\Trend Micro
2009-12-04 05:02 . 2009-12-04 05:02 -------- d-sh--w- c:\documents and settings\Rane Family\PrivacIE
2009-12-04 05:01 . 2009-12-04 05:01 -------- d-sh--w- c:\documents and settings\Rane Family\IETldCache
2009-12-04 04:56 . 2009-12-04 04:58 -------- dc-h--w- c:\windows\ie8
2009-12-04 04:15 . 2009-12-04 04:15 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 04:13 . 2009-12-04 04:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-04 02:58 . 2009-12-04 02:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-02 15:29 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-02 15:29 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 15:29 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-02 15:29 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-02 15:29 . 2009-12-02 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-02 15:29 . 2009-12-02 15:29 -------- d-----w- c:\program files\Avira
2009-12-02 03:20 . 2009-12-02 04:18 -------- d-----w- c:\documents and settings\Rane Family\Local Settings\Application Data\aeqktw
2009-12-01 02:09 . 2009-12-01 02:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer
2009-11-25 05:09 . 2009-11-25 05:09 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 05:09 . 2009-11-25 05:09 -------- d-----w- c:\documents and settings\Rane Family\Local Settings\Application Data\Mozilla
2009-11-14 18:40 . 2009-11-14 18:40 -------- d-----w- C:\TROUBLE_THE_WATER
2009-11-06 01:58 . 2009-11-06 01:58 -------- d-----w- c:\documents and settings\Rane Family\Application Data\Malwarebytes
2009-11-06 01:58 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 01:58 . 2009-11-06 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 01:58 . 2009-12-04 04:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 01:58 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 06:16 . 2009-11-04 02:48 -------- d-----w- c:\program files\nbpro
2009-11-14 18:39 . 2009-10-16 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-06 02:16 . 2009-09-17 05:52 -------- d-----w- c:\program files\TeamViewer
2009-11-04 03:06 . 2009-11-04 03:06 -------- d-----w- c:\program files\QuickPar
2009-11-04 02:49 . 2009-11-04 02:49 12499 ----a-w- c:\windows\system32\Seagate.bin
2009-10-27 03:02 . 2009-10-27 02:59 -------- d-----w- c:\program files\Burn4Free
2009-10-25 07:10 . 2009-06-05 16:38 -------- d-----w- c:\documents and settings\Rane Family\Application Data\dvdcss
2009-10-16 14:15 . 2009-10-16 14:15 -------- d-----w- c:\program files\DVD Shrink
2009-10-13 03:19 . 2009-10-13 03:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-13 03:19 . 2009-10-13 03:16 -------- d-----w- c:\program files\LeapFrog
2009-10-13 03:18 . 2009-10-13 03:18 27998048 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-10-13 03:16 . 2009-10-13 03:16 2731848 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe
2009-10-13 03:16 . 2009-10-13 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-10-07 05:27 . 2009-10-07 05:27 -------- d-----w- c:\documents and settings\Rane Family\Application Data\Cisco
2009-10-07 05:26 . 2009-10-07 05:26 -------- d-----w- c:\program files\Cisco
2009-10-07 05:26 . 2009-10-07 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-12-22 180312]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2007-05-23 696320]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-08-28 398672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbamer.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-5-23 25214]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/2/2009 7:29 AM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/2/2009 7:29 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/2/2009 7:29 AM 434945]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/7/2009 4:50 AM 185640]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/10/2008 4:03 PM 417464]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [9/17/2009 6:24 PM 12032]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [9/17/2009 6:24 PM 39424]
S0 cerc6;cerc6; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UWDYIPOG
*Deregistered* - uwdyipog
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://209.220.177.194/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Rane Family\Application Data\Mozilla\Firefox\Profiles\1astnmkw.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe verbose



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 07:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(916)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-12-05 07:47
ComboFix-quarantined-files.txt 2009-12-05 15:47

Pre-Run: 300,182,085,632 bytes free
Post-Run: 300,317,708,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 76284DB9E1595F62F595BAEA8009A900

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:16 PM

Posted 05 December 2009 - 11:29 AM

Follow the instruction in this link to reset IE.
http://support.microsoft.com/kb/923737

Let me know what issues remain after taking this step.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 montanarane

montanarane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 05 December 2009 - 12:14 PM

No issues remain as far as I can tell. Were all the logs clean?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:16 PM

Posted 05 December 2009 - 01:26 PM

Yeah, I didn't see any indication of malware in your logs. If you did pick something up your current security programs must have dealt with it successfully.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users