Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pupil of PC's DDS log


  • This topic is locked This topic is locked
13 replies to this topic

#1 Pupil of PC

Pupil of PC

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 06 January 2010 - 07:46 PM

Split from this topic: http://www.bleepingcomputer.com/forums/t/284043/no-wallpaper/ from which referred to HJT forum. ~ OB

Here is the DDS file but how do I upload the other two files?


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 17:00:37.81 on 06/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1205 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DISC\DiscStreamHub.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Computer Stuff\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: []
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\hp_adm~1.liv\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-3-4 185704]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-3-4 239264]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-3-4 177512]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-4 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-3-24 128112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100106.002\NAVENG.Sys [2010-1-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100106.002\NavEx15.Sys [2010-1-6 1323568]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-2-4 334984]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-3-4 83304]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-2-17 198368]

=============== Created Last 30 ================

2010-01-06 01:56:21 0 d-----w- c:\program files\Cobian Backup 9
2010-01-05 21:28:49 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Malwarebytes
2010-01-05 21:28:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 21:28:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:48:05 0 d-----w- c:\program files\Uniblue
2010-01-05 20:48:05 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Uniblue
2010-01-05 20:48:05 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2010-01-05 20:47:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-05 01:42:08 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-05 01:41:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-05 01:41:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-05 01:41:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-05 01:39:39 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-05 01:39:33 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-05 01:39:33 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-05 01:39:33 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-05 01:39:33 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:24:38 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 03:15:37 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\WinBatch
2010-01-04 03:08:35 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-01-04 03:08:35 0 d-----w- c:\windows\system32\ENU
2010-01-04 02:56:44 1902 ------w- c:\windows\system32\SetupBD.din
2010-01-04 02:51:58 0 d-----w- c:\windows\system32\LogFiles
2010-01-04 02:36:22 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\HpUpdate
2010-01-03 02:00:02 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-03 01:43:24 41149 ----a-w- c:\windows\system32\nvapps.nvb
2010-01-02 15:02:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-02 15:02:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 14:56:31 16832288 ----a-w- C:\Java-6u17-windows-i586-s.exe
2010-01-02 14:38:56 0 d-----r- c:\docume~1\hp_adm~1.liv\applic~1\Brother
2010-01-02 14:19:20 0 d-----w- c:\windows\system32\scripting
2010-01-02 14:19:19 0 d-----w- c:\windows\system32\en
2010-01-02 14:19:19 0 d-----w- c:\windows\system32\bits
2010-01-02 14:01:22 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-02 14:01:22 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-02 14:01:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-02 14:01:22 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-02 14:01:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-02 14:01:22 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-02 14:00:52 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-02 05:01:59 20992 ------w- c:\windows\system32\faxpatch.exe
2010-01-02 04:52:42 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-02 04:52:37 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-02 04:52:28 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-02 04:52:19 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-02 04:52:18 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-02 04:49:55 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-02 04:49:55 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-02 04:49:54 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-02 04:42:59 0 d-----w- c:\windows\system32\PreInstall
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Symantec
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Intuit
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Digital Interactive Systems Corporation
2010-01-02 04:31:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-02 04:28:30 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-02 04:28:30 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-02 04:28:27 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-02 04:28:25 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-02 04:28:23 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-02 04:28:23 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-02 04:28:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-02 04:28:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-02 04:28:18 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-02 04:28:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-02 02:58:18 0 d-sh--r- c:\windows\system32\dllcache
2010-01-02 02:29:26 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\HPQ
2010-01-02 02:10:22 0 d-sh--w- c:\documents and settings\hp_administrator.living_room\UserData
2010-01-02 01:58:00 0 d-----w- c:\program files\SymNetDrv
2010-01-02 01:41:00 0 d-sh--w- C:\cmdcons
2010-01-02 01:40:39 0 d-----w- c:\windows\setupupd
2010-01-02 01:39:16 1935 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL406AA-ABA M7350N_YC_0Pavi_QMXK551_E61NAemMPC1_48_IEMERY_SASUSTek Computer INC._V1.05_B3.15_T060623_WXP2_L409_M2047_J250_7Intel_8Pentium D_92.8_#060122_N808627DC_Z11C10620_G10DE0162.MRK
2010-01-01 20:59:49 24 ----a-w- c:\windows\csrrss.ini
2010-01-01 20:59:39 1 ----a-w- C:\s
2009-12-30 18:22:39 0 d-----w- c:\program files\CPUID
2009-12-28 02:33:36 0 d-----w- c:\program files\Windows Mobile Device Handbook
2009-12-26 18:09:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Zeon
2009-12-26 17:55:48 93 ----a-w- c:\windows\brpcfx.ini
2009-12-26 17:55:48 242 ----a-w- c:\windows\Brpfx04a.ini
2009-12-26 17:55:34 419 ----a-w- c:\windows\BRWMARK.INI
2009-12-26 17:53:27 0 ----a-w- c:\windows\brdfxspd.dat
2009-12-26 17:53:07 0 d-----w- c:\program files\Brother
2009-12-26 17:50:38 0 d-----w- c:\program files\Nuance
2009-12-26 17:50:12 31767 ----a-w- c:\windows\maxlink.ini
2009-12-26 17:49:13 0 d-----w- c:\program files\common files\ScanSoft Shared
2009-12-26 17:49:07 0 d-----w- c:\program files\ScanSoft
2009-12-26 17:48:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2005-01-21 00:53:22 45056 ------r- c:\program files\SetAttrib.exe
2009-05-17 03:52:22 868352 --sha-w- c:\windows\system32\config\systemprofile\iecompatcache\index.dat
2009-05-17 03:52:18 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-17 03:48:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-05-17 03:48:00 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 17:01:33.18 ===============

Thanks. Here are the other two files.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 06 January 2010 - 09:31 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:48 AM

Posted 14 January 2010 - 09:26 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 15 January 2010 - 03:32 PM

here are the dds files you requested. Nothing is resolved.

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 16 January 2010 - 12:10 PM

Please perform a rootkit scan for me.

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 17 January 2010 - 09:02 AM

Here are the results from the GMER scan. Thanks

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 08:43:16
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\HP_ADM~1.LIV\LOCALS~1\Temp\pwddapog.sys


---- System - GMER 1.0.15 ----

SSDT 893E01A8 ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\lulock.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\tmp52d9.tmp 0 bytes
File C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\tmp6254.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 17 January 2010 - 02:25 PM

We'll start with Combofix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 17 January 2010 - 08:15 PM

Here it is.

ComboFix 10-01-16.04 - HP_Administrator 17/01/2010 19:42:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -5:00]
Running from: c:\computer stuff\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1.LIV\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Start Menu\Programs\Uninstall.lnk
c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\swnrqq
c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\swnrqq\ffyksysguard.exe
c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-2395319781-3247276107-1041264203-1008
c:\recycler\S-1-5-21-2717900225-1926480639-1875831143-1008
c:\recycler\S-1-5-21-2717900225-1926480639-1875831143-500
C:\s
C:\Thumbs.db
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\Install.txt
c:\windows\kb913800.exe
c:\windows\system32\ps2.bat
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-14 13:31 . 2010-01-14 13:31 -------- d-----w- c:\program files\Uniblue
2010-01-14 13:27 . 2010-01-14 13:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-14 04:35 . 2009-12-18 19:50 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-14 04:35 . 2009-12-18 19:50 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-14 04:35 . 2009-12-18 19:50 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-14 04:35 . 2009-12-18 19:50 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-14 04:35 . 2009-12-18 19:50 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-14 04:35 . 2009-12-18 19:50 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-14 04:09 . 2010-01-14 04:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-12 11:21 . 2010-01-12 11:21 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Memorex
2010-01-11 21:32 . 2010-01-11 21:32 -------- d-----w- c:\program files\Common Files\L&H
2010-01-11 21:28 . 2010-01-11 21:28 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Template
2010-01-11 01:03 . 2010-01-11 01:03 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\HP
2010-01-11 01:03 . 2010-01-11 01:03 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\IsolatedStorage
2010-01-11 01:03 . 2010-01-11 01:03 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\HP
2010-01-09 23:55 . 2010-01-11 02:17 -------- d-----w- c:\program files\IKEA Home Planner Kitchen
2010-01-06 11:44 . 2010-01-06 11:44 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\AdobeUM
2010-01-06 11:43 . 2010-01-06 11:43 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Adobe
2010-01-06 01:56 . 2010-01-06 20:34 -------- d-----w- c:\program files\Cobian Backup 9
2010-01-05 21:28 . 2010-01-05 21:28 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Malwarebytes
2010-01-05 21:28 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 21:28 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:48 . 2010-01-14 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-05 20:48 . 2010-01-05 20:48 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Uniblue
2010-01-05 01:42 . 2010-01-05 01:42 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Logitech
2010-01-05 01:42 . 2010-01-05 01:42 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Leadertech
2010-01-05 01:42 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-05 01:39 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-05 01:39 . 2009-07-20 17:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-05 01:39 . 2009-07-20 17:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-05 01:39 . 2009-07-20 17:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-05 01:39 . 2009-07-20 17:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:24 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 03:15 . 2010-01-04 03:15 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\WinBatch
2010-01-04 03:08 . 2010-01-04 03:08 -------- d-----w- c:\windows\system32\ENU
2010-01-04 03:08 . 2006-03-09 13:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-01-04 02:51 . 2010-01-04 02:51 -------- d-----w- c:\windows\system32\LogFiles
2010-01-04 02:36 . 2010-01-10 03:34 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\HpUpdate
2010-01-03 06:07 . 2010-01-03 06:07 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Apple
2010-01-03 06:06 . 2010-01-03 06:06 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Apple Computer
2010-01-03 03:30 . 2010-01-03 03:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec
2010-01-03 02:00 . 2009-12-16 22:35 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-02 21:48 . 2010-01-02 21:48 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Identities
2010-01-02 15:02 . 2010-01-02 15:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 14:56 . 2010-01-02 14:56 16832288 ----a-w- C:\Java-6u17-windows-i586-s.exe
2010-01-02 14:38 . 2010-01-02 14:38 -------- d-----r- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Brother
2010-01-02 14:19 . 2010-01-02 14:19 -------- d-----w- c:\windows\system32\scripting
2010-01-02 14:19 . 2010-01-02 14:19 -------- d-----w- c:\windows\system32\en
2010-01-02 14:19 . 2010-01-02 14:19 -------- d-----w- c:\windows\system32\bits
2010-01-02 14:01 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-02 14:01 . 2009-10-29 07:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-02 14:01 . 2009-10-29 07:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-02 14:01 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-02 14:01 . 2009-10-29 07:45 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-02 14:01 . 2009-10-29 07:45 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-02 14:00 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-02 05:04 . 2010-01-02 05:04 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Netscape
2010-01-02 05:01 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\faxpatch.exe
2010-01-02 04:52 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-02 04:52 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-02 04:52 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-02 04:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-02 04:52 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-02 04:49 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-02 04:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-02 04:49 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-02 04:32 . 2009-05-17 03:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-01-02 04:32 . 2009-05-17 03:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-02 04:32 . 2009-05-17 03:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-02 04:32 . 2005-12-09 05:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-01-02 04:32 . 2005-12-09 05:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-01-02 04:32 . 2005-12-09 05:17 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-01-02 04:32 . 2005-12-09 05:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Digital Interactive Systems Corporation
2010-01-02 04:32 . 2009-05-17 03:48 -------- d-sh--w- c:\documents and settings\Default User\IECompatCache
2010-01-02 04:32 . 2009-05-17 03:47 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2010-01-02 04:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-02 04:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-02 04:28 . 2001-08-18 06:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-02 04:28 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-02 04:28 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-02 04:28 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-02 04:28 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-02 04:28 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-02 04:28 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-02 04:28 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-02 02:58 . 2010-01-14 13:40 -------- d-sh--r- c:\windows\system32\dllcache
2010-01-02 02:29 . 2010-01-02 02:29 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\HPQ
2010-01-02 02:10 . 2010-01-02 02:10 -------- d-sh--w- c:\documents and settings\HP_Administrator.LIVING_ROOM\UserData
2010-01-02 01:59 . 2010-01-02 01:59 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Mozilla
2010-01-02 01:58 . 2010-01-02 01:58 -------- d-----w- c:\program files\SymNetDrv
2010-01-01 21:00 . 2010-01-01 21:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\iegsjk
2010-01-01 20:23 . 2010-01-01 20:33 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ImgBurn
2009-12-30 23:23 . 2009-12-30 23:23 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Brother
2009-12-30 18:22 . 2009-12-30 18:22 -------- d-----w- c:\program files\CPUID
2009-12-28 02:33 . 2009-12-28 02:33 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-12-26 18:22 . 2009-12-26 18:22 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Scansoft
2009-12-26 18:09 . 2009-12-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Zeon
2009-12-26 18:09 . 2009-12-26 18:09 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Zeon
2009-12-26 18:09 . 2009-12-26 18:09 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ScanSoft
2009-12-26 17:53 . 2003-11-28 23:57 0 ----a-w- c:\windows\brdfxspd.dat
2009-12-26 17:53 . 2009-12-26 17:53 -------- d-----w- c:\program files\Brother
2009-12-26 17:52 . 2009-12-26 17:52 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\InstallShield
2009-12-26 17:50 . 2009-12-26 17:50 -------- d-----w- c:\program files\Nuance
2009-12-26 17:49 . 2009-12-26 17:49 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-12-26 17:49 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-12-26 17:49 . 2009-12-26 17:49 -------- d-----w- c:\program files\ScanSoft
2009-12-26 17:48 . 2009-12-26 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-12-24 21:18 . 2009-12-24 21:54 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\jnvlwe
2009-12-19 12:09 . 2009-05-17 03:45 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 00:58 . 2005-12-09 05:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-16 20:07 . 2007-12-12 00:38 218 ----a-w- c:\windows\PowerReg.dat
2010-01-13 11:48 . 2005-12-09 05:36 -------- d-----w- c:\program files\Norton Internet Security
2010-01-12 11:21 . 2010-01-12 11:21 126976 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Memorex\ChangeIcon.exe
2010-01-11 22:14 . 2005-12-09 05:03 51384 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 21:33 . 2005-12-09 05:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-11 21:28 . 2010-01-11 21:28 0 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\wklnhst.dat
2010-01-05 23:34 . 2009-04-03 00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 02:54 . 2008-11-10 14:22 -------- d-----w- c:\program files\Shareaza
2010-01-05 01:41 . 2010-01-05 01:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-05 01:41 . 2010-01-05 01:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-05 01:41 . 2010-01-05 01:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-04 02:36 . 2005-12-09 04:54 -------- d-----w- c:\program files\HP
2010-01-04 02:36 . 2005-12-09 05:11 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-03 06:08 . 2008-07-10 23:30 -------- d-----w- c:\program files\QuickTime
2010-01-03 06:07 . 2007-08-20 03:39 -------- d-----w- c:\program files\Common Files\Apple
2010-01-02 15:02 . 2010-01-02 14:54 152576 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 15:02 . 2010-01-02 14:53 79488 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 14:22 . 2005-08-31 12:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-02 14:21 . 2010-01-02 14:21 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-01-02 14:21 . 2010-01-02 14:21 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-01-02 14:21 . 2010-01-02 14:21 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-02 14:21 . 2010-01-02 14:21 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-01-02 14:21 . 2010-01-02 14:21 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-01-02 14:21 . 2010-01-02 14:21 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-01-02 14:21 . 2010-01-02 14:21 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-01-02 14:21 . 2010-01-02 14:21 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-01-02 05:40 . 2009-12-17 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-02 05:21 . 2010-01-02 04:34 151 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\fusioncache.dat
2010-01-02 04:53 . 2010-01-02 04:53 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-02 02:52 . 2010-01-02 02:52 1956072 ----a-w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-02 01:58 . 2005-12-09 05:34 -------- d-----w- c:\program files\Symantec
2010-01-02 01:45 . 2010-01-02 04:34 -------- d-----w- c:\documents and settings\HP_Administrator.LIVING_ROOM\Application Data\Symantec
2010-01-02 01:39 . 2010-01-02 01:39 1935 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL406AA-ABA M7350N_YC_0Pavi_QMXK551_E61NAemMPC1_48_IEMERY_SASUSTek Computer INC._V1.05_B3.15_T060623_WXP2_L409_M2047_J250_7Intel_8Pentium D_92.8_#060122_N808627DC_Z11C10620_G10DE0162.MRK
2010-01-01 22:46 . 2009-06-07 03:33 -------- d-----w- c:\program files\PeerGuardian2
2010-01-01 20:05 . 2007-01-20 01:07 -------- d-----w- c:\program files\ImgBurn
2009-12-29 05:25 . 2009-08-03 04:22 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
2009-12-27 21:19 . 2009-10-28 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-24 22:34 . 2008-09-13 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-24 21:11 . 2009-05-22 10:14 524 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
2009-12-21 20:30 . 2009-12-11 13:21 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-20 15:22 . 2005-12-09 04:50 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-18 19:50 . 2007-08-28 06:59 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-18 19:50 . 2005-12-09 04:50 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-18 19:50 . 2005-12-09 04:50 6285184 ----a-w- c:\windows\system32\nv4_disp.dll
2009-12-18 19:50 . 2005-12-09 04:50 219752 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-18 19:50 . 2005-12-09 04:50 219752 ----a-w- c:\windows\system32\nvcod.dll
2009-12-18 19:50 . 2005-12-09 04:50 10237504 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-17 00:25 . 2009-12-17 00:25 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-09 15:45 . 2009-12-09 15:45 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Media Player Classic
2009-12-09 15:44 . 2006-04-24 23:05 -------- d-----w- c:\program files\DivX
2009-12-01 01:16 . 2009-09-22 00:16 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 01:35 . 2009-11-04 01:35 152576 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:45 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2005-01-21 00:53 . 2008-12-21 06:05 45056 ------r- c:\program files\SetAttrib.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2010-01-02 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-05 7307264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-24 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-12-9 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\HP_Administrator.LIVING_ROOM\\Desktop\\Shareaza.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [04/01/2010 8:42 PM 10384]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:16]

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-01-02 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2010-01-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-01-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 19:47]

2010-01-18 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~2\Messages\SDNotify.exe [2009-11-10 16:21]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{096C126F-7746-4CA6-B12F-810454F477E0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{8D270A9A-0857-4756-A3C4-6130A5A3BC71}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{95EFF53D-5BCB-46D9-8F32-797028C2C821}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{D2A4C081-4272-4CC2-B1FC-90977B477719}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 19:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(5896)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.LIV\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscGui.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-01-17 20:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-18 01:07

Pre-Run: 9,415,749,632 bytes free
Post-Run: 12,484,136,960 bytes free

- - End Of File - - 27B6CA3B032C797C87C347A9CCBF5E4A


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 18 January 2010 - 04:06 PM

Hello again.

Let's get an online scan...

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 19 January 2010 - 06:43 AM

Here is the Kaspersky Report. Do I have to remove the problem files before sending another DDS report? Thank you.


KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 19, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, January 18, 2010 23:12:06
Records in database: 3330924


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics
Objects scanned 213103
Threats found 3
Infected objects found 2
Suspicious objects found 4
Scan duration 05:27:13

File name Threat Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\old emails\1Deleted Items.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\old emails\1Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\HP_Administrator.LIVING_ROOM\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Deleted Items.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2ACA292E.exe Infected: Packed.Win32.Katusha.j 1

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5FD844CC.exe Infected: Trojan.Win32.Inject.admx 1

Selected area has been scanned.



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 20 January 2010 - 03:56 PM

Hello.

Let's empty out this folder:

Navigate to the following folder and delete everything in there:

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine <- Delete everything in this folder

--
Then I see some infected Outlook mails. Some apperas to be backup but one of them is from the delete Items box and I suggest you manually empty some of your mails out or delete the backup ones if you don't require it.

Other than that, let's Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 20 January 2010 - 09:15 PM

I have attached the two files. I do not seem to be any farther ahead as I am still not able to see the wallpaper that I apply.

Thank you.

#12 Pupil of PC

Pupil of PC
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 20 January 2010 - 09:20 PM

I am getting the following error when I try to attach the files.

Upload failed. The file was larger than the available space

I will try posting them.



DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 21:12:20.33 on 20/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1389 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\DISC\DiscStreamHub.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Computer Stuff\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-3-4 185704]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-3-4 239264]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-3-4 177512]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-4 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-3-24 128112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100120.005\NAVENG.Sys [2010-1-20 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100120.005\NavEx15.Sys [2010-1-20 1323568]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2005-2-4 334984]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-3-4 83304]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2005-2-17 198368]

=============== Created Last 30 ================

2010-01-19 11:29:41 4589 ----a-w- C:\Kaspersky Scan.html
2010-01-18 00:41:30 98816 ----a-w- c:\windows\sed.exe
2010-01-18 00:41:30 77312 ----a-w- c:\windows\MBR.exe
2010-01-18 00:41:30 261632 ----a-w- c:\windows\PEV.exe
2010-01-18 00:41:30 161792 ----a-w- c:\windows\SWREG.exe
2010-01-14 13:31:33 0 d-----w- c:\program files\Uniblue
2010-01-14 13:27:18 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-14 04:35:47 9046 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-14 04:35:47 69632 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-14 04:35:47 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-14 04:35:47 2293286 ----a-w- c:\windows\system32\nvdata.bin
2010-01-14 04:35:47 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-14 04:35:47 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-14 04:35:47 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-14 04:09:37 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-12 11:21:26 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Memorex
2010-01-11 21:32:40 0 d-----w- c:\program files\common files\L&H
2010-01-11 21:28:03 0 ----a-w- c:\docume~1\hp_adm~1.liv\applic~1\wklnhst.dat
2010-01-11 21:13:11 0 d-----w- c:\windows\system32\appmgmt
2010-01-09 23:55:18 0 d-----w- c:\program files\IKEA Home Planner Kitchen
2010-01-06 01:56:21 0 d-----w- c:\program files\Cobian Backup 9
2010-01-05 21:28:49 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Malwarebytes
2010-01-05 21:28:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 21:28:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 20:48:05 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Uniblue
2010-01-05 20:48:05 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2010-01-05 01:42:08 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-05 01:41:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-05 01:41:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-05 01:41:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-05 01:39:39 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-05 01:39:33 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-05 01:39:33 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-05 01:39:33 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-05 01:39:33 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:24:38 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 03:15:37 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\WinBatch
2010-01-04 03:08:35 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-01-04 03:08:35 0 d-----w- c:\windows\system32\ENU
2010-01-04 02:56:44 1902 ------w- c:\windows\system32\SetupBD.din
2010-01-04 02:51:58 0 d-----w- c:\windows\system32\LogFiles
2010-01-04 02:36:22 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\HpUpdate
2010-01-03 02:00:02 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-02 15:02:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-02 15:02:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 14:56:31 16832288 ----a-w- C:\Java-6u17-windows-i586-s.exe
2010-01-02 14:38:56 0 d-----r- c:\docume~1\hp_adm~1.liv\applic~1\Brother
2010-01-02 14:19:20 0 d-----w- c:\windows\system32\scripting
2010-01-02 14:19:19 0 d-----w- c:\windows\system32\en
2010-01-02 14:19:19 0 d-----w- c:\windows\system32\bits
2010-01-02 14:01:22 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-02 14:01:22 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-02 14:01:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-02 14:01:22 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-02 14:01:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-02 14:01:22 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-02 14:00:52 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-02 05:01:59 20992 ------w- c:\windows\system32\faxpatch.exe
2010-01-02 04:52:42 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-02 04:52:37 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-02 04:52:28 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-02 04:52:19 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-02 04:52:18 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-02 04:49:55 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-02 04:49:55 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-02 04:49:54 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-02 04:42:59 0 d-----w- c:\windows\system32\PreInstall
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Symantec
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Intuit
2010-01-02 04:34:15 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\Digital Interactive Systems Corporation
2010-01-02 04:31:25 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-02 04:28:30 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-02 04:28:30 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-02 04:28:27 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-02 04:28:25 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-02 04:28:23 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-02 04:28:23 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-02 04:28:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-02 04:28:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-02 04:28:18 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-02 04:28:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-02 02:58:18 0 d-sh--r- c:\windows\system32\dllcache
2010-01-02 02:29:26 0 d-----w- c:\docume~1\hp_adm~1.liv\applic~1\HPQ
2010-01-02 02:10:22 0 d-sh--w- c:\documents and settings\hp_administrator.living_room\UserData
2010-01-02 01:58:00 0 d-----w- c:\program files\SymNetDrv
2010-01-02 01:41:00 0 d-sha-r- C:\cmdcons
2010-01-02 01:40:39 0 d-----w- c:\windows\setupupd
2010-01-02 01:39:16 1935 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EL406AA-ABA M7350N_YC_0Pavi_QMXK551_E61NAemMPC1_48_IEMERY_SASUSTek Computer INC._V1.05_B3.15_T060623_WXP2_L409_M2047_J250_7Intel_8Pentium D_92.8_#060122_N808627DC_Z11C10620_G10DE0162.MRK
2010-01-01 20:59:49 24 ----a-w- c:\windows\csrrss.ini
2009-12-30 18:22:39 0 d-----w- c:\program files\CPUID
2009-12-28 02:33:36 0 d-----w- c:\program files\Windows Mobile Device Handbook
2009-12-26 18:09:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Zeon
2009-12-26 17:55:48 93 ----a-w- c:\windows\brpcfx.ini
2009-12-26 17:55:48 242 ----a-w- c:\windows\Brpfx04a.ini
2009-12-26 17:55:34 419 ----a-w- c:\windows\BRWMARK.INI
2009-12-26 17:53:27 0 ----a-w- c:\windows\brdfxspd.dat
2009-12-26 17:53:07 0 d-----w- c:\program files\Brother
2009-12-26 17:50:38 0 d-----w- c:\program files\Nuance
2009-12-26 17:50:12 31767 ----a-w- c:\windows\maxlink.ini
2009-12-26 17:49:13 0 d-----w- c:\program files\common files\ScanSoft Shared
2009-12-26 17:49:07 0 d-----w- c:\program files\ScanSoft
2009-12-26 17:48:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother

==================== Find3M ====================

2009-12-20 15:22:10 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-12-18 19:50:52 6285184 ----a-w- c:\windows\system32\nv4_disp.dll
2009-12-18 19:50:52 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-18 19:50:52 219752 ----a-w- c:\windows\system32\nvcodins.dll
2009-12-18 19:50:52 219752 ----a-w- c:\windows\system32\nvcod.dll
2009-12-18 19:50:52 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-12-18 19:50:52 10237504 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2005-01-21 00:53:22 45056 ------r- c:\program files\SetAttrib.exe
2009-05-17 03:52:22 868352 --sha-w- c:\windows\system32\config\systemprofile\iecompatcache\index.dat
2009-05-17 03:52:18 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-17 03:48:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-05-17 03:48:00 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 21:13:06.87 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 01/01/2010 11:32:49 PM
System Uptime: 20/01/2010 8:44:00 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | EMERY
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 11.433 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.04 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 01/01/2010 11:18:54 PM - System Checkpoint
RP2: 01/01/2010 11:42:36 PM - Software Distribution Service 3.0
RP3: 02/01/2010 12:03:18 AM - Software Distribution Service 3.0
RP4: 02/01/2010 8:57:56 AM - Software Distribution Service 3.0
RP5: 02/01/2010 9:06:20 AM - Software Distribution Service 3.0
RP6: 02/01/2010 9:46:26 AM - Software Distribution Service 3.0
RP7: 02/01/2010 9:54:30 AM - Installed Java™ 6 Update 17
RP8: 02/01/2010 9:57:03 AM - Installed Java™ 6 Update 17
RP9: 02/01/2010 10:02:29 AM - Installed Java™ 6 Update 17
RP10: 02/01/2010 8:38:01 PM - Software Distribution Service 3.0
RP11: 02/01/2010 8:42:31 PM - Software Distribution Service 3.0
RP12: 02/01/2010 9:19:34 PM - Software Distribution Service 3.0
RP13: 03/01/2010 1:07:51 AM - Installed QuickTime
RP14: 03/01/2010 10:08:58 PM - Installed HP Product Assistant
RP15: 04/01/2010 6:24:43 AM - Software Distribution Service 3.0
RP16: 04/01/2010 8:38:36 PM - SetPoint 4.80
RP17: 05/01/2010 3:47:31 PM - Installed Uniblue DriverScanner v1.0
RP18: 06/01/2010 4:15:41 PM - System Checkpoint
RP19: 07/01/2010 5:28:22 PM - System Checkpoint
RP20: 08/01/2010 6:33:45 PM - System Checkpoint
RP21: 09/01/2010 11:55:36 PM - System Checkpoint
RP22: 11/01/2010 7:44:27 AM - System Checkpoint
RP23: 11/01/2010 4:13:10 PM - Removed TourSetup
RP24: 11/01/2010 4:15:21 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP25: 11/01/2010 4:21:36 PM - Removed Microsoft Office Standard Edition 2003
RP26: 11/01/2010 4:32:22 PM - Installed Microsoft Office XP Professional with FrontPage
RP27: 12/01/2010 5:33:36 PM - System Checkpoint
RP28: 13/01/2010 5:58:03 PM - System Checkpoint
RP29: 13/01/2010 10:04:54 PM - Software Distribution Service 3.0
RP30: 13/01/2010 11:06:32 PM - Restore Operation
RP31: 14/01/2010 8:27:18 AM - Installed Uniblue DriverScanner v1.0
RP32: 14/01/2010 8:37:29 AM - Software Distribution Service 3.0
RP33: 15/01/2010 9:19:24 AM - System Checkpoint
RP34: 16/01/2010 11:14:05 AM - System Checkpoint
RP35: 17/01/2010 2:29:46 PM - System Checkpoint
RP36: 18/01/2010 2:37:03 PM - System Checkpoint
RP37: 19/01/2010 6:45:59 AM - Installed Compatibility Pack for the 2007 Office system
RP38: 20/01/2010 8:00:29 AM - System Checkpoint

==== Installed Programs ======================

5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Application Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
CC_ccProxyExt
ccCommon
ccPxyCore
CDDRV_Installer
Chuzzle Deluxe from HP Media Center (remove only)
Cobian Backup 9
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
erLT
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
IKEA Home Planner Kitchen
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 17
KhalInstallWrapper
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Away Mode
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Monopoly Junior
Mozilla Firefox (3.0.17)
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
NVIDIA Drivers
NVIDIA nView Desktop Manager
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC
Status
Super Granny from HP Media Center (remove only)
Symantec Network Drivers Update
SymNet
Tradewinds from HP Media Center (remove only)
TrayApp
Uniblue DriverScanner 2009
Unload
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

17/01/2010 8:42:48 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
13/01/2010 9:59:26 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
13/01/2010 9:47:03 PM, error: System Error [1003] - Error code 100000ea, parameter1 87d42020, parameter2 8a558830, parameter3 bace3cbc, parameter4 00000001.
13/01/2010 9:09:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
13/01/2010 12:21:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
13/01/2010 10:49:16 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf9d719c, parameter3 a9c42204, parameter4 00000000.
13/01/2010 10:48:32 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf9d719c, parameter3 a922d6d4, parameter4 00000000.

==== End Of File ===========================


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 21 January 2010 - 03:27 PM

Hello.

QUOTE
J2SE Runtime Environment 5.0 Update 5

I suggest you remove that older version of Java through Add/Remove.

The logs look fine, not exactly sure what might be causing that problem. Perhaps you wish to start a topic in the Windows XP forum further on regarding that. We can wrap up on our side.
Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

If you have no more questions, comments or problems please tell us, so we can close off the topic.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 25 January 2010 - 12:50 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help smile.gif
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users