Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP Pop up errors


  • This topic is locked This topic is locked
21 replies to this topic

#1 Bumbury

Bumbury

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 21 January 2010 - 11:00 AM

hello i have windows XP Home and i ran a full PC antivirus (Kaspersky)scan last week and after the scan i rebooted and started to get these error windows:

All these windows show up with the described item below and this:

Isass.exe- Bad image
Services.exe
Explorer.exe
Rstru.exe
winpatrol.exe
realsched.exe
readersl.exe
applicationslauncher.exe
googletoolbarnotifier.exe

And then the msg ends with:

The Application or DLL C:\windows\system32\0023.DLL is not a valid Image please check image against your installation diskett.

I tried to run a system restore but was not able to as the system restore rebooted and came back system restore unable to restore to an earlier point.. And this is a first also.

I tried to reinstall some of the exacutables/software like the realmedia player and the google toolbar and win patrol but my pc still shows the error message..

The error window wont keep me from using the program i just have to hit OK to move on, but the window will stop loading the program until i click OK. after that it will run normally.

eg. i click IE to start it up and the POP up comes up...

explorer.exe- Bad Image
The Application or DLL C:\windows\ system32\0023.DLL is not a valid windows image please check this against your installation diskett

this happens anytime i try to access any windows program.

MY PC Set-up:
P4 2.8GH
1G RAM
WD180Gb HD
Nvidia GeForce 6600 512mb
Windows XP Home W/SP3


Here is a copy of my HighJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:59:02 AM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
E:\Win Patrol\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bellsouth.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinPatrol] E:\Win Patrol\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...MetaStream3.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://lms.jetnet.aa.com/wbt/r/r1/cab/awswaxd.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137718854546
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.ne...bls_speedop.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373p.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw+0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw-0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw-0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw00 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw00s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw10 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw10s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw20 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw20s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw30 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw30s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw40 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw40s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw50 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw50s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw60 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw60s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw70 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw70s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw80 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw80s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw90 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bw90s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwa0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwa0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwb0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwb0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwc0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwc0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwd0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwd0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwe0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwe0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwf0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwf0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwg0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwh0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwh0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwi0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwi0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwj0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwj0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwk0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwk0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwl0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwl0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwm0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwm0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwn0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwn0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwo0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwo0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwp0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwp0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwq0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwq0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwr0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwr0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bws0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bws0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwt0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwt0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwu0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwu0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwv0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwv0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bww0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bww0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwx0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwx0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwy0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwy0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwz0 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: bwz0s - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Protocol: offline-8876480 - {6F9C3C94-7F88-4437-9A17-9AEEA1C6A8DC} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\0023.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - F:\ADware2008\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 16489 bytes

Thanks for your time. Roy

I just relised i posted in the wrong forum and i cant delete the post.. I'll re post in the correct Forum... Srry

Edited by Bumbury, 21 January 2010 - 11:04 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:52 AM

Posted 27 January 2010 - 08:08 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 27 January 2010 - 08:29 PM

OK here is the DDS: and I converted the Attach file to a pdf and attached it to this post.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Roy at 20:19:07.51 on Wed 01/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition

5.1.2600.3.1252.1.1033.18.1023.646 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
E:\Win Patrol\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HTC\HTC Sync\Application

Launcher\Application Launcher.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Teleca

Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC

Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone

Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone

Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone

Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone

Monitor\FsynSrvStarter.exe
C:\Program Files\Hewlett-Packard\Digital

Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Roy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.home.bellsouth.net
uDefault_Page_URL = hxxp://home.bellsouth.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?

q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-

US&ie=utf8&oe=utf8
uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch =
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-

784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-

fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:

{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-

5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-

cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-

ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
TB: {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic

arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] e:\win patrol\winpatrol\winpatrol.exe -

expressboot
mRun: [TkBellExe] "c:\program files\common

files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program

files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32

\NvCpl.dll,NvStartup
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc

sync\application launcher\Application Launcher.exe"

/startoptions
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-

packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-

packard\digital imaging\bin\hpotdd01.exe
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_60D609770

7281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-

0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03

\bin\ssv.dll
DPF: DirectAnimation Java Classes
DPF: Garmin Communicator Plug-In -

hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -

hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -

hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.ca

b
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/Faceboo

kPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -

hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-

4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} -

hxxps://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWe

bAgent.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} -

hxxp://lms.jetnet.aa.com/wbt/r/r1/cab/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/direc

tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin

/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin

/sysreqlab_nvd.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wl

scbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/

x86/client/muweb_site.cab?1137718854546
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -

hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDete

ction.cab
DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} -

hxxp://www.fastaccess.drivers.bellsouth.net/software/DSLspeedto

ol/bls_speedop.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultr

ashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} -

hxxp://www.flipviewer.com/exe/fv373p.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} -

hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flas

h/swflash.cab
AppInit_DLLs: c:\windows\system32\0023.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-

94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {C60A0B68-1F3A-A1D2-C909-9A11A016D21A} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roy\applic~1

\mozilla\firefox\profiles\vkhh0nw0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - component: c:\documents and settings\roy\application

data\mozilla\firefox\profiles\vkhh0nw0.default\extensions\{3112

ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program

files\real\realplayer\browserrecord\firefox\ext\components\npr

pffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application

data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\roy\application

data\mozilla\firefox\profiles\vkhh0nw0.default\extensions\{e288

3e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google

updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\i tunes\mozilla plugins\npitunes.dll
FF - plugin: e:\palmce~1\packag~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2006-1

-16 61952]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys

[2006-1-16 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2006-1-

16 178688]
S2 aawservice;Lavasoft Ad-Aware Service;f:\adware2008

\aawservice.exe --> f:\adware2008\aawservice.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\roy\locals~1

\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\roy\locals~1

\temp\cpuz130\cpuz_x32.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32

\drivers\ANDROIDUSB.sys [2009-12-14 25728]
S3 JmtFltr;n52te;c:\windows\system32\drivers\jmtfltr.sys -->

c:\windows\system32\drivers\JmtFltr.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32

\gamemon.des -service --> c:\windows\system32\GameMon.des

-service [?]

=============== Created Last 30 ================

2010-01-25 00:53:49 138736 ----a-w-

c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 00:14:27 188968 ----a-w-

c:\windows\system32\PnkBstrB.exe
2010-01-25 00:14:26 75064 ----a-w-

c:\windows\system32\PnkBstrA.exe
2010-01-21 15:58:12 0 d-----w- c:\program

files\TrendMicro
2010-01-15 02:37:37 0 d-----w- c:\docume~1

\roy\applic~1\The Ringtone Maker Plus
2010-01-15 02:31:47 420240 ----a-w-

c:\windows\system32\mpg4c32.dll
2010-01-15 02:31:47 245760 ----a-w-

c:\windows\system32\mp4sds32.ax
2010-01-15 02:31:31 0 d-----w- c:\docume~1

\alluse~1\applic~1\MAGIX
2010-01-15 02:30:18 44544 ----a-w-

c:\windows\system32\msxml4a.dll
2010-01-15 02:30:17 0 d-----w- c:\program

files\common files\MAGIX Shared
2010-01-15 02:30:08 120200 ----a-w-

c:\windows\system32\DLLDEV32i.dll
2010-01-15 02:24:01 700416 ----a-w-

c:\windows\system32\mgxoschk.dll
2010-01-15 02:24:01 5937 ----a-w-

c:\windows\mgxoschk.ini
2010-01-15 02:24:01 0 d-----w-

c:\windows\system32\MAGIX
2010-01-13 01:00:16 0 dc-h--w- c:\windows\ie8
2010-01-12 23:43:44 471552 -c----w-

c:\windows\system32\dllcache\aclayers.dll
2010-01-12 03:50:16 22179 ----a-w-

c:\windows\system32\0023.DLL
2010-01-09 03:58:35 37376 ---ha-w-

c:\windows\system32\wexe.exe
2010-01-06 06:02:30 0 ---ha-w-

c:\windows\system32\wupd.dat
2010-01-06 06:02:23 6435 ----a-w-

c:\windows\system32\WORK.DAT
2010-01-04 03:51:50 794408 ----a-w-

c:\windows\system32\pbsvc.exe
2009-12-30 16:17:20 0 d-----w- c:\docume~1

\alluse~1\applic~1\Nexon

==================== Find3M ====================

2010-01-25 00:53:49 139152 ----a-w- c:\docume~1

\roy\applic~1\PnkBstrK.sys
2009-12-21 19:14:05 916480 ----a-w-

c:\windows\system32\wininet.dll
2009-12-14 23:50:28 0 ---ha-w-

c:\windows\system32

\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2009-12-14 23:50:27 0 ---ha-w-

c:\windows\system32

\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-21 02:34:54 69632 ----a-w-

c:\windows\system32\OpenCL.dll
2009-11-21 02:34:54 6282752 ----a-w-

c:\windows\system32\nv4_disp.dll
2009-11-21 02:34:54 4038656 ----a-w-

c:\windows\system32\nvcuda.dll
2009-11-21 02:34:54 2293286 ----a-w-

c:\windows\system32\nvdata.bin
2009-11-21 02:34:54 2259560 ----a-w-

c:\windows\system32\nvcuvid.dll
2009-11-21 02:34:54 1989224 ----a-w-

c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34:54 182888 ----a-w-

c:\windows\system32\nvcodins.dll
2009-11-21 02:34:54 182888 ----a-w-

c:\windows\system32\nvcod.dll
2009-11-21 02:34:54 13602816 ----a-w-

c:\windows\system32\nvoglnt.dll
2009-11-21 02:34:54 11374592 ----a-w-

c:\windows\system32\nvcompiler.dll
2009-11-21 02:34:54 1056768 ----a-w-

c:\windows\system32\nvapi.dll
2009-11-21 01:32:14 278120 ----a-w-

c:\windows\system32\nvmccs.dll
2009-11-21 01:32:14 154216 ----a-w-

c:\windows\system32\nvsvc32.exe
2009-11-21 01:32:14 145000 ----a-w-

c:\windows\system32\nvcolor.exe
2009-11-21 01:32:14 12669544 ----a-w-

c:\windows\system32\nvcpl.dll
2009-11-21 01:32:14 110184 ----a-w-

c:\windows\system32\nvmctray.dll
2009-11-21 01:32:10 81920 ----a-w-

c:\windows\system32\nvwddi.dll
2006-11-09 16:11:25 2024 -c--a-w- c:\program

files\Report-Scan-20061109-111052.txt
2008-09-05 03:13:39 32768 -csha-w-

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008090420080905\index.dat
2008-09-23 14:59:21 32768 --sha-w-

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 20:20:31.56 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 28 January 2010 - 01:18 PM

Hello.

Please uncheck wordwrap in notepad. Format >> Word Wrap.

--

Then run a scan with GMER for me.

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 29 January 2010 - 10:57 PM

OK I ran the GMER and i left the right side panel all checked except the sections, registry, show all and the drive checked was my C drive. I ran a full scan with these items unchecked and the GMER found no system alterations..

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 29 January 2010 - 11:32 PM

Okay, please post a new DDS log for me then by running it again.

Can you also give me an update of the condition of your system. What problems do you still have?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 30 January 2010 - 10:08 PM

Ok i still have the same problems as the original post and now i'm getting a pop up window every time i access any window program. All the win popups have the same error message no valid image.

Here is the new DDS Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Roy at 22:01:51.14 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.424 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
E:\Win Patrol\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Roy\My Documents\Bleeping Computer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.home.bellsouth.net
uDefault_Page_URL = hxxp://home.bellsouth.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch =
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No File
TB: {EBC780C8-5A2F-4BF2-B274-FDA3D61ACC6C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [WinPatrol] e:\win patrol\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: DirectAnimation Java Classes
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWebAgent.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://lms.jetnet.aa.com/wbt/r/r1/cab/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137718854546
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} - hxxp://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv373p.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\0023.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {C60A0B68-1F3A-A1D2-C909-9A11A016D21A} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roy\applic~1\mozilla\firefox\profiles\vkhh0nw0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - component: c:\documents and settings\roy\application data\mozilla\firefox\profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\roy\application data\mozilla\firefox\profiles\vkhh0nw0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\i tunes\mozilla plugins\npitunes.dll
FF - plugin: e:\palmce~1\packag~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2006-1-16 61952]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2006-1-16 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2006-1-16 178688]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-12-12 6656]
S2 aawservice;Lavasoft Ad-Aware Service;f:\adware2008\aawservice.exe --> f:\adware2008\aawservice.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\roy\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\roy\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-12-14 25728]
S3 JmtFltr;n52te;c:\windows\system32\drivers\jmtfltr.sys --> c:\windows\system32\drivers\JmtFltr.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-01-30 01:46:20 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-29 01:35:49 0 d-----w- c:\program files\doubleTwist 2.0
2010-01-25 00:53:49 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 00:14:27 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-25 00:14:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-21 15:58:12 0 d-----w- c:\program files\TrendMicro
2010-01-15 02:37:37 0 d-----w- c:\docume~1\roy\applic~1\The Ringtone Maker Plus
2010-01-15 02:31:47 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-01-15 02:31:47 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2010-01-15 02:31:31 0 d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2010-01-15 02:30:18 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-15 02:30:17 0 d-----w- c:\program files\common files\MAGIX Shared
2010-01-15 02:30:08 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-01-15 02:24:01 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-01-15 02:24:01 5937 ----a-w- c:\windows\mgxoschk.ini
2010-01-15 02:24:01 0 d-----w- c:\windows\system32\MAGIX
2010-01-13 01:00:16 0 dc-h--w- c:\windows\ie8
2010-01-12 23:43:44 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 03:50:16 22179 ----a-w- c:\windows\system32\0023.DLL
2010-01-09 03:58:35 37376 ---ha-w- c:\windows\system32\wexe.exe
2010-01-06 06:02:30 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-06 06:02:23 6435 ----a-w- c:\windows\system32\WORK.DAT
2010-01-04 03:51:50 794408 ----a-w- c:\windows\system32\pbsvc.exe

==================== Find3M ====================

2010-01-30 01:46:40 138056 ----a-w- c:\docume~1\roy\applic~1\PnkBstrK.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 23:50:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2009-12-14 23:50:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-12 07:19:50 6656 ----a-w- c:\windows\system32\drivers\iPodDrv.sys
2009-11-21 02:34:54 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34:54 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34:54 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34:54 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34:54 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34:54 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 01:32:14 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32:14 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32:14 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32:14 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32:10 81920 ----a-w- c:\windows\system32\nvwddi.dll
2006-11-09 16:11:25 2024 -c--a-w- c:\program files\Report-Scan-20061109-111052.txt
2008-09-05 03:13:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
2008-09-23 14:59:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 22:03:18.39 ===============


I also attached the DDS2 txt.

Thanks for your time and assistance

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 31 January 2010 - 12:37 PM

Hello.

Do you have your Windows XP disk with you still? We will start with Combofix.


Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Edited by extremeboy, 31 January 2010 - 12:37 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 February 2010 - 02:46 PM

OK i do have the Win XP disk and i have the original version of XP Home. I downloaded the combo fix and it successfully loaded the windows set up program. I ran the combo fix and here is the LOG:

ComboFix 10-02-01.01 - Roy 02/01/2010 14:25:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.638 [GMT -5:00]
Running from: c:\documents and settings\Roy\My Documents\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\video access activex object
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\0023.DLL
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\wexe.exe
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-01-30 01:46 . 2010-01-30 01:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-29 01:35 . 2010-01-29 01:35 -------- d-----w- c:\program files\doubleTwist 2.0
2010-01-25 00:53 . 2010-01-31 03:23 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 00:14 . 2010-01-31 03:23 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-25 00:14 . 2010-01-30 01:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-21 15:58 . 2010-01-21 15:58 388096 ----a-r- c:\documents and settings\Roy\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-21 15:58 . 2010-01-21 15:58 -------- d-----w- c:\program files\TrendMicro
2010-01-15 02:37 . 2010-01-15 02:37 -------- d-----w- c:\documents and settings\Roy\Application Data\The Ringtone Maker Plus
2010-01-15 02:31 . 2001-05-11 18:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-01-15 02:31 . 2010-01-15 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-01-15 02:30 . 2003-04-18 21:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-15 02:30 . 2010-01-15 02:31 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-01-15 02:30 . 2007-04-27 15:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-01-15 02:24 . 2010-01-15 02:31 -------- d-----w- c:\windows\system32\MAGIX
2010-01-15 02:24 . 2008-04-15 21:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-01-13 01:00 . 2010-01-13 01:04 -------- dc-h--w- c:\windows\ie8
2010-01-12 23:43 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 03:51 . 2010-01-25 00:53 794408 ----a-w- c:\windows\system32\pbsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 13:57 . 2006-01-20 03:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 13:46 . 2006-06-11 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-30 01:46 . 2007-12-25 14:47 138056 ----a-w- c:\documents and settings\Roy\Application Data\PnkBstrK.sys
2010-01-30 01:46 . 2007-12-25 14:47 138056 ----a-w- c:\documents and settings\Roy\Application Data\PnkBstrK.sys
2010-01-26 01:53 . 2009-12-30 14:40 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-01-26 01:53 . 2009-04-18 22:48 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-26 01:53 . 2009-04-18 22:48 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-26 01:53 . 2009-04-18 22:48 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-01-26 01:53 . 2009-04-18 22:48 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-01-26 01:53 . 2009-04-18 22:48 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-25 03:12 . 2009-06-06 21:37 -------- d-----w- c:\documents and settings\Roy\Application Data\FrostWire
2010-01-24 23:38 . 2006-01-17 23:22 135432 -c--a-w- c:\documents and settings\Roy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 15:10 . 2009-01-09 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-15 18:50 . 2006-01-16 22:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 03:15 . 2007-07-05 17:31 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-14 00:45 . 2007-01-13 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-11 04:21 . 2007-02-16 23:20 -------- d-----w- c:\program files\Electronic Arts
2010-01-09 05:00 . 2009-04-18 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-01-07 15:13 . 2009-05-02 21:23 -------- d-----w- c:\documents and settings\Roy\Application Data\SolidDocuments
2009-12-30 16:17 . 2009-12-30 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2009-12-21 19:14 . 2005-10-21 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 23:50 . 2009-12-14 23:49 -------- d-----w- c:\documents and settings\Roy\Application Data\Teleca
2009-12-14 23:50 . 2009-12-14 23:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2009-12-14 23:50 . 2009-12-14 23:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-14 23:49 . 2009-12-14 23:48 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-14 23:48 . 2009-12-14 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2009-12-14 23:48 . 2009-12-14 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2009-12-14 23:48 . 2009-12-14 23:47 -------- d-----w- c:\program files\HTC
2009-12-12 07:19 . 2009-12-12 07:19 6656 ----a-w- c:\windows\system32\drivers\iPodDrv.sys
2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-11-29 05:58 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34 . 2009-11-29 05:58 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-11-29 05:58 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-11-29 05:58 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-11-29 05:58 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-11-29 05:58 2293286 ----a-w- c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-11-29 05:58 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-11-29 05:58 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-11-29 05:58 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34 . 2009-11-29 05:58 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2006-03-09 19:29 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2006-03-09 19:29 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 01:32 . 2009-11-21 01:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-21 01:32 . 2009-11-21 01:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-21 01:32 . 2009-11-21 01:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-21 01:32 . 2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 01:32 . 2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-21 01:32 . 2009-11-21 01:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 16:48 . 2009-12-01 00:26 872960 ----a-w- c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-01 00:26 43008 ----a-w- c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-01 00:26 340480 ----a-w- c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-01 00:26 346624 ----a-w- c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-06 18:44 . 2008-04-04 22:21 1 ----a-w- c:\documents and settings\Roy\Application Data\StarOffice8\user\uno_packages\cache\stamp.sys
2006-11-09 16:11 . 2006-11-09 16:11 2024 -c--a-w- c:\program files\Report-Scan-20061109-111052.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:E *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Deep.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Google Updater\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SonnReg.lnk]
backup=c:\windows\pss\SonnReg.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Roy^Start Menu^Programs^Startup^BitTorrent.lnk]
backup=c:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roy^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Roy^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-09-11 02:26 368706 -c--a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
2002-07-01 13:50 28672 -c--a-w- e:\logitec\MOUSEW~1\system\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 -c--a-w- e:\itunes~1\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
2002-09-26 21:14 751104 -c--a-w- c:\progra~1\INSTAN~1\INSTAN~1\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 14:50 19968 -c----w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-06-26 22:36 90112 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 03:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\I Tunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"e:\combat arms\CombatArms.exe"= e:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"e:\\Combat Arms\\NMService.exe"=
"c:\\NGM\\NGM.exe"=
"e:\\Frostwire\\FrostWire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Battlefield2\\BF2.exe"=
"e:\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Combat Arms\\Engine.exe"=
"e:\\Battlefield Bad Company2\\BFBC2BetaUpdater.exe"=
"e:\\Battlefield Bad Company2\\BFBC2Game.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17567:UDP"= 17567:UDP:battlefield 2142
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58746:TCP"= 58746:TCP:Pando Media Booster
"58746:UDP"= 58746:UDP:Pando Media Booster

R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [1/16/2006 7:10 PM 61952]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [1/16/2006 7:10 PM 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [1/16/2006 7:10 PM 178688]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [12/12/2009 2:19 AM 6656]
S3 cpuz130;cpuz130;\??\c:\docume~1\Roy\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Roy\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [12/14/2009 6:47 PM 25728]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys --> c:\windows\system32\Drivers\JmtFltr.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-01-29 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4137627473.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 23:18]

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{813886CF-B541-4736-8441-22FC89966417}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.home.bellsouth.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv373p.cab
FF - ProfilePath - c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.att.net/
FF - component: c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Roy\Application Data\Mozilla\Firefox\Profiles\vkhh0nw0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\i tunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\palmce~1\PACKAG~1\NPInstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
ShellExecuteHooks-{C60A0B68-1F3A-A1D2-C909-9A11A016D21A} - (no file)
MSConfigStartUp-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-The Ringtone Maker Plus - e:\ringtone maker v5\The Ringtone Maker Plus 5\uninst.exe
AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 14:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-01 14:38:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 19:37

Pre-Run: 9,827,700,736 bytes free
Post-Run: 9,720,049,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 89CD5961AC9BB1106195025A1DFD4DC4




#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 01 February 2010 - 02:54 PM

Hello.

Unfortunately One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Let me know if you wish to continue or not.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 February 2010 - 07:57 PM

Ok i do believe i will have to refomat my HD. But in the mean time i will go ahead and disinfect the computer to at least get some measure of usability until i can find the necessary drivers to reinstall and back up my information. I will have some questions with the reformat will you be able to help me with that or do i need post into another forum..



#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 01 February 2010 - 08:32 PM

Hello.

Yes, you can ask me some questions regarding the format. What is it?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 February 2010 - 09:26 PM

Thanks for your help.

1 - is their a way to download the MS SP packs and save them? as i recall you need a internet connection because MS wants to run there authentication program before you can download.

2 - I downloaded belarc advisor so i have a detailed system report but i'm not sure if XP will auto detect my pc's drivers or am i going to have to find them and have them ready for install.

3- Will the reformat change the BIOS settings for my PC?


Also i wont be able to do the reformat until at least Sun this week so if possible i would like to clean my PC as much as i can, so i will have some measure of security on my machine. I will have to at least buy some time to get the necessary drivers and do the backups..

Thanks for your Help, Time and patience.



#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 PM

Posted 01 February 2010 - 09:36 PM

Hello.

QUOTE
1 - is their a way to download the MS SP packs and save them? as i recall you need a internet connection because MS wants to run there authentication program before you can download.

Which Service Pack are you referring to? Does your WIndows XP disk have one of the 3 service packs installed already? Yes, to download the Service Packs for Windows XP you will need internet connection. The files are actually quite big depending on which Service Pack you're referring to here.

QUOTE
2 - I downloaded belarc advisor so i have a detailed system report but i'm not sure if XP will auto detect my pc's drivers or am i going to have to find them and have them ready for install.

You will need to re-install ALL Drivers for this PC after the format. If you don't have a disk that automatically installs the drivers for this PC then you will need to download it yourself manually through the manufacture website of the PC. For example, my PC is HP so I will need to go to the HP website, fill out the information about my PC on the Drivers download area and then it will list out all the drivers available for this module for my PC and I can download and the install it.

QUOTE
3- Will the reformat change the BIOS settings for my PC?

That should be fine and not touched.

QUOTE
Also i wont be able to do the reformat until at least Sun this week so if possible i would like to clean my PC as much as i can, so i will have some measure of security on my machine. I will have to at least buy some time to get the necessary drivers and do the backups..

Okay.. However, doing a format will definitely remove the infection unless you picked up it from the previous one and re-infect yourself.

--
If you wish to continue we can. I'll provide the next set of instructions tomorrow. It's getting late here and I need to go wake up early tomorrow so go to go to bed.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Bumbury

Bumbury
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 February 2010 - 10:48 PM

OK I'll be looking for the drivers and getting set-up for my reformatting. Just to let you know i have the original version of win XP Home. got it in 2002. so I'll be resetting all the service packs and net framework 1.1 all the way to 3.5 as this is will be the 1st time I'm reformatting my HD but i have changed it twice before. so if the reformat is anything like swapping out a new HD than i should be ok. Again thanks for your time.

Talk later




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users