Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Problem


  • This topic is locked This topic is locked
9 replies to this topic

#1 HelenWinkle

HelenWinkle

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 19 February 2010 - 11:25 PM

My computer has been infected with trojans that keep returning despite trying to remove them with multiple anti-malware programs. I was unable to complete the GMER log as it caused a blue screen both in Windows Mode and in safe mode. I briefly viewed the log before the blue screen and it showed multiple root kits. I have an older version of Hijack this that I can also post the log--I tried to follow the instructions on this site to install a newer version of Hijack this but received a corrupt file message so was unable to install it.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2010 8:36:49 PM
System Uptime: 2/19/2010 9:25:58 PM (0 hours ago)

Motherboard: Dell Inc. | | 0N185P
Processor: Intel Pentium III Xeon processor | Socket 775 | 2992/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 334.068 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ACDSee Pro 2.5
Acrobat.com
Adobe Acrobat 9 Pro - English, Franšais, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
Choice Guard
Connect
Core FTP Pro 2.1
Dell Automated PC TuneUp
Dell Driver Download Manager
Diagnostics Utility
DivX Plus Web Player
DolbyFiles
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
IIS 6.0 Resource Kit Tools
ImagXpress
Intel« Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java™ 6 Update 13
JMB36X Raid Configurer
Junk Mail filter update
jv16 PowerTools 2009
K-Lite Mega Codec Pack 4.9.0
kuler
LogMeIn
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Movie Templates - Starter Kit
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Nero 9
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD DX
QuickTime
Readiris Pro 7.5
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Samsung SCX-4100 Series
Samsung SCX-4100 Series (TWAIN)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skins
SmarThru 4
Sonic CinePlayer Decoder Pack
SoundTrax
Suite Shared Configuration CS4
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/19/2010 12:11:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
2/19/2010 12:11:23 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2010 12:11:23 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/18/2010 9:10:10 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-LXQAM3LLG3 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{82616512-ED7. The master browser is stopping or an election is being forced.
2/18/2010 8:39:20 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
2/18/2010 8:34:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2/18/2010 8:10:08 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
2/18/2010 11:34:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
2/17/2010 9:50:07 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2/17/2010 4:42:07 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2/17/2010 4:07:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/17/2010 4:07:28 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2010 4:06:29 PM, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
2/17/2010 4:05:59 PM, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive4. The database is corrupt.
2/17/2010 4:05:59 PM, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive3. The database is corrupt.
2/17/2010 4:05:59 PM, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive2. The database is corrupt.
2/17/2010 4:05:59 PM, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive1. The database is corrupt.
2/17/2010 4:05:59 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom1. The database is corrupt.
2/17/2010 4:04:56 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
2/17/2010 12:45:34 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/17/2010 12:44:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
2/17/2010 12:44:57 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2010 12:30:27 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\chglogon.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/17/2010 12:27:08 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
2/17/2010 12:18:03 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
2/16/2010 9:50:10 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom0. The database is corrupt.
2/16/2010 11:46:48 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the path specified.
2/16/2010 11:08:17 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Services service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Proxy Service service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Network Agent service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Anti-Spam Service service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Common Client Job Manager Service service to connect.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:47:36 PM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2010 10:39:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/16/2010 10:08:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/16/2010 10:01:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk SASDIFSV SASKUTIL
2/15/2010 9:12:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 9:12:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2010 8:15:46 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/15/2010 8:15:46 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/15/2010 8:15:20 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
2/15/2010 10:34:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================


DDS (Ver_09-12-01.01) - NTFSx86
Run by Ruth at 21:53:50.35 on Fri 02/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2270 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctsauxs.exe
C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ruth\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISTray] "c:\docume~1\user\locals~1\temp\mri_temp\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243921904490
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ruth\applic~1\mozilla\firefox\profiles\q9ng2t4a.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-24 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-5-22 8960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-16 47640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-2-19 22016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\docume~1\user\locals~1\temp\mri_temp\spyware doctor\pctsauxs.exe [2010-2-19 356920]
R2 sdCoreService;PC Tools Security Service;c:\docume~1\user\locals~1\temp\mri_temp\spyware doctor\pctssvc.exe [2010-2-19 1072008]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S0 cerc6;cerc6; [x]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-5-22 11264]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-24 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-24 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-24 40552]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-2-19 28800]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-5-22 16640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\wnda31.sys --> c:\windows\system32\drivers\WNDA31.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-02-20 02:48:47 0 ----a-w- c:\documents and settings\ruth\defogger_reenable
2010-02-19 22:01:34 0 d-----w- C:\08931ba73dbd23706d
2010-02-19 21:52:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-19 15:13:16 0 d-----w- c:\program files\ATI
2010-02-19 15:10:55 60416 ----a-w- c:\windows\system32\RTLTEAMING_NB.DLL
2010-02-19 15:10:55 28800 ----a-w- c:\windows\system32\drivers\RTLTEAMING.SYS
2010-02-19 15:10:55 22016 ----a-w- c:\windows\system32\drivers\RtNdPt5x.sys
2010-02-19 15:05:38 1970176 ----a-w- c:\windows\system32\xRaidSetup.exe
2010-02-19 15:05:38 151552 ----a-w- c:\windows\system32\xRaidAPI.dll
2010-02-19 15:05:38 0 d-----w- C:\RaidTool
2010-02-19 15:05:36 0 d-----w- c:\windows\RaidTool
2010-02-19 04:36:02 0 d-sh--w- c:\documents and settings\ruth\IETldCache
2010-02-19 04:35:56 0 d-sh--w- c:\documents and settings\ruth\IECompatCache
2010-02-19 04:35:29 0 d-sh--w- c:\documents and settings\ruth\PrivacIE
2010-02-19 02:31:03 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-19 02:29:02 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-19 02:29:02 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-19 02:29:01 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-19 02:18:42 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:18:39 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-19 02:18:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-19 02:18:38 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:18:38 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-19 02:18:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:18:36 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-19 02:17:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 02:11:30 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-19 02:10:40 0 d-----w- c:\docume~1\ruth\applic~1\Malwarebytes
2010-02-19 02:10:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 02:10:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 02:10:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 02:09:34 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-19 01:35:59 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2010-02-19 01:33:58 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-18 02:07:14 262144 ---ha-w- c:\documents and settings\ruth\ntuser.dat.LOG1
2010-02-18 02:07:14 0 ---ha-w- c:\documents and settings\ruth\ntuser.dat.LOG2
2010-02-17 22:56:00 0 d-----w- c:\windows\system32\CatRoot2
2010-02-17 22:51:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2010-02-17 18:08:17 62976 ----a-w- c:\windows\system32\iesetup.dl_
2010-02-17 18:03:39 0 d-----w- c:\docume~1\ruth\applic~1\Windows Search
2010-02-17 17:52:54 0 d-----w- c:\windows\system32\Catroot2.old
2010-02-17 15:47:20 0 d-----w- c:\program files\trend micro
2010-02-17 15:46:52 0 d-----w- c:\program files\TrendMicro
2010-02-17 05:49:22 0 d-----w- c:\docume~1\ruth\applic~1\TuneUp Software
2010-02-17 05:00:55 190849024 ----a-w- c:\windows\sectest.db
2010-02-17 04:25:28 0 d-----w- c:\docume~1\ruth\applic~1\Tific
2010-02-17 03:51:29 0 d-----w- c:\docume~1\ruth\applic~1\Windows Desktop Search
2010-02-16 03:40:55 0 d-----w- c:\program files\Windows Resource Kits
2010-02-16 02:50:32 23 --sha-w- c:\windows\system32\edacded0.dat
2010-02-16 02:50:32 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-02-16 02:50:22 0 d-----w- c:\program files\jv16 PowerTools 2009
2010-02-16 02:46:13 0 d-----w- c:\windows\pss
2010-02-16 02:30:30 0 d-----w- C:\SmitfraudFix
2010-02-16 02:29:27 1872472 ----a-w- C:\SmitfraudFix.exe
2010-02-16 01:13:24 531456 -c--a-w- c:\windows\system32\dllcache\wbemcore.dll
2010-02-16 01:13:24 531456 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-02-16 01:05:38 16535 ----a-r- c:\windows\SETD1.tmp
2010-02-16 01:05:37 1088840 ----a-r- c:\windows\SETC5.tmp
2010-02-16 01:05:35 1296669 ----a-r- c:\windows\SETC2.tmp
2010-02-15 19:58:20 0 d-----w- c:\windows\Dell
2010-02-15 17:56:44 0 d-sh--w- C:\found.001

==================== Find3M ====================

2010-02-19 23:39:49 2006 ----a-w- c:\windows\system32\tmp.reg
2010-02-19 01:33:09 23412 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-12-28 19:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 21:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 21:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

============= FINISH: 21:56:18.98 ===============

I just completed another scan with Malwarebytes and it described the current problem as:
worm autorun b
Here is teh log

Malwarebytes' Anti-Malware 1.44
Database version: 3766
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/02/2010 11:23:01 AM
mbam-log-2010-02-20 (11-23-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 380059
Time elapsed: 1 hour(s), 12 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-600071822-1944937006-1240738437-1007\Dc12\License\iexplore.exe (Worm.Autorun.cool.gif -> Quarantined and deleted successfully.

Merged posts. ~ OB

Edited by Orange Blossom, 20 February 2010 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 HelenWinkle

HelenWinkle
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 20 February 2010 - 06:27 PM

I have now been able to install the newer Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:35, on 20/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctsauxs.exe
C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctsTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat....cab?1243921904

490
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) -

http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program

Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program

Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctsauxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\DOCUME~1\User\LOCALS~1\Temp\MRI_TEMP\Spyware Doctor\pctssvc.exe

--
End of file - 7533 bytes


#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:41 PM

Posted 21 February 2010 - 05:29 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 HelenWinkle

HelenWinkle
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 21 February 2010 - 09:57 PM

I'm not sure if my system is clean--it is behaving normally (I think)--but I'm not sure if the virus/trojan is gone or still in hiding. Thanks for any input. I tried to upload the attachment file which I have zipped as instructed in your email but received an message from this site saying that I am not permitted to upload this type of file.
Helen

DDS (Ver_09-12-01.01) - NTFSx86
Run by Helen at 21:51:50.23 on 21/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3071.2165 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243921904490
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\phkrmqou.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-20 207280]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-24 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-20 112592]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-5-22 8960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-16 47640]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-2-19 22016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-20 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-20 1141712]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S0 cerc6;cerc6; [x]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-5-22 11264]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-24 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-24 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-24 40552]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-2-19 28800]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-5-22 16640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\wnda31.sys --> c:\windows\system32\drivers\WNDA31.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-02-21 02:15:08 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-21 01:09:30 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-21 01:09:30 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-21 01:09:30 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-21 01:09:30 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-21 01:09:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-21 01:09:30 131 ----a-w- c:\windows\IDB.zip
2010-02-21 01:09:30 1152444 ----a-w- c:\windows\UDB.zip
2010-02-21 01:09:29 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-21 01:09:29 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-21 01:09:29 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-21 01:05:35 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-21 01:05:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-21 01:05:27 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-21 01:05:27 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-21 01:05:27 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-21 01:05:27 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-21 01:05:18 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-21 01:05:18 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-21 01:04:46 0 d-----w- c:\program files\Spyware Doctor
2010-02-21 01:04:46 0 d-----w- c:\program files\common files\PC Tools
2010-02-21 01:04:46 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2010-02-21 01:04:46 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-02-21 01:02:39 0 d-----w- c:\program files\uTorrent
2010-02-21 01:02:16 0 d-----w- c:\docume~1\user\applic~1\uTorrent
2010-02-20 15:01:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 15:00:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 00:23:47 0 d-----w- c:\docume~1\user\applic~1\Webroot
2010-02-19 22:01:34 0 d-----w- C:\08931ba73dbd23706d
2010-02-19 21:52:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-19 15:13:16 0 d-----w- c:\program files\ATI
2010-02-19 15:10:55 60416 ----a-w- c:\windows\system32\RTLTEAMING_NB.DLL
2010-02-19 15:10:55 28800 ----a-w- c:\windows\system32\drivers\RTLTEAMING.SYS
2010-02-19 15:10:55 22016 ----a-w- c:\windows\system32\drivers\RtNdPt5x.sys
2010-02-19 15:05:38 1970176 ----a-w- c:\windows\system32\xRaidSetup.exe
2010-02-19 15:05:38 151552 ----a-w- c:\windows\system32\xRaidAPI.dll
2010-02-19 15:05:38 0 d-----w- C:\RaidTool
2010-02-19 15:05:36 0 d-----w- c:\windows\RaidTool
2010-02-19 02:31:03 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-19 02:29:02 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-19 02:29:02 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-19 02:29:01 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-19 02:18:42 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-19 02:18:39 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-19 02:18:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-19 02:18:38 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 02:18:38 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-19 02:18:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 02:18:36 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-19 02:17:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 02:11:30 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-19 02:10:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 02:09:34 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-19 01:35:59 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2010-02-19 01:33:58 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-19 01:33:53 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-18 20:03:29 2145386496 ----a-w- c:\windows\MEMORY.DMP
2010-02-18 02:07:14 262144 ---ha-w- c:\documents and settings\user\ntuser.dat.LOG1
2010-02-18 02:07:14 0 ---ha-w- c:\documents and settings\user\ntuser.dat.LOG2
2010-02-17 22:56:00 0 d-----w- c:\windows\system32\CatRoot2
2010-02-17 22:51:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2010-02-17 18:08:17 62976 ----a-w- c:\windows\system32\iesetup.dl_
2010-02-17 17:52:54 0 d-----w- c:\windows\system32\Catroot2.old
2010-02-17 15:47:20 0 d-----w- c:\program files\trend micro
2010-02-17 15:46:52 0 d-----w- c:\program files\TrendMicro
2010-02-17 05:00:55 190849024 ----a-w- c:\windows\sectest.db
2010-02-16 03:40:55 0 d-----w- c:\program files\Windows Resource Kits
2010-02-16 02:50:32 23 --sha-w- c:\windows\system32\edacded0.dat
2010-02-16 02:50:32 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-02-16 02:50:22 0 d-----w- c:\program files\jv16 PowerTools 2009
2010-02-16 02:46:13 0 d-----w- c:\windows\pss
2010-02-16 01:13:24 531456 -c--a-w- c:\windows\system32\dllcache\wbemcore.dll
2010-02-16 01:13:24 531456 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-02-16 01:05:38 16535 ----a-r- c:\windows\SETD1.tmp
2010-02-16 01:05:37 1088840 ----a-r- c:\windows\SETC5.tmp
2010-02-16 01:05:35 1296669 ----a-r- c:\windows\SETC2.tmp
2010-02-15 19:58:20 0 d-----w- c:\windows\Dell
2010-02-15 17:56:44 0 d-sh--w- C:\found.001

==================== Find3M ====================

2010-02-19 23:39:49 2006 ----a-w- c:\windows\system32\tmp.reg
2010-02-19 01:33:09 23412 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2007-12-28 19:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 21:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 21:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

============= FINISH: 21:52:20.71 ===============


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:41 PM

Posted 23 February 2010 - 08:04 AM

Hello HelenWinkle.

I do not recommend that you have more than one antivirus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Symantec AntiVirus Corporate Edition.

***************************************************

Good news. . . I don't see any further evidence of malware infection on your machine. However, just to be sure let's run another scan. Please note that this scan will require some time to run.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (uncheck all others):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". When logging in, do NOT log in under the account titled "Admin" or "Administrator"

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
~Blade


In your next reply, please include the following:
SUPERAntiSpyware Log

Edited by Blade Zephon, 23 February 2010 - 08:04 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 HelenWinkle

HelenWinkle
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 24 February 2010 - 11:16 PM

Thanks for your help. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/24/2010 at 09:48 PM

Application Version : 4.34.1000

Core Rules Database Version : 4391
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:27:31

Memory items scanned : 232
Memory threats detected : 0
Registry items scanned : 7255
Registry threats detected : 0
File items scanned : 31114
File threats detected : 91

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\helen@2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@xiti[1].txt
C:\Documents and Settings\User\Cookies\helen@interclick[2].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjnyuoajweo.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@bluestreak[2].txt
C:\Documents and Settings\User\Cookies\helen@ads.pointroll[2].txt
C:\Documents and Settings\User\Cookies\helen@zedo[2].txt
C:\Documents and Settings\User\Cookies\helen@statse.webtrendslive[1].txt
C:\Documents and Settings\User\Cookies\helen@mediaplex[1].txt
C:\Documents and Settings\User\Cookies\helen@sales.liveperson[3].txt
C:\Documents and Settings\User\Cookies\helen@www.partypoker[1].txt
C:\Documents and Settings\User\Cookies\helen@insightexpressai[1].txt
C:\Documents and Settings\User\Cookies\helen@rts.pgmediaserve[2].txt
C:\Documents and Settings\User\Cookies\helen@server.iad.liveperson[1].txt
C:\Documents and Settings\User\Cookies\helen@searsca.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@collective-media[2].txt
C:\Documents and Settings\User\Cookies\helen@ads.ad4game[2].txt
C:\Documents and Settings\User\Cookies\helen@doubleclick[2].txt
C:\Documents and Settings\User\Cookies\helen@msnservices.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjl4kgazcdo.stats.esomniture[1].txt
C:\Documents and Settings\User\Cookies\helen@sales.liveperson[2].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wgkyopcjmlp.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@specificclick[2].txt
C:\Documents and Settings\User\Cookies\helen@rotator.adjuggler[1].txt
C:\Documents and Settings\User\Cookies\helen@pointroll[1].txt
C:\Documents and Settings\User\Cookies\helen@247realmedia[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wdliqgd5afo.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@trafficmp[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wmlikjazmfp.stats.esomniture[1].txt
C:\Documents and Settings\User\Cookies\helen@paypal.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@z.blogads[1].txt
C:\Documents and Settings\User\Cookies\helen@partypoker[2].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjkysic5kko.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@fr.at.atwola[1].txt
C:\Documents and Settings\User\Cookies\helen@torstardigital.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@realmedia[1].txt
C:\Documents and Settings\User\Cookies\helen@csm.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\User\Cookies\helen@at.atwola[2].txt
C:\Documents and Settings\User\Cookies\helen@adcentriconline[1].txt
C:\Documents and Settings\User\Cookies\helen@burstnet[2].txt
C:\Documents and Settings\User\Cookies\helen@sales.liveperson[4].txt
C:\Documents and Settings\User\Cookies\helen@statcounter[1].txt
C:\Documents and Settings\User\Cookies\helen@advertising[1].txt
C:\Documents and Settings\User\Cookies\helen@casalemedia[1].txt
C:\Documents and Settings\User\Cookies\helen@tacoda[2].txt
C:\Documents and Settings\User\Cookies\helen@kontera[2].txt
C:\Documents and Settings\User\Cookies\helen@dreamsinc.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@data.coremetrics[1].txt
C:\Documents and Settings\User\Cookies\helen@atdmt[1].txt
C:\Documents and Settings\User\Cookies\helen@msnportal.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@content.yieldmanager[3].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjkyanazsgq.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@homedepotca.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@ads.cnn[1].txt
C:\Documents and Settings\User\Cookies\helen@fastclick[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjlichcjkdp.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@ads.undertone[2].txt
C:\Documents and Settings\User\Cookies\helen@invitemedia[1].txt
C:\Documents and Settings\User\Cookies\helen@chitika[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjkyqjajolp.stats.esomniture[1].txt
C:\Documents and Settings\User\Cookies\helen@apmebf[1].txt
C:\Documents and Settings\User\Cookies\helen@revsci[1].txt
C:\Documents and Settings\User\Cookies\helen@ad.yieldmanager[2].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjl4eicpmeo.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@smartadserver[2].txt
C:\Documents and Settings\User\Cookies\helen@bellcan.adbureau[2].txt
C:\Documents and Settings\User\Cookies\helen@media6degrees[1].txt
C:\Documents and Settings\User\Cookies\helen@tribalfusion[2].txt
C:\Documents and Settings\User\Cookies\helen@torontoseeker[2].txt
C:\Documents and Settings\User\Cookies\helen@sympatico.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wnkokkazeeq.stats.esomniture[2].txt
C:\Documents and Settings\User\Cookies\helen@edge.ru4[2].txt
C:\Documents and Settings\User\Cookies\helen@pcworldcommunication.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@adbrite[1].txt
C:\Documents and Settings\User\Cookies\helen@link.mercent[1].txt
C:\Documents and Settings\User\Cookies\helen@e-2dj6wjkyaicjgcp.stats.esomniture[1].txt
C:\Documents and Settings\User\Cookies\helen@kaspersky.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@dmtracker[1].txt
C:\Documents and Settings\User\Cookies\helen@www.burstnet[1].txt
C:\Documents and Settings\User\Cookies\helen@stats.paypal[1].txt
C:\Documents and Settings\User\Cookies\helen@server.iad.liveperson[4].txt
C:\Documents and Settings\User\Cookies\helen@discountsafetygear[1].txt
C:\Documents and Settings\User\Cookies\helen@hearstdigital.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\helen@toplist[1].txt
C:\Documents and Settings\User\Cookies\helen@adtech[1].txt
C:\Documents and Settings\User\Cookies\helen@www.discountsafetygear[1].txt
C:\Documents and Settings\User\Cookies\helen@server.iad.liveperson[3].txt
C:\Documents and Settings\User\Cookies\helen@stats.bradyinternational[2].txt
C:\Documents and Settings\User\Cookies\helen@collective-media[1].txt
C:\Documents and Settings\User\Cookies\helen@ads.bleepingcomputer[1].txt


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:41 PM

Posted 24 February 2010 - 11:42 PM

Looks good. . . how's the computer running?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

~Blade

In your next reply, please include the following:
How is your computer running?

Edited by Blade Zephon, 24 February 2010 - 11:42 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 HelenWinkle

HelenWinkle
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 25 February 2010 - 08:30 PM

The computer is running well, so I'm hoping that this infection is history. Thank you for your help.

Helen

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:41 PM

Posted 26 February 2010 - 01:26 AM

Your machine appears to be clean!

I highly recommend that you read through the below set of very helpful suggestions and implement them; they will help protect you from reinfection

You can re-enable emulation drivers now if you wish:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to disable and enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above.

Next, please hide your System Files. To do this, please refer to the following guide and reverse its steps: "How To See Hidden Files in Windows."


This should give you a good start into malware free pc usage. However I suggest you visit the following additional information listed below:I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostsMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select at least one of them (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:41 PM

Posted 02 March 2010 - 01:03 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users