Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 SpiritSoul

SpiritSoul

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 23 February 2010 - 05:26 PM

I Folowed guide to remove this headache 'Antivirus Soft', yet got error 732(12007, 0) when installing Malwarebytes anti-mal.
Does this affect the outcome?
Ran scan anyway, but only found 1 file, removed and rebooted. Buggers' still there. rkill only found
2 files to shutdown. I'm not a techie at all (my nephew got me to the instructions page) but I will
try my best. Cannot open anything on infected laptop or access net from it. Am on desktop computer now.
Appreciate any help.

Edited by Orange Blossom, 23 February 2010 - 05:28 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 23 February 2010 - 05:41 PM

Hello smile.gif

Please see post by quietman7 (Global Moderator on this site):
For those having trouble running Malwarebytes Anti-Malware
http://www.bleepingcomputer.com/forums/t/267354/for-those-having-trouble-running-malwarebytes-anti-malware/

Remove Antivirus Soft (Uninstall Guide)
Posted by Grinler on January 30, 2010

http://www.bleepingcomputer.com/virus-remo...-antivirus-soft

Please reply back with the results of the Malwarebytes' scan.
Copy/paste the entire contents of the Malwarebytes' scan results into your next post.
Also, let us know what, if any, symptoms you are still experiencing.






If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 February 2010 - 10:44 AM

Below is the Malwarebytes txt - note date is off as I had to remove battery to reboot.

Current condition, seems to be fine. Here's what I did and was the only thing would work for me.

1) Had SuperAntiSpyware on computer, so ran it while in safe mode and it found a few files I could quarantine so I could at least continue to booting in regular mode to run Malwarebytes. (They also have a portable one you can download for free if not already on your infected computer, to a USB to run.)

2) Ran Malwarebytes on good computer and downloaded updates. Went to C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti Malware (or find on your computer thru search function), and copied the update file 'Rules.ref' to a USB device.

3) Also, on good computer copied and pasted to desktop the mbam.exe file from the Malwarebytes program file. Renamed the desktop copy 'wuauclt.exe' and copied to USB device.

4) Started the infected computer in regular mode under my user name and ran 'rkill'

5) Transferred 'Rules.ref' to proper location on infected computer, i.e. c:\Documents and Settings\AllUsers\ApplicationData\Malwarebytes\Malwarebytes Anti Malware

6) Transferred 'wuauclt.exe' to Malwarebytes program file. Then clicked on it (in the Explorer file) to start the program/scan.

Scan took a few hours, but it seems to be working perfectly now. I found out a lot of the information by digging thru the links you gave me above. Thank you. Please note I have never taken a computer class or am not a techie so this was quite a journey for me. The above information took me about 10 hours just to give you the below txt ; )

Malwarebytes' Anti-Malware 1.44
Database version: 3781
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/31/2004 6:58:58 AM
mbam-log-2004-03-31 (06-58-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219407
Time elapsed: 1 hour(s), 22 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\myivo (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\grpyivmk (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xtwiswtu (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\grpyivmk (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xtwiswtu (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Aleric\MyIVO\bin\myivomgr.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\Kim M. Eisen\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.







#4 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 February 2010 - 04:47 PM

I just had malware yesterday that I got rid of and posted how on this forum (see link below), maybe this might help (but didn't use DDS or Combofix)

http://www.bleepingcomputer.com/forums/topic298047.html (you may have to copy & paste)

Good luck

#5 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 February 2010 - 10:48 PM

Hello smile.gif

You're doing a great job so far. thumbup2.gif

I'd feel better if you updated your Malwarebytes' and scanned again.
Your Malwarebytes' log (posted today, 02-24-10) shows database version 3781.
Because the date/time of your system is off, I don't know when you ran the Malwarebytes' scan.
Late last night (02-23-10) when I updated my Malwarebytes', the most recent database version was 3782.
I updated my Malwarebytes' again just now, and as of right now, the most current database version is 3787.
Doing this will ensure two things: 1) that you have the most recent updates, and 2) another scan will give us a better
idea if there are infections present.
(It's always reassuring to get updates, run additional scans, and see results that come up "clean" (zero infections found).

Do you have the SUPERAntiSpyware log ? (You mentioned it found/fixed a few things....)
If yes, please include the SUPERAntiSpyware log in your next post.
Also, did you update your SUPERAntiSpyware before running the scan ?

When you reply back, please include your most recent Malwarebytes' log.


-----------------------------------------------------------------------------------------------------

ATF Cleaner.
It's free, and you can get it here:
http://www.atribune.org/index.php?option=c...5&Itemid=25
The following is copied/pasted from atribune's website:
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"


-----------------------------------------------------------------------------------
I'm going to point you in the direction of some EXCELLENT information, that will be of tremendous benefit to you.
It's a whole lot easier to take the proper precautions, and it takes less time and effort to do that, than it does to fix infections, which can be quite ugly and stubborn to remove. Having already spent ten hours fixing this infection,
I'm sure you'll see the benefit to the information provided in the topics below:

Do take the time to read these:

How Malware Spreads - How did I get infected
by quietman7 (Global Moderator)

http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/

How did I get infected?, With steps so it does not happen again!
by Grinler (Admin)

http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

The Ten Most Dangerous Things Users Do Online
by quietman7 (Global Moderator)

http://www.bleepingcomputer.com/forums/t/69440/the-ten-most-dangerous-things-users-do-online/


smile.gif
If we don't change the direction we are going,
We are likely to end up where we are headed.

#6 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 February 2010 - 11:36 PM

I just thought of this, I remembered seeing this in your log:
(Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Do you have Microsoft Word ?
Have you checked to make sure you have all your updates ?
(Windows updates, Adobe Reader, Java, any Microsoft Office updates)

The topics in my last post will have information about this subject.
"Bad things" are able to get through to your computer, sometimes by way of vulnerabilities in programs that don't have the most recent updates.


If we don't change the direction we are going,
We are likely to end up where we are headed.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:21 PM

Posted 25 February 2010 - 04:13 AM

Okay, I'll merge both topics. Please let me know how you want to continue (try to run DDS and post logs or continue here).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 25 February 2010 - 04:03 PM

First of all I want to thank you so much for all your(s) help on this. I hope the following will answer most of the questions. Current condition: Just ran MWB again and while it was scanning a 'Resident Shield Alert' window came up (not the issue of Antivirus Soft we are working on).

RE: question on Word updates - all updates were downloaded when scan was run.
RE: SuperAntiSpyware - I'll post the log at the end of this email, but at the time I could not update because of the malware, so ran it as it was. Note: todays' scan showed no threats, yet MalwareBytes found 4.
Ran ATF Cleaner
Ran DDS - log below - but could not figure out how to attach the attach.txt

Here the MalwareBytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3792
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/25/2010 1:51:09 PM
mbam-log-2010-02-25 (13-51-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 220358
Time elapsed: 1 hour(s), 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kim M. Eisen\Local Settings\Application Data\vikoay\dqnvsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kim M. Eisen\Local Settings\Application Data\wrbhhv\dprgsftav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kim M. Eisen\Local Settings\Temp\bshiea.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kim M. Eisen\Local Settings\Temp\sPaW.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Here is the DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kim M. Eisen at 14:21:39.93 on Thu 02/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.151 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Aleric\MyIVO\bin\myivosrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Aleric\MyIVO\bin\myivodds.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kim M. Eisen\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kimeisen.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: XBTP05494 Class: {37138967-cd8a-4b6e-8254-5eed6a50bb69} - c:\progra~1\redzee~1\redzee.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [UniblueSpeedUpMyPC] c:\program files\uniblue\speedupmypc\Launcher.exe -minimize
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [myivo] c:\program files\aleric\myivo\bin\myivomgr.exe
mRunOnce: [HP_AIO_SETUP_MUTEX] c:\docume~1\kimm~1.eis\locals~1\temp\hp_officejet_g_series\cdimage\setup.exe
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aptilo.com\apc
Trusted Zone: wifiaruba.aw\pas
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://northstarmls.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://northstarmls.mlxchange.com/Control/MLXClientUtils.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://northstarmls.mlxchange.com/Control/IRCSharc.cab
DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://helloworlda.razorstream.com/razorgate/objects/RSControl40.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38110.3937268518
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-1 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-1 297752]
R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sretsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sRETSDATA [?]
R2 MyIVO;MyIVO;c:\program files\aleric\myivo\bin\myivosrv.exe -service --> c:\program files\aleric\myivo\bin\myivosrv.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-14 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 DW90USB;DW90USB Device;c:\windows\system32\drivers\DW90USB.SYS [2004-8-2 39096]
S3 InterCheck Control;InterCheck Control; [x]
S3 InterCheck Filter;InterCheck Filter; [x]
S3 InterCheck Support 01;InterCheck Support 01; [x]
S3 InterCheck Support 02;InterCheck Support 02; [x]
S3 InterCheck Support 03;InterCheck Support 03; [x]
S3 InterCheck Support 04;InterCheck Support 04; [x]
S3 InterCheck Support 05;InterCheck Support 05; [x]
S3 InterCheck Support 06;InterCheck Support 06; [x]
S3 InterCheck Support 07;InterCheck Support 07; [x]
S3 InterCheck Support 08;InterCheck Support 08; [x]
S3 InterCheck Support 09;InterCheck Support 09; [x]
S3 InterCheck Support 10;InterCheck Support 10; [x]
S3 InterCheck Support 11;InterCheck Support 11; [x]
S3 InterCheck Support 12;InterCheck Support 12; [x]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.exe -i retsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.EXE -i RETSDATA [?]
S4 SweepNet;SweepNet; [x]

=============== Created Last 30 ================

2010-02-23 20:00:42 0 d-----w- c:\docume~1\kimm~1.eis\applic~1\Malwarebytes
2010-02-23 20:00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 20:00:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 20:00:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-23 20:00:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 18:31:32 0 d-----w- c:\program files\SmartDraw 2010
2010-02-13 15:17:00 0 d-----w- c:\program files\Amazon
2010-02-05 17:32:50 0 d-sh--w- c:\documents and settings\kim m. eisen\IECompatCache

==================== Find3M ====================

2010-02-23 19:39:53 7551 ----a-w- c:\windows\system32\drivers\U3sHlpDr.sys
2010-01-05 10:00:21 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2006-08-04 18:06:14 34556560 ----a-w- c:\program files\qc848enu.exe
2008-09-30 23:33:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat

============= FINISH: 14:23:10.92 ===============

Here is the SuperAntiSpyware Log (which allowed me to at least boot in normal mode after running) Date is off but ran on 2/23/10

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2004 at 04:45 AM

Application Version : 4.34.1000

Core Rules Database Version : 4606
Trace Rules Database Version: 2418

Scan type : Complete Scan
Total Scan Time : 00:43:31

Memory items scanned : 297
Memory threats detected : 0
Registry items scanned : 8870
Registry threats detected : 4
File items scanned : 28467
File threats detected : 0

Adware.FatPickle
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F}
HKU\S-1-5-21-85654918-3363286164-1489889169-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F}

Rogue.AntivirusSoft
HKU\S-1-5-21-85654918-3363286164-1489889169-1008\Software\avsoft






#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:21 PM

Posted 25 February 2010 - 04:14 PM

Hello, since you posted a DDS log, I am switching this toic to the Malware Removal forum. You can just paste the attach.txt log in the reply box, no need to attach it.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 26 February 2010 - 12:49 AM

Below is the ComboFix Log and below that is the DDS attach.txt

ComboFix 10-02-25.02 - Kim M. Eisen 02/25/2010 23:18:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.315 [GMT -6:00]
Running from: c:\documents and settings\Kim M. Eisen\My Documents\Zips and Programs\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\desktop
c:\windows\desktop\Cook'n Smoothies.lnk
c:\windows\srchasst\NLS302EN.LEX
c:\windows\system32\comrepl.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\twain.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-23 20:00 . 2010-02-23 20:00 -------- d-----w- c:\documents and settings\Kim M. Eisen\Application Data\Malwarebytes
2010-02-23 20:00 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 20:00 . 2010-02-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 20:00 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 20:00 . 2010-02-25 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 19:42 . 2010-02-23 19:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 18:31 . 2010-02-23 18:31 -------- d-----w- c:\program files\SmartDraw 2010
2010-02-23 18:28 . 2010-02-25 19:51 -------- d-----w- c:\documents and settings\Kim M. Eisen\Local Settings\Application Data\wrbhhv
2010-02-23 18:28 . 2010-02-25 19:51 -------- d-----w- c:\documents and settings\Kim M. Eisen\Local Settings\Application Data\vikoay
2010-02-13 15:17 . 2010-02-13 15:17 -------- d-----w- c:\documents and settings\Kim M. Eisen\Local Settings\Application Data\Amazon
2010-02-13 15:17 . 2010-02-13 15:17 -------- d-----w- c:\documents and settings\Kim M. Eisen\Application Data\Amazon
2010-02-13 15:17 . 2010-02-13 15:17 -------- d-----w- c:\program files\Amazon
2010-02-05 18:31 . 2010-02-05 18:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-05 17:32 . 2010-02-05 17:32 -------- d-sh--w- c:\documents and settings\Kim M. Eisen\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 05:33 . 2009-03-22 15:28 117760 ----a-w- c:\documents and settings\Kim M. Eisen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 05:23 . 2009-09-02 01:50 4432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-25 17:56 . 2010-02-25 17:56 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-24 18:21 . 2008-01-02 20:08 -------- d-----w- c:\documents and settings\Kim M. Eisen\Application Data\Skype
2010-02-24 16:55 . 2008-01-02 20:21 -------- d-----w- c:\documents and settings\Kim M. Eisen\Application Data\skypePM
2010-02-24 16:39 . 2009-01-28 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AgentOffice
2010-02-23 19:39 . 2009-02-12 17:38 7551 ----a-w- c:\windows\system32\drivers\U3sHlpDr.sys
2010-02-05 18:26 . 2004-09-10 07:59 -------- d-----w- c:\program files\Google
2010-01-22 02:31 . 2010-01-22 02:31 52224 ----a-w- c:\documents and settings\Kim M. Eisen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-21 18:11 . 2010-01-21 18:11 -------- d-----w- c:\documents and settings\Kim M. Eisen\Application Data\Office Genuine Advantage
2009-12-31 16:50 . 2002-08-29 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2002-08-29 10:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2002-08-29 10:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 10:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-08-29 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 15:59 . 2009-08-26 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2006-08-04 18:06 . 2006-08-04 18:06 34556560 ----a-w- c:\program files\qc848enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniblueSpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe" [2009-04-29 614696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2004-03-31 2012912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-14 2043160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-23 01:05 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-01 23:53 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
2003-05-14 23:37 98304 ----a-w- c:\windows\SYSTEM32\BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2003-06-20 19:18 368640 ----a-r- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePrint 3.0 Service]
2003-03-24 19:26 58368 ----a-w- c:\progra~1\LEADTE~1\LEADTO~1.0\Bin\ePrint3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 03:36 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-02-21 16:17 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 19:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 20:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 20:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 22:32 221184 ----a-w- c:\windows\SYSTEM32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 19:03 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-10-26 18:01 4632576 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-10-26 18:01 921600 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-12-12 19:22 217088 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 21:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun]
2007-08-30 20:59 512004 ----a-w- c:\program files\NCH Swift Sound\RecordPad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2004-03-31 06:21 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-20 17:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-04-27 03:55 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aleric\\MyIVO\\bin\\myivosrv.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/1/2009 8:46 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/1/2009 8:46 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 66632]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/1/2009 8:45 AM 297752]
R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
R2 MyIVO;MyIVO;c:\program files\Aleric\MyIVO\bin\myivosrv.exe -service --> c:\program files\Aleric\MyIVO\bin\myivosrv.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2007 6:44 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:26 PM 135664]
S3 DW90USB;DW90USB Device;c:\windows\SYSTEM32\DRIVERS\DW90USB.SYS [8/2/2004 7:51 PM 39096]
S3 InterCheck Control;InterCheck Control; [x]
S3 InterCheck Filter;InterCheck Filter; [x]
S3 InterCheck Support 01;InterCheck Support 01; [x]
S3 InterCheck Support 02;InterCheck Support 02; [x]
S3 InterCheck Support 03;InterCheck Support 03; [x]
S3 InterCheck Support 04;InterCheck Support 04; [x]
S3 InterCheck Support 05;InterCheck Support 05; [x]
S3 InterCheck Support 06;InterCheck Support 06; [x]
S3 InterCheck Support 07;InterCheck Support 07; [x]
S3 InterCheck Support 08;InterCheck Support 08; [x]
S3 InterCheck Support 09;InterCheck Support 09; [x]
S3 InterCheck Support 10;InterCheck Support 10; [x]
S3 InterCheck Support 11;InterCheck Support 11; [x]
S3 InterCheck Support 12;InterCheck Support 12; [x]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
S4 SweepNet;SweepNet; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:26]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kimeisen.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: aptilo.com\apc
Trusted Zone: wifiaruba.aw\pas
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://northstarmls.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://northstarmls.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://northstarmls.mlxchange.com/Control/IRCSharc.cab
DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://helloworlda.razorstream.com/razorgate/objects/RSControl40.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{37138967-CD8A-4b6e-8254-5EED6A50BB69} - c:\progra~1\REDZEE~1\redzee.dll
HKLM-Run-myivo - c:\program files\Aleric\MyIVO\bin\myivomgr.exe
HKLM-RunOnce-HP_AIO_SETUP_MUTEX - c:\docume~1\KIMM~1.EIS\LOCALS~1\TEMP\HP_OFFICEJET_G_SERIES\CDIMAGE\setup.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-myivo - c:\program files\Aleric\MyIVO\bin\myivomgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HP_AIO_SETUP_MUTEX = c:\docume~1\KIMM~1.EIS\LOCALS~1\TEMP\HP_OFFICEJET_G_SERIES\CDIMAGE\setup.exe ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Aleric\MyIVO\bin\myivosrv.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Aleric\MyIVO\bin\myivodds.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-02-25 23:37:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 05:37

Pre-Run: 45,516,435,456 bytes free
Post-Run: 45,910,040,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C5F89E803280EA00C332E4332CE3DB9C




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2004 8:43:39 PM
System Uptime: 2/25/2010 1:59:03 PM (1 hours ago)

Motherboard: Dell Computer Corporation | | 0Y4572
Processor: Intel® Pentium® M processor 1700MHz | Microprocessor | 1694/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 42.467 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1C065C81384FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1C065C81384FC000
Service: NIC1394

==== System Restore Points ===================

RP835: 1/23/2010 11:27:29 AM - Software Distribution Service 3.0
RP836: 1/23/2010 1:26:50 PM - System Checkpoint
RP837: 1/25/2010 1:04:28 PM - System Checkpoint
RP838: 1/26/2010 9:02:46 AM - Software Distribution Service 3.0
RP839: 1/27/2010 3:12:21 PM - System Checkpoint
RP840: 1/28/2010 8:27:46 PM - System Checkpoint
RP841: 1/30/2010 1:38:08 PM - System Checkpoint
RP842: 1/31/2010 6:20:25 PM - System Checkpoint
RP843: 2/1/2010 8:32:26 PM - System Checkpoint
RP844: 2/2/2010 9:43:48 AM - Avg8 Update
RP845: 2/5/2010 1:27:45 PM - System Checkpoint
RP846: 2/6/2010 3:01:02 PM - System Checkpoint
RP847: 2/10/2010 10:45:44 AM - System Checkpoint
RP848: 2/12/2010 10:40:25 AM - Software Distribution Service 3.0
RP849: 2/13/2010 2:03:14 PM - System Checkpoint
RP850: 2/19/2010 12:14:39 PM - System Checkpoint
RP851: 2/20/2010 4:53:55 PM - System Checkpoint
RP852: 2/22/2010 8:28:21 AM - System Checkpoint
RP853: 2/23/2010 10:21:38 AM - System Checkpoint
RP854: 2/24/2010 7:55:37 AM - Software Distribution Service 3.0
RP855: 2/25/2010 9:58:18 AM - System Checkpoint

==== Installed Programs ======================


Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
AgentOffice
AgentOffice 10.0
AgentOffice 6.0 SR2
AgentOffice v6.0 SR1
ALPS Touch Pad Driver
Amazon Kindle For PC v1.0
AVG Free 8.5
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Advanced Control Suite
Business Complete Care Services Agreement
Business Contact Manager for Outlook 2003
Cook'n Smoothies
Critical Update for Windows Media Player 11 (KB959772)
DebugMode Wink
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
DFX for Windows Media Player
DVDSentry
eKEY
eKEY Loans
Express Burn
Form Viewer
FormViewer
Good Keywords v2.0.110706
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.0.0.320
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp officejet d series
iConference
IKEA Home Planner
Intel® PROSet/Wireless Software
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
LEADTOOLS ePrint 3.0
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Office Sounds
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (RETSDATA)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
mWlsSafe
mWMI
MyIVO
mZConfig
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
PhotoFiltre
PIXELA ImageMixer
Pixie 3.1 (remove only)
PowerDVD
QuickSet
QuickTime
RealOne Player
RecordPad Sound Recorder
Redzee Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skype web features
Skype™ 4.1
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SUPERAntiSpyware Free Edition
Switch
TrueForms 4.5 for FNF
UGInstaller
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6a
Viewpoint Manager (Remove Only)
Viewpoint Toolbar (Remove Only)
WavePad Uninstall
Web Audio Plus
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless
Wisdom-soft ScreenHunter 4.0 Free
XML Paper Specification Shared Components Pack 1.0
ZipForm 5.0

==== Event Viewer Messages From Past Week ========

2/23/2010 2:46:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
2/23/2010 12:28:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
2/23/2010 1:39:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/23/2010 1:14:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SASKUTIL
2/23/2010 1:13:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:21 PM

Posted 26 February 2010 - 07:03 AM

At this point, how are things running? What problems do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 26 February 2010 - 01:28 PM

So, it appeared everything was just great. So, I thought time to get a new antivirus, so downloaded Microsoft Essentials, then uninstalled AVG, rebooted, ran MSE exe and it couldn't update its' files because now my laptop finds the wireless connection, but will not connect (Have Intel ProSet Wireless with Actiontec DSL Gateway). Internet connection on desktop is fine. Tried refreshing, added a new profile, etc. Any suggestions?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:21 PM

Posted 26 February 2010 - 02:14 PM

Sorry, do you mean the internet isn't working at all, or only for MSE?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 SpiritSoul

SpiritSoul
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 26 February 2010 - 07:49 PM

OK, I feel like an idiot. All I had to do was re-boot (turn off) router itself and it works fine now. So far, good on the computer too! Let's hope it stays that way. Unless - you saw something in my logs that caused your eyebrows to raise.

Thank you for EVERYTHING. You gals/guys are the BEST ; )

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:21 PM

Posted 27 February 2010 - 05:58 AM

Hello ,

No need to feel stupid smile.gif Things are looking good, but I want to make absolutely sure nothing is trying to hide somehow.

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users