Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Remove Antivirus Soft


  • This topic is locked This topic is locked
13 replies to this topic

#1 GrlRacer

GrlRacer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 29 March 2010 - 09:56 PM


http://www.bleepingcomputer.com/forums/ind...03&t=305609


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 29 March 2010 - 10:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


If unsuccessful in running GMER in Normal Mode, please try and run it in SafeMode as descibed in the GMER topic.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 30 March 2010 - 07:22 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 31 March 2010 - 05:19 PM

Sorry but I wasn't online at all yesterday. Here is my log I just ran:


DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 18:14:16.50 on 31/03/10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.53 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1205203490\ee\AOLSoftware.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\yoo\dds(4).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = about:blank
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: {442AE524-EBA5-4b17-82F3-888D68BC999A} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {FECB1E31-6C40-47FC-B21B-C553A314DA4A} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
TB: {2bae58c2-79f9-45d1-a286-81f911301c3a} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {FECB1E30-6C40-47FC-B21B-C553A314DA4A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [sualvmfn] c:\documents and settings\hp_administrator\local settings\application data\trqsbo\jdsxsftav.exe
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [HostManager] c:\program files\common files\aol\1205203490\ee\AOLSoftware.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [PAC7311_Monitor] c:\windows\pixart\pac7311\Monitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sualvmfn] c:\documents and settings\hp_administrator\local settings\application data\trqsbo\jdsxsftav.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201389285625
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iv9gul7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iv9gul7i.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\components\wsff.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\iv9gul7i.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-9-20 179984]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-17 24652]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]
S2 ScrambyServer;Scramby Server;"c:\program files\rapidsolution\scramby\scrambyserver.exe" --> c:\program files\rapidsolution\scramby\ScrambyServer.exe [?]
S2 SpaceQuery Service;SpaceQuery Service;"c:\documents and settings\all users\application data\spacequery\spacequery117.exe" "c:\program files\spacequery\spacequery.dll" dupzwtmdwja --> c:\documents and settings\all users\application data\spacequery\spacequery117.exe [?]
S3 PAC7311;PC VGA Camera;c:\windows\system32\drivers\PA707UCM.SYS [2009-7-31 449024]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]
S3 Smport;Smport;\??\c:\progra~1\ems\ps2lin~1.006\smport.sys --> c:\progra~1\ems\ps2lin~1.006\Smport.sys [?]

=============== Created Last 30 ================

2010-03-30 00:35:30 0 d-----w- c:\program files\CCleaner
2010-03-29 23:40:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:40:02 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 23:40:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 23:57:39 0 d-----w- c:\program files\RELEVANTKNOWLEDGE
2010-03-22 03:59:40 0 d-----w- c:\docume~1\hp_adm~1\applic~1\oovootb
2010-03-22 03:31:08 0 d-----w- c:\program files\SpaceQuery
2010-03-22 03:30:35 733184 ----a-w- c:\windows\system32\3d78.dll
2010-03-22 03:30:28 0 d-----w- c:\docume~1\hp_adm~1\applic~1\WhereSphere
2010-03-15 01:21:19 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Composer
2010-03-15 01:21:15 0 ----a-w- c:\documents and settings\hp_administrator\net_rim_plazmic_flint_dispatcherservice0.0.log.lck
2010-03-15 00:44:40 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-03-15 00:40:37 13791744 ----a-w- c:\documents and settings\hp_administrator\BlackBerry_USB_and_Modem_Drivers_ENG.msi
2010-03-15 00:39:39 225280 ----a-w- c:\windows\system32\net_rim_plazmic_flint_dialog.dll
2010-03-15 00:28:35 0 d--h--w- c:\program files\Zero G Registry
2010-03-15 00:27:34 0 d--h--w- c:\documents and settings\hp_administrator\InstallAnywhere
2010-03-10 22:33:32 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 08:21:51 0 d-----w- c:\program files\Research In Motion
2010-03-07 01:41:59 256 ----a-w- c:\windows\system32\pool.bin
2010-03-07 01:41:47 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Research In Motion
2010-03-07 01:40:12 0 d-----w- c:\program files\common files\Research In Motion

==================== Find3M ====================

2010-03-31 03:22:34 62159136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-31 00:13:10 791584 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-30 04:05:37 832580 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-30 04:05:37 75164 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-15 04:37:50 558 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2010-01-13 22:22:21 60488 ---ha-w- c:\windows\system32\mlfcache.dat
2006-05-22 02:40:35 3432 ----a-w- c:\program files\smitfiles.txt
2005-11-24 02:36:47 251 ----a-w- c:\program files\wt3d.ini
2005-10-31 15:56:00 700416 ----a-w- c:\program files\StubInstaller.exe
2009-03-14 03:31:15 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-28 22:43:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 18:16:23.88 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26/01/08 5:43:51 PM
System Uptime: 31/03/10 5:32:48 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 990/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 116.144 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.863 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP230: 27/12/09 8:54:35 PM - System Checkpoint
RP231: 29/12/09 12:40:29 AM - System Checkpoint
RP232: 29/12/09 8:00:37 PM - Software Distribution Service 3.0
RP233: 30/12/09 5:38:40 PM - Software Distribution Service 3.0
RP234: 02/01/10 1:04:31 AM - System Checkpoint
RP235: 03/01/10 1:15:43 AM - Installed Vz In Home Agent
RP236: 05/01/10 5:08:03 PM - System Checkpoint
RP237: 07/01/10 8:14:38 PM - System Checkpoint
RP238: 08/01/10 8:40:47 PM - System Checkpoint
RP239: 09/01/10 8:50:15 PM - System Checkpoint
RP240: 10/01/10 3:29:25 PM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP241: 10/01/10 3:35:34 PM - Advanced Registry Optimizer Sun, Jan 10, 10 15:35
RP242: 10/01/10 3:50:47 PM - Advanced Registry Optimizer - Before Installation
RP243: 10/01/10 3:53:08 PM - Advanced Registry Optimizer Sun, Jan 10, 10 15:52
RP244: 10/01/10 3:54:41 PM - Advanced Registry Optimizer - Before One Click
RP245: 11/01/10 4:51:36 PM - System Checkpoint
RP246: 12/01/10 6:13:18 PM - System Checkpoint
RP247: 13/01/10 8:08:19 AM - Installed ooVoo
RP248: 13/01/10 8:04:39 PM - Software Distribution Service 3.0
RP249: 14/01/10 9:10:05 AM - Installed CuteFTP 8 Professional
RP250: 15/01/10 11:53:13 AM - System Checkpoint
RP251: 17/01/10 5:01:29 PM - System Checkpoint
RP252: 21/01/10 1:20:06 PM - System Checkpoint
RP253: 21/01/10 5:22:38 PM - Installed Uniblue DriverScanner v1.0
RP254: 21/01/10 8:01:51 PM - Software Distribution Service 3.0
RP255: 22/01/10 8:26:13 PM - System Checkpoint
RP256: 24/01/10 7:59:27 PM - System Checkpoint
RP257: 26/01/10 10:52:39 AM - System Checkpoint
RP258: 28/01/10 5:17:19 PM - Removed ooVoo
RP259: 29/01/10 9:26:08 PM - System Checkpoint
RP260: 30/01/10 9:57:55 PM - System Checkpoint
RP261: 01/02/10 1:54:40 PM - System Checkpoint
RP262: 02/02/10 6:08:30 PM - System Checkpoint
RP263: 04/02/10 10:02:57 PM - Configured Microsoft Office Home and Student 2007 Trial
RP264: 06/02/10 1:10:51 AM - System Checkpoint
RP265: 07/02/10 3:58:37 PM - System Checkpoint
RP266: 08/02/10 4:12:12 PM - System Checkpoint
RP267: 09/02/10 5:36:33 PM - System Checkpoint
RP268: 09/02/10 8:00:40 PM - Software Distribution Service 3.0
RP269: 10/02/10 11:43:34 PM - System Checkpoint
RP270: 12/02/10 2:46:50 PM - System Checkpoint
RP271: 13/02/10 3:58:58 PM - System Checkpoint
RP272: 14/02/10 4:37:19 PM - System Checkpoint
RP273: 16/02/10 9:46:15 AM - System Checkpoint
RP274: 18/02/10 2:28:59 PM - System Checkpoint
RP275: 19/02/10 8:01:54 PM - System Checkpoint
RP276: 20/02/10 8:09:47 PM - System Checkpoint
RP277: 23/02/10 6:54:51 PM - System Checkpoint
RP278: 23/02/10 8:00:42 PM - Software Distribution Service 3.0
RP279: 24/02/10 9:11:06 PM - System Checkpoint
RP280: 25/02/10 9:22:32 PM - System Checkpoint
RP281: 27/02/10 2:55:02 PM - System Checkpoint
RP282: 28/02/10 5:03:45 PM - System Checkpoint
RP283: 02/03/10 6:05:22 PM - System Checkpoint
RP284: 04/03/10 6:22:13 PM - System Checkpoint
RP285: 05/03/10 6:42:02 PM - System Checkpoint
RP286: 06/03/10 7:13:30 PM - System Checkpoint
RP287: 06/03/10 8:40:08 PM - Installed BlackBerry Device Software Updater.
RP288: 08/03/10 7:57:25 PM - System Checkpoint
RP289: 09/03/10 8:19:13 PM - System Checkpoint
RP290: 10/03/10 8:01:43 PM - Software Distribution Service 3.0
RP291: 12/03/10 7:31:39 PM - System Checkpoint
RP292: 13/03/10 8:04:18 PM - System Checkpoint
RP293: 14/03/10 8:42:56 PM - Installed BlackBerry Desktop Software 5.0.
RP294: 17/03/10 6:18:05 PM - System Checkpoint
RP295: 18/03/10 7:09:45 PM - System Checkpoint
RP296: 19/03/10 9:57:20 PM - System Checkpoint
RP297: 21/03/10 1:36:55 PM - System Checkpoint
RP298: 21/03/10 7:37:40 PM - Installed ooVoo
RP299: 22/03/10 12:01:31 AM - Removed ooVoo
RP300: 23/03/10 10:04:12 PM - System Checkpoint
RP301: 27/03/10 12:21:56 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan
AiOSoftware
AOL Toolbar
AOL Toolbar for Firefox
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.3.9 (Unicode)
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Kahuna Reef from HP Media Center (remove only)
BlackBerry Desktop Software 5.0
BlackBerry Device Software Updater
BlackBerry Theme Studio 5.0
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
CCleaner
Cool Edit Pro 2.0
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
CuteFTP 8 Professional
Destinations
DeviceManagementQFolder
Digby's Donuts from HP Media Center (remove only)
DocProc
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
FATE Demo from HP Media Center (remove only)
Fax
Flip Words from HP Media Center (remove only)
FoxyTunes for Firefox
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java™ 6 Update 3
Jewel Quest from HP Media Center (remove only)
LemonWire
LG USB Modem driver
LightScribe 1.4.31.1
LiveUpdate (Symantec Corporation)
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mirar
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
Netflix Movie Viewer
NewCopy
Octoshape add-in for Adobe Flash Player
Office 2003 Tour
PanoStandAlone
PC-Doctor 5 for Windows
PC VGA Camer@
PerfectDisk 2008
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
RealPlayer
Ricochet Lost Worlds from HP Media Center (remove only)
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
Safari
Scan
ScannerCopy
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Advisor
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
SolutionCenter
SONAR 8 Producer Edition Trial
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spadester
Spybot - Search & Destroy
Status
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
Symantec Technical Support Web Controls
Tradewinds from HP Media Center (remove only)
TrayApp
Uniblue DriverScanner 2009
Uniblue RegistryBooster
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP (remove only)
V CAST Music Manager
Verizon Help and Support Tool
Verizon High Speed Internet
Verizon Internet Security Suite
Verizon Servicepoint 1.5.24
Verizon Yahoo! Applications
Viewpoint Media Player
Vuze
Vz In Home Agent
WebFldrs XP
WebReg
WhereSphere
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.2.5
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

29/03/10 7:19:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
29/03/10 7:19:00 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/03/10 7:18:56 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
29/03/10 6:09:32 PM, error: Service Control Manager [7034] - The Verizon Internet Security Suite SafeConnectAgent service terminated unexpectedly. It has done this 1 time(s).
29/03/10 10:29:07 PM, error: Service Control Manager [7022] - The PD91Agent service hung on starting.
28/03/10 6:48:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
28/03/10 6:43:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
27/03/10 6:01:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
27/03/10 11:26:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
27/03/10 11:11:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eeCtrl Fips ftsata2 KLIF
27/03/10 1:45:57 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 83d2b00c.
26/03/10 11:24:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips ftsata2 IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:24:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/10 11:23:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
26/03/10 11:23:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/03/10 7:18:58 PM, error: Service Control Manager [7000] - The Scramby Server service failed to start due to the following error: The system cannot find the path specified.
24/03/10 6:20:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
24/03/10 6:20:19 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
24/03/10 6:06:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
24/03/10 6:06:08 PM, error: Service Control Manager [7022] - The Verizon Internet Security Suite SafeConnectAgent service hung on starting.
24/03/10 6:04:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SpaceQuery Service service to connect.

==== End Of File ===========================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 31 March 2010 - 06:46 PM

Hello GrlRacer,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

2.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

3.
The following is referring to < ADVANCED REGISTRY OPTIMIZER > and <Uniblue RegistryBooster >.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

4.
Download and Run RKill
    Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

5.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

6.
Please post a GMER log as requested in my first post.

Things to include in your next reply:
Rkill log
Combofix.txt
Gmer log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 31 March 2010 - 07:33 PM

So far I ran RKill and this is the log. I am about to run Combofix.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as HP_Administrator on 31/03/10 at 20:31:05.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\HP_Administrator\Desktop\yoo\rkill.pif


Rkill completed on 31/03/10 at 20:31:10.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 31 March 2010 - 07:35 PM

Ok, I will be awaiting your Combofix log. whistling.gif
Please also make sure to run the GMER scan and post its log. Make sure you run the Defogger first before GMER.

Edited by fireman4it, 31 March 2010 - 07:36 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 31 March 2010 - 08:32 PM

Combofix log:

ComboFix 10-03-29.04 - HP_Administrator 31/03/10 20:58:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.102 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\yoo\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\PC VGA Camer@
c:\documents and settings\All Users\Start Menu\Programs\PC VGA Camer@ \Amcap.lnk
c:\documents and settings\All Users\Start Menu\Programs\PC VGA Camer@ \Uninstall.lnk
c:\documents and settings\HP_Administrator\Application Data\.#
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@17A8@383FF0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@17A8@384020.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@A68@383FF0.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@A68@384020.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@E18@384218.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@E18@384248.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@E18@384278.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@F80@384218.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@F80@384248.###
c:\documents and settings\HP_Administrator\Application Data\.#\MBX@F80@384278.###
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\n.gif
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\t.gif
c:\documents and settings\HP_Administrator\Application Data\Google\T-Scan\y.gif
c:\documents and settings\HP_Administrator\Local Settings\Application Data\trqsbo
c:\documents and settings\HP_Administrator\Local Settings\Application Data\trqsbo\jdsxsftav.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll.vir
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\recycler\S-1-5-21-1015908413-1682206908-1493225017-1008
c:\recycler\S-1-5-21-153546263-4151962763-241959039-1008
c:\recycler\S-1-5-21-153546263-4151962763-241959039-500
c:\recycler\S-1-5-21-3465700323-1208759918-2190137838-1008
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\3d78.dll
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-30 00:35 . 2010-03-30 00:35 -------- d-----w- c:\program files\CCleaner
2010-03-29 23:40 . 2010-04-01 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:31 . 2010-03-29 22:31 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-03-29 04:15 . 2010-03-29 04:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2010-03-29 04:15 . 2010-03-29 04:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-29 04:13 . 2010-03-29 04:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-22 03:59 . 2010-03-22 03:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\oovootb
2010-03-22 03:31 . 2010-03-29 22:42 -------- d-----w- c:\program files\SpaceQuery
2010-03-21 06:15 . 2010-03-29 23:05 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-03-18 02:51 . 2010-03-18 02:51 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Temp
2010-03-15 01:21 . 2010-03-15 01:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Composer
2010-03-15 00:44 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-03-15 00:40 . 2009-10-22 03:44 13791744 ----a-w- c:\documents and settings\HP_Administrator\BlackBerry_USB_and_Modem_Drivers_ENG.msi
2010-03-15 00:39 . 2009-11-06 12:36 225280 ----a-w- c:\windows\system32\net_rim_plazmic_flint_dialog.dll
2010-03-15 00:28 . 2010-03-15 00:40 -------- d--h--w- c:\program files\Zero G Registry
2010-03-15 00:27 . 2010-03-15 00:27 -------- d--h--w- c:\documents and settings\HP_Administrator\InstallAnywhere
2010-03-10 22:33 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 08:21 . 2010-03-15 00:45 -------- d-----w- c:\program files\Research In Motion
2010-03-07 06:13 . 2009-09-18 14:28 421888 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-03-07 01:41 . 2010-03-07 01:44 256 ----a-w- c:\windows\system32\pool.bin
2010-03-07 01:41 . 2010-03-15 00:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2010-03-07 01:40 . 2010-03-07 01:40 53248 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}\ARPPRODUCTICON.exe
2010-03-07 01:40 . 2010-03-15 00:43 -------- d-----w- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 01:18 . 2009-09-20 18:04 62390304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-01 01:18 . 2009-09-20 17:50 799008 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-01 00:53 . 2009-09-20 17:50 75692 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-01 00:53 . 2009-09-20 18:04 834764 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-01 00:28 . 2005-11-19 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-01 00:27 . 2005-11-19 20:19 -------- d-----w- c:\program files\Viewpoint
2010-04-01 00:22 . 2006-05-20 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-31 22:23 . 2009-02-04 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-30 00:44 . 2009-06-01 17:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2010-03-29 23:43 . 2010-01-21 22:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue
2010-03-29 23:13 . 2009-02-04 02:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-03-29 22:40 . 2006-05-20 18:20 -------- d-----w- c:\program files\Roguescanfix
2010-03-28 23:25 . 2007-07-08 03:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-28 22:48 . 2010-01-21 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-22 04:01 . 2005-08-09 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 21:23 . 2008-01-26 20:55 75440 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 04:37 . 2008-06-05 00:26 558 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-03-11 01:17 . 2008-05-28 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-05 00:19 . 2009-05-23 18:27 -------- d-----w- c:\program files\Verizon
2010-02-27 22:33 . 2010-02-27 22:33 593920 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll
2010-02-27 22:31 . 2010-02-27 22:31 319488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-02-27 04:21 . 2005-08-09 16:43 -------- d-----w- c:\program files\iTunes
2010-02-27 04:19 . 2005-08-09 16:43 -------- d-----w- c:\program files\iPod
2010-02-27 04:19 . 2007-07-01 16:27 -------- d-----w- c:\program files\Common Files\Apple
2010-02-27 04:07 . 2010-02-27 04:07 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-26 02:29 . 2005-11-19 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-02-25 06:24 . 2004-08-10 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-14 07:40 . 2005-08-09 17:00 -------- d-----w- c:\program files\Google
2010-01-31 12:07 . 2008-01-26 22:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-01-20 17:15 . 2010-01-30 23:51 52224 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-01-20 17:15 . 2010-01-30 23:51 101376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-01-13 22:22 . 2010-01-13 22:22 60488 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-11 03:32 . 2010-01-21 22:25 2653048 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2006-05-22 02:40 . 2006-05-22 02:39 3432 ----a-w- c:\program files\smitfiles.txt
2005-11-24 02:36 . 2005-11-24 02:36 251 ----a-w- c:\program files\wt3d.ini
2005-10-31 15:56 . 2005-10-31 15:56 700416 ----a-w- c:\program files\StubInstaller.exe
2009-03-14 03:31 . 2008-06-27 03:30 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1205203490\ee\AOLSoftware.exe" [2008-11-06 41264]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-4-9 598150]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-3-13 16384]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-8-9 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1205203490\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1205203490\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/08 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/08 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/08 6:28 PM 27376]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/04/08 6:00 PM 716272]
S3 PAC7311;PC VGA Camera;c:\windows\system32\drivers\PA707UCM.SYS [31/07/09 8:44 PM 449024]
S3 Smport;Smport;\??\c:\progra~1\EMS\PS2LIN~1.006\Smport.sys --> c:\progra~1\EMS\PS2LIN~1.006\Smport.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 07:40]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 07:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
BHO-{442AE524-EBA5-4b17-82F3-888D68BC999A} - (no file)
BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
BHO-{A1FB2F9A-D35E-11DD-8935-E46A56D89593} - (no file)
BHO-{FECB1E31-6C40-47FC-B21B-C553A314DA4A} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
WebBrowser-{FECB1E30-6C40-47FC-B21B-C553A314DA4A} - (no file)
HKCU-Run-sualvmfn - c:\documents and settings\HP_Administrator\Local Settings\Application Data\trqsbo\jdsxsftav.exe
HKLM-Run-sualvmfn - c:\documents and settings\HP_Administrator\Local Settings\Application Data\trqsbo\jdsxsftav.exe
AddRemove-AOL Toolbar for Firefox - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iv9gul7i.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-31 21:28:42
ComboFix-quarantined-files.txt 2010-04-01 01:28

Pre-Run: 124,474,830,848 bytes free
Post-Run: 125,218,222,080 bytes free

- - End Of File - - 77A6918B6C9E3D961E5164D52732FD0B


#9 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 31 March 2010 - 09:49 PM

I tried to run gmer but it keep freezing up. I tried 3X..any suggestions?

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 31 March 2010 - 09:55 PM

Hello,

Have you tried running it in SafeMode?

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

If this doesn't work Then please try the following:

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:39 PM

Posted 31 March 2010 - 10:13 PM

I'll try that tomorrow. I'm tired from sitting here for hours lol
Thanks for helping me!

OH! No popups or any sign of the issues I've been having so far but I'm on Firefox. I had the issues mostly on IE so I'll check that also tomorrow after work.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 01 April 2010 - 06:45 PM

OK I'll wait for your GMER or Rootrepeal log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 02 April 2010 - 11:14 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:39 PM

Posted 04 April 2010 - 11:05 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users