Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invisible ads and wave goes to zero


  • This topic is locked This topic is locked
9 replies to this topic

#1 Loaditdown

Loaditdown

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 13 July 2010 - 10:11 PM

I tried to just follow the stuff in the other topics but I still get the problem here are the logs

they might not all be required but here they are, any help would be greatly appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 Loaditdown

Loaditdown
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 15 July 2010 - 01:42 AM

bump I guess

EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Edited by Budapest, 15 July 2010 - 04:44 PM.


#3 Loaditdown

Loaditdown
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 17 July 2010 - 05:32 PM

Yes still a little early but I decided to run combo fix and this is the info I got

ComboFix 10-07-16.01 - Sam 7/2010 Sat 15:18:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2046.1623 [GMT -7:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.



((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-17 21:03 . 2010-07-17 21:03 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Opera
2010-07-17 21:02 . 2010-07-17 21:36 -------- d-----w- c:\program files\Opera
2010-07-17 20:18 . 2010-07-17 20:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-07-17 19:15 . 2010-07-17 19:15 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Temp
2010-07-17 19:15 . 2010-07-17 19:16 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Google
2010-07-14 01:25 . 2010-07-14 01:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 01:23 . 2010-07-14 01:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-14 01:21 . 2010-07-14 01:21 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-13 23:54 . 2010-03-29 15:53 32576 ----a-w- c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\7wh2wqh9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-07-13 23:54 . 2010-03-29 15:53 29984 ----a-w- c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\7wh2wqh9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-07-13 20:55 . 2010-07-13 20:55 61440 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b43bd1d-n\decora-sse.dll
2010-07-13 20:55 . 2010-07-13 20:55 503808 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc12041-n\msvcp71.dll
2010-07-13 20:55 . 2010-07-13 20:55 499712 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc12041-n\jmc.dll
2010-07-13 20:55 . 2010-07-13 20:55 348160 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3cc12041-n\msvcr71.dll
2010-07-13 20:55 . 2010-07-13 20:55 12800 ----a-w- c:\documents and settings\Sam\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6b43bd1d-n\decora-d3d.dll
2010-07-13 06:31 . 2010-07-13 06:31 -------- d-----w- c:\program files\Common Files\Java
2010-07-13 06:30 . 2010-07-13 06:30 -------- d-----w- c:\program files\Sun
2010-07-13 06:29 . 2010-07-13 06:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 06:23 . 2010-07-13 06:28 -------- d-----w- c:\program files\Java
2010-07-13 05:33 . 2010-07-13 05:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 22:08 . 2010-05-13 00:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-17 22:05 . 2010-03-16 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-17 06:08 . 2010-04-10 08:45 188496 ----a-w- c:\documents and settings\Sam\Local Settings\Application Data\prvlcl.dat
2010-07-16 19:38 . 2009-08-01 05:52 -------- d-----w- c:\documents and settings\Sam\Application Data\uTorrent
2010-07-14 01:52 . 2009-07-27 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-13 23:54 . 2009-07-27 04:45 -------- d-----w- c:\program files\NOS
2010-07-13 19:58 . 2010-03-16 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 06:39 . 2009-07-31 17:46 1972769 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-01 22:24 . 2010-06-01 22:26 1839104 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-05-30 16:50 . 2010-05-30 16:17 -------- d-----w- c:\program files\osu!
2010-05-30 16:46 . 2010-05-30 16:47 1839104 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-05-30 16:46 . 2010-05-30 16:47 3371008 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-05-30 16:16 . 2010-05-30 16:16 -------- d-----w- c:\documents and settings\Sam\Application Data\Downloaded Installations
2010-05-28 12:07 . 2010-05-22 09:03 -------- d-----w- c:\program files\VideoLAN
2010-05-28 12:07 . 2010-05-28 11:59 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-28 12:06 . 2010-05-28 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-28 12:06 . 2010-05-28 11:58 -------- d-----w- c:\program files\DivX
2010-05-28 12:06 . 2010-05-28 11:58 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-28 12:05 . 2010-05-28 12:04 -------- d-----w- c:\program files\XP Codec Pack
2010-05-28 11:57 . 2010-05-28 11:59 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-28 11:56 . 2010-05-22 09:04 -------- d-----w- c:\documents and settings\Sam\Application Data\vlc
2010-05-24 22:19 . 2010-05-24 22:51 1816576 ----a-w- c:\windows\Internet Logs\xDB81.tmp
2010-05-22 09:34 . 2010-05-22 09:34 -------- d-----w- c:\program files\Gabest
2010-05-14 02:43 . 2010-05-14 02:44 1838592 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-05-13 22:24 . 2009-07-27 02:55 89968 ----a-w- c:\documents and settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-13 22:16 . 2010-05-13 22:16 187360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-02 20:35 . 2010-05-02 20:36 1731584 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-29 22:39 . 2010-03-16 02:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-03-16 02:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 03:57 . 2010-04-19 04:02 1723392 ----a-w- c:\windows\Internet Logs\xDB72.tmp
2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-13_07.08.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-17 22:08 . 2010-07-17 22:08 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2004-08-04 12:00 . 2010-07-13 19:59 68156 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-05-13 22:16 68156 c:\windows\system32\perfc009.dat
+ 2010-07-14 00:00 . 2010-07-17 22:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-27 02:52 . 2010-07-13 07:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-27 02:52 . 2010-07-17 22:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-27 02:52 . 2010-07-13 07:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-27 02:52 . 2010-07-13 07:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-27 02:52 . 2010-07-17 22:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-14 01:23 . 2010-07-14 01:23 28160 c:\windows\Installer\4c87c1.msi
+ 2009-12-22 03:09 . 2009-12-22 03:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 08:57 . 2009-12-22 08:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-22 03:02 . 2009-12-22 03:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 06:21 . 2009-12-22 06:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 22:57 . 2009-12-11 22:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-22 06:37 . 2009-12-22 06:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-22 01:39 . 2009-12-22 01:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-22 01:27 . 2009-12-22 01:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-22 01:27 . 2009-12-22 01:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2004-08-04 12:00 . 2010-07-13 19:59 435260 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-05-13 22:16 435260 c:\windows\system32\perfh009.dat
+ 2009-12-11 22:57 . 2009-12-11 22:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-22 01:35 . 2009-12-22 01:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-22 03:05 . 2009-12-22 03:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-22 01:34 . 2009-12-22 01:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-10 02:18 . 2009-11-10 02:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-22 03:02 . 2009-12-22 03:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 22:57 . 2009-12-11 22:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-22 01:43 . 2009-12-22 01:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 08:57 . 2009-12-22 08:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-22 01:15 . 2009-12-22 01:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-22 02:32 . 2009-12-22 02:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 22:57 . 2009-12-11 22:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-22 02:15 . 2009-12-22 02:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\4c88ac.msp
+ 2010-07-14 01:29 . 2010-07-14 01:29 3940352 c:\windows\Installer\4c88ab.msi
+ 2009-12-22 01:29 . 2009-12-22 01:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-12-22 02:00 . 2009-12-22 02:00 1298996 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JSByteCodeWin.bin
+ 2009-12-22 06:31 . 2009-12-22 06:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\4c88ad.msp
+ 2009-12-22 06:21 . 2009-12-22 06:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\stt\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\stt\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\stt\\steamapps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
"e:\\stt\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"e:\\stt\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"e:\\stt\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"e:\\stt\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57316:TCP"= 57316:TCP:Pando Media Booster
"57316:UDP"= 57316:UDP:Pando Media Booster

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\stt\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [12/27/2009 2:48 PM 25832]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2009 10:25 PM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-57989841-725345543-1003Core.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 19:15]

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-57989841-725345543-1003UA.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 19:15]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\7wh2wqh9.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\7wh2wqh9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 15:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-07-17 15:28:18
ComboFix-quarantined-files.txt 2010-07-17 22:28
ComboFix2.txt 2010-07-13 23:46
ComboFix3.txt 2010-07-13 07:12

Pre-Run: 2,889,658,368 bytes free
Post-Run: 2,982,019,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BC31E71AB56BFB4E120F4E3C32387F17


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:53 AM

Posted 19 July 2010 - 06:26 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.


ComboFix logs should be posted only when requested by a HJT Team member. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be used under the guidance and supervision of an expert, NOT for private use. While ComboFix appears simple, it is a tremendously complicated tool that is updated often. Combofix also integrates malware removal tools from other developers (with permission). There is a huge, complex Combofix tutorial, but it is not publicly available (at the developer's request). If you do not have access to the Combofix tutorial, you cannot properly diagnose its logs, create Combofix removal scripts, or run special directives. If not removed first, rootkits can interfere with Combofix. ComboFix can delete your files. ComboFix can leave your system unbootable unless you know how to recover files or use the recovery console. You may think your system is clean, while it still has active infections.

Please read the Combofix Disclaimer .

Edited by suebaby41, 19 July 2010 - 06:27 AM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 Loaditdown

Loaditdown
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 19 July 2010 - 03:59 PM

Ok thanks for the reply, yes I did take some off the wall chances I was just kinda desperate to get rid of it. Though here is the log, I will wait for further instruction. Thanks for the help smile.gif

info.txt logfile of random's system information tool 1.08 2010-07-19 13:56:46

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Assassin's Creed-->"E:\stt\steam.exe" steam://uninstall/15100
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Champions Online-->"E:\stt\steam.exe" steam://uninstall/9880
Citrix Presentation Server Client-->MsiExec.exe /I{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dragon Age: Origins-->"E:\stt\steam.exe" steam://uninstall/17450
Fallout 3-->"E:\stt\steam.exe" steam://uninstall/22300
GoldWave v5.52-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.52" "C:\Program Files\GoldWave\unstall.log"
Half-Life 2: Episode Two-->"E:\stt\steam.exe" steam://uninstall/420
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java™ 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Java™ SE Development Kit 6 Update 21-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160210}
K-Lite Codec Pack 5.0.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead 2-->"E:\stt\steam.exe" steam://uninstall/550
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - JPN-->MsiExec.exe /I{D85BDA1A-983E-3C61-8F03-E5F9C394075C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - JPN-->MsiExec.exe /I{2D33B338-EA1B-34EA-BD7F-BBD59487E03A}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - jpn-->MsiExec.exe /I{932245FB-2F3B-3E2E-B8AB-BDE96E434F21}
Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - jpn\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PSP Video 9 5.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sengoku Rance English v1.0-->"C:\Program Files\Sengoku Rance English\unins000.exe"
Sid Meier's Civilization III: Complete-->"E:\stt\steam.exe" steam://uninstall/3910
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Xtreme Sound PCI-->C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\Xtreme Sound PCI#C-Media PCI Audio#Xtreme Sound PCI#
YUME MIRU KUSURI-->C:\Program Files\InstallShield Installation Information\{03ABC33C-10B1-400E-B1FA-E817FE98D11C}\setup.exe -runfromtemp -l0x0009 -removeonly
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

FW: ZoneAlarm Firewall

======System event log======

Computer Name: SAM-E7E518FD550
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.

Record Number: 6350
Source Name: Dhcp
Time Written: 20100121200815.000000-480
Event Type: warning
User:

Computer Name: SAM-E7E518FD550
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.

Record Number: 6349
Source Name: Dhcp
Time Written: 20100121200813.000000-480
Event Type: warning
User:

Computer Name: SAM-E7E518FD550
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.

Record Number: 6320
Source Name: Dhcp
Time Written: 20100121165909.000000-480
Event Type: warning
User:

Computer Name: SAM-E7E518FD550
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A55895C0. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 6319
Source Name: Dhcp
Time Written: 20100121165909.000000-480
Event Type: warning
User:

Computer Name: SAM-E7E518FD550
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 6316
Source Name: Disk
Time Written: 20100120225239.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: SAM-E7E518FD550
Event Code: 1517
Message: Windows saved user SAM-E7E518FD550\Sam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 720
Source Name: Userenv
Time Written: 20100412185927.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SAM-E7E518FD550
Event Code: 1000
Message: Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035, faulting module mso.dll, version 12.0.4518.1014, stamp 4542867b, debug? 0, fault address 0x00210d66.

Record Number: 719
Source Name: Microsoft Office 12
Time Written: 20100412001827.000000-420
Event Type: error
User:

Computer Name: SAM-E7E518FD550
Event Code: 1517
Message: Windows saved user SAM-E7E518FD550\Sam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 714
Source Name: Userenv
Time Written: 20100409194003.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SAM-E7E518FD550
Event Code: 1001
Message: Detection of product '{91120000-0014-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}'

Record Number: 708
Source Name: MsiInstaller
Time Written: 20100330205232.000000-420
Event Type: warning
User: SAM-E7E518FD550\Sam

Computer Name: SAM-E7E518FD550
Event Code: 1004
Message: Detection of product '{91120000-0014-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{137F4F20-9B16-45F8-9813-A3B5F7B5FF9E}' failed. The resource 'C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK' does not exist.

Record Number: 707
Source Name: MsiInstaller
Time Written: 20100330205232.000000-420
Event Type: warning
User: SAM-E7E518FD550\Sam

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:53 AM

Posted 20 July 2010 - 08:34 AM

Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 Loaditdown

Loaditdown
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 20 July 2010 - 04:13 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sam at 2010-07-20 19:51:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (14%) free of 19 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:51:18 PM, on 7/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Sam\Desktop\RSIT.exe
C:\Program Files\trend micro\Sam.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - e:\stt\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5160 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-57989841-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-57989841-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 136176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\stt\steamapps\common\bioshock\Builds\Release\Bioshock.exe"="E:\stt\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"
"E:\stt\steamapps\common\fallout 3\FalloutLauncher.exe"="E:\stt\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\stt\steamapps\common\assassins creed\AssassinsCreed_Game.exe"="E:\stt\steamapps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed"
"E:\stt\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe"="E:\stt\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins"
"E:\stt\steamapps\common\dragon age origins\DAOriginsLauncher.exe"="E:\stt\steamapps\common\dragon age origins\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins"
"E:\stt\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe"="E:\stt\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"E:\stt\steamapps\common\left 4 dead 2\left4dead2.exe"="E:\stt\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-07-19 13:56:27 ----D---- C:\Program Files\trend micro
2010-07-19 13:56:26 ----D---- C:\rsit
2010-07-17 17:04:51 ----SHD---- C:\RECYCLER
2010-07-17 15:28:18 ----A---- C:\ComboFix.txt
2010-07-17 15:16:22 ----A---- C:\Boot.bak
2010-07-17 15:16:09 ----RASHD---- C:\cmdcons
2010-07-17 14:03:21 ----D---- C:\Documents and Settings\Sam\Application Data\Opera
2010-07-17 14:02:37 ----D---- C:\Program Files\Opera
2010-07-13 19:10:38 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-07-13 18:25:20 ----D---- C:\Program Files\Common Files\Adobe
2010-07-13 18:23:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-13 12:58:20 ----A---- C:\mbam-error.txt
2010-07-12 23:54:22 ----A---- C:\WINDOWS\zip.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\SWSC.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\SWREG.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\sed.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\PEV.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\MBR.exe
2010-07-12 23:54:22 ----A---- C:\WINDOWS\grep.exe
2010-07-12 23:54:11 ----D---- C:\WINDOWS\ERDNT
2010-07-12 23:43:47 ----D---- C:\Qoobox
2010-07-12 23:31:51 ----D---- C:\Program Files\Common Files\Java
2010-07-12 23:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-12 23:30:03 ----D---- C:\Program Files\Sun
2010-07-12 23:29:38 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-12 23:29:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-12 23:29:38 ----A---- C:\WINDOWS\system32\java.exe
2010-07-12 23:29:38 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-12 23:23:34 ----D---- C:\Program Files\Java

======List of files/folders modified in the last 1 months======

2010-07-20 19:51:11 ----D---- C:\WINDOWS\Prefetch
2010-07-20 19:50:37 ----D---- C:\Documents and Settings\Sam\Application Data\uTorrent
2010-07-20 19:50:32 ----D---- C:\WINDOWS\Temp
2010-07-20 19:49:34 ----RD---- C:\Program Files
2010-07-20 19:49:23 ----D---- C:\WINDOWS\Internet Logs
2010-07-20 17:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 14:12:09 ----SHD---- C:\WINDOWS\Installer
2010-07-20 14:12:08 ----D---- C:\Config.Msi
2010-07-17 21:13:43 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-07-17 21:09:30 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 15:24:50 ----D---- C:\WINDOWS
2010-07-17 15:24:50 ----A---- C:\WINDOWS\system.ini
2010-07-17 15:20:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-17 15:20:46 ----D---- C:\WINDOWS\system32
2010-07-17 15:20:46 ----D---- C:\WINDOWS\AppPatch
2010-07-17 15:20:29 ----D---- C:\Program Files\Common Files
2010-07-17 15:17:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-17 15:16:22 ----RASH---- C:\boot.ini
2010-07-17 15:08:14 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-07-17 15:06:48 ----SD---- C:\Documents and Settings\Sam\Application Data\Microsoft
2010-07-17 15:05:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-07-17 13:50:49 ----D---- C:\WINDOWS\system32\config
2010-07-17 12:15:09 ----SD---- C:\WINDOWS\Tasks
2010-07-13 18:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-13 18:23:11 ----D---- C:\Documents and Settings\Sam\Application Data\Adobe
2010-07-13 18:23:07 ----D---- C:\Program Files\Adobe
2010-07-13 16:54:39 ----D---- C:\Program Files\NOS
2010-07-13 12:59:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-13 12:58:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-13 00:07:49 ----D---- C:\WINDOWS\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-11 9096]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys [2008-11-17 51688]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 cmuda3;Xtreme Sound PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2005-12-06 1355456]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 catchme;catchme; \??\C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 PciCon;PciCon; \??\D:\PciCon.sys []
S3 RT73;Airlink101 USB XR Adapter Driver (RT73); C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-10-18 242304]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-27 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-12 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; e:\stt\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-04-15 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by Loaditdown, 20 July 2010 - 09:51 PM.


#8 Loaditdown

Loaditdown
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 23 July 2010 - 05:47 AM

Hmm I downloaded Avast (I've been using avg usually) and it seemed it was able to detect the virus unlike avg

So it is working fine now hopefully it stays up

Thank you for your help though smile.gif

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:53 AM

Posted 25 July 2010 - 01:46 PM

Step 1

The item(s) below indicate(s) you have installed .

C:\Program Files\uTorrent\uTorrent.exe

Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, I ask that you remove P2P file sharing programs prior to my providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
To remove the P2P program:
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight , click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
  5. Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  6. Close Windows Explorer.
There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
  1. P2P programs form a direct conduit on to your computer.
  2. P2P security measures are easily circumvented.
  3. Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  4. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  5. P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
  6. P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  7. Many of the files in P2P networks are copyrighted and legal action could result.
  8. Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
  9. This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
  10. Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
  11. When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.

References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

Please uninstall all P2P programs and post a new HijackThis log.

Step 2

An antivirus program is an essential part of computer security and you do not appear to have one running on your system. There are a few available for free that have excellent reputations.

Ad-Aware Free Internet Security Antivirus. Does not include a firewall.

AVG 8 Anti-Virus Free Edition

AntiVir Personal

Avast! 4 Home Edition
If needed, see How to Install, Configure, and Use Avast Antivirus

For an article on antivirus programs and a listing of some available ones see the link below:
Computer Safety On line - Anti-Virus


Please post a new HijackThis log.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:53 AM

Posted 08 August 2010 - 10:02 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users