Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(I believe Continuous loop) Random IE popups when using Firefox slowing computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 wahhhitzallen

wahhhitzallen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 12 September 2010 - 12:33 PM

I believe I have a virus and maybe even a spyware.
I have run scans many times and sometimes it would find the same trojan and remove it.
I had encountered a lot of viruses during the last 5 days.
The detected item is Trojan:Win32/Sisron
I have also seen svc2.exe running, I would find the file in windows and delete it as well as the prefetch file.
Sometimes the 2008.exe file is deleted as well.

When running firefox, I have random IE popups and my computer begins to lag as if the IE popups are running in a continuous loop.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:03 AM, on 9/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Documents and Settings\Allen\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NetLog2] C:\WINDOWS\svc2.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8150 bytes

BC AdBot (Login to Remove)

 


#2 wahhhitzallen

wahhhitzallen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 12 September 2010 - 02:11 PM

first of all, should i delete this qoobox folder, i believe theres quarantined items in there? as well as the killbox 2008.exe i deleted?


I followed this possible fix below.

==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode.
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Post the results from those two plus a fresh hijackthis log, pls.



After following this I have the updated logs. Please help me delete this virus/spyware or whatever it is.



SmitFraudFix log


SmitFraudFix v2.424

Scan done at 10:50:02.29, Sun 09/12/2010
Run from C:\Documents and Settings\Allen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{57C59E5F-4974-4B19-9D95-88AAE41A2D10}: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C2C5376B-6130-4B41-A485-9A4988AD88F1}: DhcpNameServer=128.54.16.2 132.239.0.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{57C59E5F-4974-4B19-9D95-88AAE41A2D10}: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36
HKLM\SYSTEM\CS3\Services\Tcpip\..\{57C59E5F-4974-4B19-9D95-88AAE41A2D10}: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=128.54.16.2 132.239.0.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=71.9.127.107 68.190.192.35 24.205.224.36


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




REGEDIT


Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Class Name: <NO CLASS>
Last Write Time: 9/7/2010 - 6:15 PM




ComboFIX

ComboFix 10-09-11.04 - Allen 09/12/2010 11:31:12.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.803 [GMT -7:00]
Running from: c:\documents and settings\Allen\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svc2.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-12 16:51 . 2010-09-12 16:51 503808 ----a-w- c:\documents and settings\Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22e42062-n\msvcp71.dll
2010-09-12 16:51 . 2010-09-12 16:51 499712 ----a-w- c:\documents and settings\Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22e42062-n\jmc.dll
2010-09-12 16:51 . 2010-09-12 16:51 61440 ----a-w- c:\documents and settings\Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3faee33a-n\decora-sse.dll
2010-09-12 16:51 . 2010-09-12 16:51 348160 ----a-w- c:\documents and settings\Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22e42062-n\msvcr71.dll
2010-09-12 16:51 . 2010-09-12 16:51 12800 ----a-w- c:\documents and settings\Allen\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3faee33a-n\decora-d3d.dll
2010-09-12 16:51 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-12 16:44 . 2010-09-12 16:44 -------- d-----w- C:\VundoFix Backups
2010-09-12 00:58 . 2010-09-12 00:58 63488 ----a-w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-12 00:58 . 2010-09-12 00:58 52224 ----a-w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-12 00:58 . 2010-09-12 00:58 117760 ----a-w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-12 00:56 . 2010-09-12 00:56 -------- d-----w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com
2010-09-12 00:56 . 2010-09-12 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-12 00:56 . 2010-09-12 00:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 00:46 . 2010-09-12 18:08 -------- d-----w- C:\!KillBox
2010-09-07 07:26 . 2010-09-07 07:26 2843 ----a-w- c:\windows\Ygimehibe.dat
2010-09-07 07:26 . 2010-09-07 07:26 155648 --sha-r- c:\windows\system32\printui5.dll
2010-09-07 07:24 . 2010-09-09 20:49 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\evkjjqacd
2010-09-07 07:23 . 2010-09-09 20:49 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\ihvljvkhg
2010-09-07 07:21 . 2010-09-07 17:58 -------- d-----w- c:\documents and settings\Allen\Application Data\cacaoweb
2010-08-21 11:18 . 2010-08-21 11:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-08-21 09:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 08:54 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-20 09:14 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 08:18 . 2010-08-20 08:18 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-20 08:08 . 2010-08-20 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-20 07:59 . 2010-08-20 08:21 -------- d-----w- c:\documents and settings\Allen\Application Data\QuickScan
2010-08-20 06:42 . 2010-09-07 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\fasmmhwph
2010-08-20 06:41 . 2010-08-20 06:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-20 06:41 . 2010-08-20 06:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-14 03:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 03:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 02:14 . 2010-08-20 00:29 0 ----a-w- c:\documents and settings\Allen\Local Settings\Application Data\prvlcl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 16:51 . 2008-09-02 01:51 -------- d-----w- c:\program files\Common Files\Java
2010-09-12 16:51 . 2008-09-02 01:53 -------- d-----w- c:\program files\Java
2010-09-11 23:46 . 2008-12-05 21:43 -------- d-----w- c:\program files\Warcraft III
2010-09-07 18:29 . 2004-08-04 10:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-09-06 11:12 . 2009-12-14 06:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 01:09 . 2009-06-26 23:12 -------- d-----w- c:\program files\Steam
2010-09-04 00:48 . 2010-07-31 00:51 452104 ----a-w- c:\documents and settings\Allen\Application Data\Real\Update\setup3.12\setup.exe
2010-08-20 08:38 . 2008-09-02 01:01 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-08-14 03:49 . 2010-08-12 09:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 11:01 . 2010-08-12 11:01 -------- d-----w- c:\program files\AVG
2010-08-12 09:28 . 2010-08-12 09:28 -------- d-----w- c:\documents and settings\Allen\Application Data\Malwarebytes
2010-08-12 09:15 . 2010-08-12 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-06 04:50 . 2010-05-26 19:42 439816 ----a-w- c:\documents and settings\Allen\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 08:32 . 2010-01-01 02:15 256 ----a-w- c:\windows\system32\pool.bin
2010-06-24 07:28 . 2010-06-24 07:28 53248 ----a-r- c:\documents and settings\Allen\Application Data\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 05:09 . 2010-06-21 05:09 50354 ----a-w- c:\documents and settings\Allen\Application Data\Facebook\uninstall.exe
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 11:37 . 2010-06-16 11:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-16 11:37 . 2010-06-16 11:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-16 11:35 . 2010-06-16 11:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-16 11:35 . 2010-06-16 11:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2009-07-09 11:46 . 2009-07-10 23:46 44 -c-h--w- c:\program files\0161aaf9.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-07-28 102400]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-31 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 688218]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-06-01 05:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-09 01:44 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 04:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-08-01 21:31 109056 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 05:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2005-06-01 05:50 356352 -c--a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 -c--a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-06-03 08:31 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-06-01 05:46 401408 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 17:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 19:13 988584 -c--a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 22:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 21:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
2005-07-28 00:07 765952 -c--a-w- c:\program files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLog2]
c:\windows\svc2.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 19:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 20:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-04 01:06 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-09 21:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-11-13 18:52 90112 ----a-w- c:\program files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console]
2005-07-22 21:36 57344 -c--a-w- c:\program files\ASUS\Wireless Console\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2 (0x2)
"MBAMService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"d:\\Desktop C\\Warcraft III\\List Checker\\pickup.listchecker.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\whussupallen@yahoo.com\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6113:TCP"= 6113:TCP:wc3
"6113:UDP"= 6113:UDP:wc3

R0 R592;R592;c:\windows\system32\drivers\R592.sys [9/1/2008 6:25 PM 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [9/1/2008 6:25 PM 27264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/1/2008 8:17 PM 24652]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [9/1/2008 6:26 PM 720438]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [9/1/2008 6:26 PM 8246]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/28/2009 9:08 PM 1527900]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2010 8:49 PM 20952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2010 8:49 PM 304464]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Allen\Application Data\Mozilla\Firefox\Profiles\izg820bc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Allen\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ajsewydo - c:\documents and settings\Allen\Local Settings\Application Data\ihvljvkhg\tdujgweuqiw.exe
MSConfigStartUp-qqlmkccj - c:\documents and settings\Allen\Local Settings\Application Data\evkjjqacd\tkwxilkuqiw.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 11:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmserver\Parameters]
@DACL=(02 0000)
"ServiceDll"=expand:"%SystemRoot%\\System32\\dmserver.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1348)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-12 11:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-12 18:51
ComboFix2.txt 2010-09-08 01:25

Pre-Run: 15,481,483,264 bytes free
Post-Run: 15,438,049,280 bytes free

- - End Of File - - 82CE9301DCB28141BD6B59191F40AC39



hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:02 AM, on 9/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Allen\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7824 bytes


MBRCHECK

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A1C000 \WINDOWS\system32\KDCOM.DLL
0xF792C000 \WINDOWS\system32\BOOTVID.dll
0xF73ED000 ACPI.sys
0xF7A1E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73DC000 pci.sys
0xF751C000 isapnp.sys
0xF752C000 ohci1394.sys
0xF753C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7930000 compbatt.sys
0xF7934000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AE4000 pciide.sys
0xF779C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A20000 intelide.sys
0xF73BE000 pcmcia.sys
0xF754C000 MountMgr.sys
0xF739F000 ftdisk.sys
0xF7938000 ACPIEC.sys
0xF7AE5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77A4000 PartMgr.sys
0xF755C000 VolSnap.sys
0xF7387000 atapi.sys
0xF77AC000 cercsr6.sys
0xF736F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF756C000 disk.sys
0xF757C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF734F000 fltmgr.sys
0xF733D000 sr.sys
0xF758C000 PxHelp20.sys
0xF7326000 KSecDD.sys
0xF7299000 Ntfs.sys
0xF726C000 NDIS.sys
0xF759C000 Combo-Fix.sys
0xF77B4000 risdpntk.sys
0xF75AC000 R592.sys
0xF7252000 Mup.sys
0xF7A40000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xF773C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF68EE000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF68DA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF68B2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7894000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF688E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF789C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF656C000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF774C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF653E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78AC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF775C000 \SystemRoot\System32\Drivers\Serial.SYS
0xF78B4000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF79EC000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF652A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF776C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF777C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF778C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6507000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78BC000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF64CA000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF7B6F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A44000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF78C4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78CC000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF75EC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF64B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75FC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF760C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6402000 \SystemRoot\system32\DRIVERS\psched.sys
0xF761C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78E4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF762C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A46000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF63A4000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A10000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF765C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEDF66000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEDF42000 \SystemRoot\system32\drivers\portcls.sys
0xF766C000 \SystemRoot\system32\drivers\drmk.sys
0xEDF1A000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEDE1C000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xEDD70000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF769C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xED5DB000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF6A46000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF64A3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77DC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A68000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B25000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A6A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77EC000 \SystemRoot\System32\drivers\vga.sys
0xF7A6C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A6E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77FC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79C0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xED3D4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xED37B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xED353000 \SystemRoot\system32\DRIVERS\netbt.sys
0xED331000 \SystemRoot\System32\drivers\afd.sys
0xF6493000 \SystemRoot\system32\DRIVERS\netbios.sys
0xED30F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7804000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xED2E4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xED274000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6483000 \SystemRoot\System32\Drivers\Fips.SYS
0xED24E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6473000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7814000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xED0A4000 \SystemRoot\System32\Drivers\SynMini.sys
0xED69B000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF7844000 \SystemRoot\System32\Drivers\SynCamd.sys
0xECF89000 \SystemRoot\System32\Drivers\SynPin.sys
0xEC490000 \SystemRoot\System32\Drivers\SynPipe.sys
0xEE353000 \SystemRoot\System32\Drivers\SYNSAM.SYS
0xF7A74000 \SystemRoot\System32\Drivers\SynScan.sys
0xEE34F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF786C000 \SystemRoot\system32\DRIVERS\point32.sys
0xF721A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEC46C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC454000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A7E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xED427000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7904000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C33000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF311000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8790000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB86FA000 \SystemRoot\system32\DRIVERS\irda.sys
0xB8784000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB8744000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB849D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AA8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8592000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xB836C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB848D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB82C5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB80D0000 \SystemRoot\system32\drivers\wdmaud.sys
0xB81C5000 \SystemRoot\system32\drivers\sysaudio.sys
0xB803D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7C58000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xECEEF000 \??\C:\DOCUME~1\Allen\LOCALS~1\Temp\mbr.sys
0xB77A2000 \SystemRoot\system32\drivers\kmixer.sys
0xF784C000 \??\C:\Combo-Fix\catchme.sys
0xF7AE2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
764 C:\WINDOWS\system32\smss.exe
816 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1064 C:\WINDOWS\system32\ati2evxx.exe
1080 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1320 C:\WINDOWS\system32\svchost.exe
1384 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1520 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1632 svchost.exe
1796 svchost.exe
192 C:\WINDOWS\system32\spoolsv.exe
264 svchost.exe
288 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
304 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
348 C:\Program Files\Bonjour\mDNSResponder.exe
380 svchost.exe
464 C:\Program Files\Java\jre6\bin\jqs.exe
588 C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
640 C:\WINDOWS\system32\PnkBstrA.exe
1096 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
520 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
748 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
812 C:\WINDOWS\system32\ati2evxx.exe
1716 C:\WINDOWS\ATK0100\HControl.exe
728 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
1948 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2008 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
948 C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
1988 C:\WINDOWS\system32\rundll32.exe
664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1628 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2216 C:\WINDOWS\system32\svchost.exe
2272 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3228 C:\WINDOWS\ATK0100\ATKOSD.exe
3544 C:\Program Files\Canon\CAL\CALMAIN.exe
1676 C:\WINDOWS\system32\wscntfy.exe
3000 wmiprvse.exe
2996 alg.exe
1348 C:\WINDOWS\explorer.exe
4016 C:\WINDOWS\system32\notepad.exe
736 C:\WINDOWS\system32\notepad.exe
1892 C:\Program Files\Mozilla Firefox\firefox.exe
2544 C:\Program Files\Mozilla Firefox\plugin-container.exe
2088 C:\Documents and Settings\Allen\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`77226600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`94637e00 (FAT32)

PhysicalDrive0 Model Number: HTS421260H9AT00, Rev: HA2OA70G

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Edited by wahhhitzallen, 12 September 2010 - 02:17 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 17 September 2010 - 02:42 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 19 September 2010 - 11:33 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:08 PM

Posted 23 September 2010 - 12:09 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users