Jump to content

Mrtorres

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Heres the bam-log you aske for. Malwarebytes' Anti-Malware 1.34 Database version: 1814 Windows 5.1.2600 Service Pack 3 2/03/2009 7:07:46 PM mbam-log-2009-03-02 (19-07-46).txt Scan type: Quick Scan Objects scanned: 58952 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And yes everything seems to be running fine now thanks to you all :-) Thank you vary vary much for your help fixing my problem. I will, and have, refer anyone who has a problem like me to your site for help. And I will make a donation as soon as I have the money to do so. I give my word on this. Thanks again. God bless you all Sincerely Paul :-)
  2. ComboFix 09-03-02.01 - Administrator 2009-03-02 17:47:08.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.509 [GMT 11:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe Command switches used :: c:\users\Administrator\Desktop\CFscript.txt FILE :: c:\program files\Drive Space Indicator\DrvSpace.exe c:\windows\~DFD0FE.tmp c:\windows\imsins.BAK c:\windows\InstallAVg_881001.exe c:\windows\LastXP\NewUser.cmd c:\windows\Sta2.INI c:\windows\WMSysPr9.prx . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Drive Space Indicator\DrvSpace.exe c:\windows\~DFD0FE.tmp c:\windows\imsins.BAK c:\windows\InstallAVg_881001.exe c:\windows\LastXP\NewUser.cmd c:\windows\Sta2.INI c:\windows\WMSysPr9.prx . ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))) . 2009-03-02 05:05 . 2009-03-02 05:05 <DIR> d-------- c:\windows\system32\xircom 2009-03-02 05:05 . 2009-03-02 05:05 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-01 11:39 . 2009-03-01 11:39 <DIR> d-------- c:\program files\Iomega 2009-03-01 11:39 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe 2009-03-01 11:29 . 2009-03-01 11:29 39,424,495 --a------ c:\program files\hotburnpro-w32-x86-2.5.6.exe 2009-03-01 04:22 . 2008-06-13 22:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-01 04:22 . 2008-06-13 22:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys 2009-03-01 04:20 . 2008-09-05 04:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2009-03-01 04:20 . 2008-10-16 03:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2009-03-01 04:20 . 2008-10-03 21:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll 2009-03-01 04:19 . 2009-03-01 04:19 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-01 04:13 . 2008-06-20 22:51 361,600 --------- c:\windows\system32\dllcache\tcpip.sys 2009-03-01 04:13 . 2008-06-21 04:46 245,248 --------- c:\windows\system32\dllcache\mswsock.dll 2009-03-01 04:13 . 2008-06-20 22:08 225,856 --------- c:\windows\system32\dllcache\tcpip6.sys 2009-03-01 04:13 . 2008-06-21 04:46 147,968 --------- c:\windows\system32\dllcache\dnsapi.dll 2009-03-01 04:13 . 2008-08-14 21:04 138,496 --------- c:\windows\system32\dllcache\afd.sys 2009-03-01 04:12 . 2008-09-15 23:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2009-03-01 04:12 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-01 04:12 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-02-26 06:18 . 2009-02-26 06:18 <DIR> d-------- c:\program files\Trend Micro 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\users\All Users\Application Data\Malwarebytes 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\users\Administrator\Application Data\Malwarebytes 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-26 01:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-26 01:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 14:24 . 2009-02-24 14:24 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-24 14:21 . 2009-02-24 14:21 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-20 20:55 . 2009-02-20 20:55 <DIR> d-------- c:\users\Administrator\Application Data\LimeWire 2009-02-20 20:55 . 2009-02-20 20:55 <DIR> d-------- c:\program files\LimeWire 2009-02-19 23:26 . 2009-02-19 23:26 331,805,736 --a------ c:\windows\WindowsXP-KB936929-SP3-x86-ENU.exe 2009-02-19 17:32 . 2009-02-19 17:32 <DIR> d-------- c:\windows\Sun 2009-02-18 23:43 . 2009-02-18 23:43 <DIR> d-------- c:\program files\DivX 2009-02-18 22:18 . 2009-02-18 22:18 <DIR> d-------- C:\UT2003Demo 2009-02-18 22:11 . 2009-02-18 22:11 <DIR> d-------- c:\users\Administrator\Application Data\IGN_DLM 2009-02-18 22:11 . 2009-02-18 22:11 <DIR> d-------- c:\program files\Download Manager 2009-02-18 08:00 . 2009-02-18 08:00 <DIR> d-------- c:\users\All Users\Application Data\Yahoo! Companion 2009-02-18 07:55 . 2009-02-18 07:55 <DIR> d-------- c:\program files\Yahoo! 2009-02-18 07:17 . 2009-02-18 07:17 <DIR> d-------- c:\users\All Users\Application Data\Yahoo! 2009-02-17 21:26 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll 2009-02-17 21:26 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll 2009-02-17 21:26 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll 2009-02-17 21:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2009-02-17 21:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2009-02-17 21:26 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll 2009-02-17 21:18 . 2009-02-17 21:18 <DIR> d-------- c:\users\Administrator\Application Data\Media Player Classic 2009-02-17 02:54 . 2009-02-17 02:54 <DIR> d-------- c:\users\Administrator\Contacts 2009-02-17 01:25 . 2009-02-17 01:25 <DIR> d-------- c:\program files\Activision 2009-02-17 01:23 . 2001-05-24 15:00 306,688 --a------ c:\windows\IsUninst.exe 2009-02-17 01:01 . 2006-12-29 14:48 4,026,112 -ra------ c:\windows\system32\drivers\alcxwdm.sys 2009-02-17 01:01 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-02-17 01:01 . 2008-04-14 00:49 146,048 --a------ c:\windows\system32\drivers\portcls.sys 2009-02-17 01:01 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys 2009-02-17 01:01 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys 2009-02-17 01:01 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys 2009-02-17 01:01 . 2008-04-14 00:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys 2009-02-17 01:01 . 2008-04-14 00:15 56,576 --a------ c:\windows\system32\drivers\swmidi.sys 2009-02-17 01:01 . 2008-04-14 00:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys 2009-02-17 01:01 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe 2009-02-17 01:01 . 2008-04-14 00:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-02-17 01:01 . 2008-04-14 00:15 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys 2009-02-17 01:00 . 2009-02-17 01:00 <DIR> d-------- c:\program files\Realtek AC97 2009-02-17 01:00 . 2009-02-17 01:00 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-02-17 01:00 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl 2009-02-17 01:00 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe 2009-02-17 01:00 . 2006-11-17 05:42 577,536 --a------ c:\windows\soundman.exe 2009-02-17 01:00 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe 2009-02-17 01:00 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe 2009-02-17 01:00 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll 2009-02-17 01:00 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav 2009-02-16 23:34 . 2008-04-14 00:16 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys 2009-02-16 23:34 . 2008-04-14 00:16 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS 2009-02-16 23:34 . 2008-04-14 05:42 16,384 --a------ c:\windows\system32\ipsink.ax 2009-02-16 23:34 . 2008-04-14 00:16 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-02-16 23:34 . 2008-04-14 00:16 11,136 --a------ c:\windows\system32\drivers\SLIP.sys 2009-02-16 23:34 . 2008-04-14 00:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-02-16 23:34 . 2008-04-14 00:09 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-02-16 22:33 . 2009-02-16 22:33 <DIR> d-------- c:\program files\Lexmark 7300 Series 2009-02-16 22:33 . 2006-12-20 18:06 1,224,704 --a------ c:\windows\system32\lxciserv.dll 2009-02-16 22:31 . 2009-02-16 22:31 <DIR> d-------- C:\drivers 2009-02-16 21:23 . 2009-02-16 21:23 <DIR> d-------- c:\program files\Creative 2009-02-16 21:08 . 2009-02-16 21:08 <DIR> d-------- c:\users\Administrator\Application Data\DriverCure 2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\users\All Users\Application Data\ParetoLogic 2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\users\All Users\Application Data\DriverCure 2009-02-16 20:44 . 2009-02-16 20:44 <DIR> d--hs---- C:\Recycled 2009-02-16 20:36 . 2007-03-08 10:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-02-16 20:36 . 2007-03-08 10:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-16 20:36 . 2007-03-08 10:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-02-16 20:14 . 2009-02-16 20:14 <DIR> d-------- c:\program files\Winamp 2009-02-16 20:14 . 2007-03-08 10:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-16 08:44 --------- d-----w c:\program files\Drive Space Indicator 2009-02-16 08:43 --------- d-----w c:\users\Administrator\Application Data\uTorrent 2009-02-16 08:43 --------- d-----w c:\program files\uTorrent 2009-02-16 08:43 --------- d-----w c:\program files\SetupSetupS 2009-02-16 08:43 --------- d-----w c:\program files\DiskTrix 2009-02-16 08:42 --------- d-----w c:\program files\Windows Live 2009-02-16 08:42 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-16 08:42 --------- d-----w c:\program files\irfanview 2009-02-16 08:41 --------- d-----w c:\program files\Opera 2009-02-16 08:41 --------- d-----w c:\program files\ieSpell 2009-02-16 08:41 --------- d-----w c:\program files\CCleaner 2009-02-16 08:41 --------- d-----w c:\program files\7-Zip 2009-02-16 08:39 --------- d-----w c:\program files\Unlocker 2009-02-16 08:39 --------- d-----w c:\program files\TaskSwitchXP 2009-02-16 08:39 --------- d-----w c:\program files\System 2009-02-16 08:39 --------- d-----w c:\program files\Attribute Changer 2009-02-16 08:33 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-16 08:32 --------- d-----w c:\program files\Java 2009-02-16 08:32 --------- d-----w c:\program files\Common Files\Java 2009-02-16 08:31 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-16 08:24 --------- d-----w c:\program files\MSBuild 2009-02-16 08:23 --------- d-----w c:\program files\Reference Assemblies 2009-02-16 08:18 --------- d-----w c:\program files\Windows Sidebar 2009-02-16 08:18 --------- d-----w c:\program files\Alky for Applications 2009-02-16 08:13 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll 2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll 2008-12-20 23:56 233,472 ------w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 23:56 1,163,264 ------w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys . ------- Sigcheck ------- 2008-05-05 09:00 578048 894b313c52589628bb996e175b581e3a c:\windows\system32\user32.dll 2008-05-05 09:00 557056 7dd9ce78dd441eea2bbaff6d3eeaad08 c:\windows\system32\winlogon.exe 2008-05-05 09:00 1572352 5f7009a7cb02ae2685746b34b063d3dd c:\windows\explorer.exe 2008-05-05 09:00 40448 c1d50243355a290cb3aa684fd8b38170 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-02_ 4.22.31.50 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-01 17:22:16 53,248 ----a-w c:\windows\Temp\catchme.dll + 2009-03-02 06:51:06 53,248 ----a-w c:\windows\Temp\catchme.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-05-05 40448] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "Taskbar Shuffle"="c:\windows\system32\taskbarshuffle.exe" [2008-04-17 818176] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-02 1103216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "PowerTweak Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Drag'n'Drop_Autolaunch"="c:\program files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" [2005-04-28 131072] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-05 540672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-05 40448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] c:\users\Administrator\Start Menu\Programs\Startup\ Visual Task Tips.lnk - c:\ppapps\VisualTaskTips\VisualTaskTips.exe [2009-02-16 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\System32\\lxcicoms.exe"= "c:\\Program Files\\Activision\\Star Trek Armada II\\Armada2.exe"= "c:\\WINDOWS\\System32\\dpnsvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\UT2003Demo\\System\\UT2003.exe"= R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-02-16 157696] --- Other Services/Drivers In Memory --- *Deregistered* - dnbudf . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 17:50:49 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(764) c:\windows\system32\SETUPAPI.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Iomega\System32\AppServices.exe c:\windows\system32\lxcicoms.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-03-02 17:53:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-02 06:53:42 ComboFix2.txt 2009-03-01 17:23:10 Pre-Run: 11,526,684,672 bytes free Post-Run: 11,546,476,544 bytes free 273 --- E O F --- 2009-03-01 07:31:41 log.txt log.txt
  3. Here's my boot log..... Hope it helps and thank you for helping me.:-) ntbtlog.zip ntbtlog.zip
  4. This is the DSS Text log you asked for and Attached log....... sorry I didn't do this in the last post replies. Attach.zip DDS.zip Attach.zip DDS.zip
  5. Here's the Combofix Log you asked for....... ComboFix 09-03-01.01 - Administrator 2009-03-02 4:20:43.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.517 [GMT 11:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe Command switches used :: c:\users\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\System\Uninstall c:\windows\system32\msxml71.dll E:\Autorun.inf F:\INSTALL.EXE . ((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))))) . 2009-03-01 11:39 . 2009-03-01 11:39 <DIR> d-------- c:\program files\Iomega 2009-03-01 11:39 . 2009-03-01 11:39 316,640 --a------ c:\windows\WMSysPr9.prx 2009-03-01 11:39 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe 2009-03-01 11:29 . 2009-03-01 11:29 39,424,495 --a------ c:\program files\hotburnpro-w32-x86-2.5.6.exe 2009-03-01 04:22 . 2008-06-13 22:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-01 04:22 . 2008-06-13 22:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys 2009-03-01 04:20 . 2008-09-05 04:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2009-03-01 04:20 . 2008-10-16 03:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2009-03-01 04:20 . 2008-10-03 21:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll 2009-03-01 04:19 . 2009-03-01 04:19 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-01 04:19 . 2009-03-01 18:31 1,355 --a------ c:\windows\imsins.BAK 2009-03-01 04:13 . 2008-06-20 22:51 361,600 --------- c:\windows\system32\dllcache\tcpip.sys 2009-03-01 04:13 . 2008-06-21 04:46 245,248 --------- c:\windows\system32\dllcache\mswsock.dll 2009-03-01 04:13 . 2008-06-20 22:08 225,856 --------- c:\windows\system32\dllcache\tcpip6.sys 2009-03-01 04:13 . 2008-06-21 04:46 147,968 --------- c:\windows\system32\dllcache\dnsapi.dll 2009-03-01 04:13 . 2008-08-14 21:04 138,496 --------- c:\windows\system32\dllcache\afd.sys 2009-03-01 04:12 . 2008-09-15 23:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2009-03-01 04:12 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-01 04:12 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-02-26 06:18 . 2009-02-26 06:18 <DIR> d-------- c:\program files\Trend Micro 2009-02-26 03:24 . 2009-02-26 03:24 135,168 --a------ c:\windows\InstallAVg_881001.exe 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\users\All Users\Application Data\Malwarebytes 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\users\Administrator\Application Data\Malwarebytes 2009-02-26 01:22 . 2009-02-26 01:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-26 01:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-26 01:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 14:24 . 2009-02-24 14:24 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-24 14:21 . 2009-02-24 14:21 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-20 20:55 . 2009-02-20 20:55 <DIR> d-------- c:\users\Administrator\Application Data\LimeWire 2009-02-20 20:55 . 2009-02-20 20:55 <DIR> d-------- c:\program files\LimeWire 2009-02-19 23:26 . 2009-02-19 23:26 331,805,736 --a------ c:\windows\WindowsXP-KB936929-SP3-x86-ENU.exe 2009-02-19 17:32 . 2009-02-19 17:32 <DIR> d-------- c:\windows\Sun 2009-02-18 23:43 . 2009-02-18 23:43 <DIR> d-------- c:\program files\DivX 2009-02-18 22:18 . 2009-02-18 22:18 <DIR> d-------- C:\UT2003Demo 2009-02-18 22:11 . 2009-02-18 22:11 <DIR> d-------- c:\users\Administrator\Application Data\IGN_DLM 2009-02-18 22:11 . 2009-02-18 22:11 <DIR> d-------- c:\program files\Download Manager 2009-02-18 08:00 . 2009-02-18 08:00 <DIR> d-------- c:\users\All Users\Application Data\Yahoo! Companion 2009-02-18 07:55 . 2009-02-18 07:55 <DIR> d-------- c:\program files\Yahoo! 2009-02-18 07:17 . 2009-02-18 07:17 <DIR> d-------- c:\users\All Users\Application Data\Yahoo! 2009-02-17 21:26 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll 2009-02-17 21:26 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll 2009-02-17 21:26 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll 2009-02-17 21:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2009-02-17 21:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2009-02-17 21:26 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll 2009-02-17 21:18 . 2009-02-17 21:18 <DIR> d-------- c:\users\Administrator\Application Data\Media Player Classic 2009-02-17 02:54 . 2009-02-17 02:54 <DIR> d-------- c:\users\Administrator\Contacts 2009-02-17 01:25 . 2009-02-17 01:25 <DIR> d-------- c:\program files\Activision 2009-02-17 01:23 . 2001-05-24 15:00 306,688 --a------ c:\windows\IsUninst.exe 2009-02-17 01:22 . 2009-02-17 01:28 911 --a------ c:\windows\Sta2.INI 2009-02-17 01:01 . 2006-12-29 14:48 4,026,112 -ra------ c:\windows\system32\drivers\alcxwdm.sys 2009-02-17 01:01 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-02-17 01:01 . 2008-04-14 00:49 146,048 --a------ c:\windows\system32\drivers\portcls.sys 2009-02-17 01:01 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys 2009-02-17 01:01 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys 2009-02-17 01:01 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys 2009-02-17 01:01 . 2008-04-14 00:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys 2009-02-17 01:01 . 2008-04-14 00:15 56,576 --a------ c:\windows\system32\drivers\swmidi.sys 2009-02-17 01:01 . 2008-04-14 00:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys 2009-02-17 01:01 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe 2009-02-17 01:01 . 2008-04-14 00:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-02-17 01:01 . 2008-04-14 00:15 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys 2009-02-17 01:00 . 2009-02-17 01:00 <DIR> d-------- c:\program files\Realtek AC97 2009-02-17 01:00 . 2009-02-17 01:00 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-02-17 01:00 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl 2009-02-17 01:00 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe 2009-02-17 01:00 . 2006-11-17 05:42 577,536 --a------ c:\windows\soundman.exe 2009-02-17 01:00 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe 2009-02-17 01:00 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe 2009-02-17 01:00 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll 2009-02-17 01:00 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav 2009-02-16 23:34 . 2008-04-14 00:16 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys 2009-02-16 23:34 . 2008-04-14 00:16 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS 2009-02-16 23:34 . 2008-04-14 05:42 16,384 --a------ c:\windows\system32\ipsink.ax 2009-02-16 23:34 . 2008-04-14 00:16 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-02-16 23:34 . 2008-04-14 00:16 11,136 --a------ c:\windows\system32\drivers\SLIP.sys 2009-02-16 23:34 . 2008-04-14 00:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-02-16 23:34 . 2008-04-14 00:09 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-02-16 22:33 . 2009-02-16 22:33 <DIR> d-------- c:\program files\Lexmark 7300 Series 2009-02-16 22:33 . 2006-12-20 18:06 1,224,704 --a------ c:\windows\system32\lxciserv.dll 2009-02-16 22:31 . 2009-02-16 22:31 <DIR> d-------- C:\drivers 2009-02-16 21:23 . 2009-02-16 21:23 <DIR> d-------- c:\program files\Creative 2009-02-16 21:08 . 2009-02-16 21:08 <DIR> d-------- c:\users\Administrator\Application Data\DriverCure 2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\users\All Users\Application Data\ParetoLogic 2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\users\All Users\Application Data\DriverCure 2009-02-16 20:44 . 2009-02-16 20:44 <DIR> d--hs---- C:\Recycled 2009-02-16 20:36 . 2007-03-08 10:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-02-16 20:36 . 2007-03-08 10:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-16 20:36 . 2007-03-08 10:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-02-16 20:14 . 2009-02-16 20:14 <DIR> d-------- c:\program files\Winamp 2009-02-16 20:14 . 2007-03-08 10:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-16 08:44 --------- d-----w c:\program files\Drive Space Indicator 2009-02-16 08:43 --------- d-----w c:\users\Administrator\Application Data\uTorrent 2009-02-16 08:43 --------- d-----w c:\program files\uTorrent 2009-02-16 08:43 --------- d-----w c:\program files\SetupSetupS 2009-02-16 08:43 --------- d-----w c:\program files\DiskTrix 2009-02-16 08:42 --------- d-----w c:\program files\Windows Live 2009-02-16 08:42 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-16 08:42 --------- d-----w c:\program files\irfanview 2009-02-16 08:41 --------- d-----w c:\program files\Opera 2009-02-16 08:41 --------- d-----w c:\program files\ieSpell 2009-02-16 08:41 --------- d-----w c:\program files\CCleaner 2009-02-16 08:41 --------- d-----w c:\program files\7-Zip 2009-02-16 08:39 --------- d-----w c:\program files\Unlocker 2009-02-16 08:39 --------- d-----w c:\program files\TaskSwitchXP 2009-02-16 08:39 --------- d-----w c:\program files\System 2009-02-16 08:39 --------- d-----w c:\program files\Attribute Changer 2009-02-16 08:33 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-16 08:32 --------- d-----w c:\program files\Java 2009-02-16 08:32 --------- d-----w c:\program files\Common Files\Java 2009-02-16 08:31 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-16 08:24 --------- d-----w c:\program files\MSBuild 2009-02-16 08:23 --------- d-----w c:\program files\Reference Assemblies 2009-02-16 08:18 --------- d-----w c:\program files\Windows Sidebar 2009-02-16 08:18 --------- d-----w c:\program files\Alky for Applications 2009-02-16 08:13 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-16 08:02 32,768 ----a-w c:\windows\~DFD0FE.tmp 2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll 2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll 2008-12-20 23:56 233,472 ------w c:\windows\system32\dllcache\webcheck.dll 2008-12-20 23:56 1,163,264 ------w c:\windows\system32\dllcache\urlmon.dll 2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys . ------- Sigcheck ------- 2008-05-05 09:00 578048 894b313c52589628bb996e175b581e3a c:\windows\system32\user32.dll 2008-05-05 09:00 557056 7dd9ce78dd441eea2bbaff6d3eeaad08 c:\windows\system32\winlogon.exe 2008-05-05 09:00 1572352 5f7009a7cb02ae2685746b34b063d3dd c:\windows\explorer.exe 2008-05-05 09:00 40448 c1d50243355a290cb3aa684fd8b38170 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-05-05 40448] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "Taskbar Shuffle"="c:\windows\system32\taskbarshuffle.exe" [2008-04-17 818176] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-02 1103216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "PowerTweak Menu"="c:\windows\system32\mmm.exe" [2005-07-05 828416] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2008-05-17 371626] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Drag'n'Drop_Autolaunch"="c:\program files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" [2005-04-28 131072] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-05 540672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-05 40448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "NewUser"="c:\windows\LastXP\NewUser.cmd" [2008-05-05 2094] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] c:\users\Administrator\Start Menu\Programs\Startup\ Visual Task Tips.lnk - c:\ppapps\VisualTaskTips\VisualTaskTips.exe [2009-02-16 61440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\System32\\lxcicoms.exe"= "c:\\Program Files\\Activision\\Star Trek Armada II\\Armada2.exe"= "c:\\WINDOWS\\System32\\dpnsvr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\UT2003Demo\\System\\UT2003.exe"= R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?] R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-02-16 157696] --- Other Services/Drivers In Memory --- *Deregistered* - dnbudf . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM . . ------- File Associations ------- . inffile=c:\windows\system32\Notepad2.exe %1 inifile=c:\windows\system32\Notepad2.exe %1 txtfile=c:\windows\system32\Notepad2.exe %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 04:22:14 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(768) c:\windows\system32\SETUPAPI.dll . Completion time: 2009-03-02 4:23:06 ComboFix-quarantined-files.txt 2009-03-01 17:23:06 Pre-Run: 11,278,385,152 bytes free Post-Run: 11,532,075,008 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff 268 --- E O F --- 2009-03-01 07:31:41 Here's the Highjackthis log you asked for............ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:34:44 AM, on 2/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20978) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\system32\lxcicoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Drive Space Indicator\DrvSpace.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\V0330Mon.exe C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\taskbarshuffle.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\ppApps\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [Taskbar Shuffle] C:\WINDOWS\system32\taskbarshuffle.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235043566343 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235764966250 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7494 bytes Hope this is what you needed. :-)
  6. No this is the latest version on Windows XP Pro. So It probly has some Vista stuff on it. And yes I did update Malwarebytes before running the scan and after just to be sure and ran the scan again and it still didn't remove the Malware after saying it did. One thing I did discover is in task manager I end task on 3 of the programs the popups stop comming. But when I go and restart the popups are back. And I can't get rid of them deleteing them manuly either. I tried deleting them but right after I did they came back as ~tmpa, ~tmpb and ~tmpac. What makes the popup stop poping up is when I shut down or end task this EXE file called a.exe.
  7. Malwarebytes' Anti-Malware 1.34 C:\WINDOWS\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Windows 5.1.2600 Service Pack 3 26/02/2009 1:29:39 AM mbam-log-2009-02-26 (01-29-39).txt Scan type: Quick Scan Objects scanned: 59648 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 6 Files Infected: 8 Memory Processes Infected: C:\WINDOWS\Temp\~tmpa.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\Temp\~tmpc.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Users\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226011333828.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7z.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpa.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpc.exe (Trojan.FakeAlert) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:18:55 AM, on 26/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\lxcicoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmm.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Drive Space Indicator\DrvSpace.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\V0330Mon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\taskbarshuffle.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\Temp\a.exe C:\ppApps\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\Notepad2.exe C:\WINDOWS\system32\Notepad2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PowerTweak Menu] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [Taskbar Shuffle] C:\WINDOWS\system32\taskbarshuffle.exe O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [MSFox] C:\Windows\Temp\a.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Visual Task Tips.lnk = C:\ppApps\VisualTaskTips\VisualTaskTips.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235043566343 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8177 bytes Hope somebody can help me with this please.
  8. This is what I'm having problems removing completely from my PC using XP pro and the Malwarebytes' Anti-Malware program, Malwarebytes' Anti-Malware 1.34 C:\WINDOWS\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Windows 5.1.2600 Service Pack 3 26/02/2009 1:29:39 AM mbam-log-2009-02-26 (01-29-39).txt Scan type: Quick Scan Objects scanned: 59648 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 6 Files Infected: 8 Memory Processes Infected: C:\WINDOWS\Temp\~tmpa.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\Temp\~tmpc.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Users\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Users\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226011333828.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7z.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpa.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~tmpc.exe (Trojan.FakeAlert) -> Delete on reboot. This is my log file after running the program but after restarting my PC the malware has not been removed and is back and running can you please help me with this problem anyone from tec support or forums. Thank you Sincerely Mrtorres
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.