Jump to content

Digi

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

About Digi

  • Birthday 01/10/1969
  1. Many thanks for the reply so if im correct in saying the whole ip range of 64.191 is being targetted for blocking? If this is case i will indeed have serious words with my host about this issue Again many thanks for your replt Kind regards Digi
  2. Hello i am am currently owner of IP Address:64.191.53.53 I have been informed by serveral members of my forum who use your program Malwarebytes' Anti-Malware Version: 1.40 that it is reporting my site as being infected and not safe! Also in some cases not allowing them on to the site,i have also installed your application and found this to be true.I can assure you that my site does not contain any threat what so ever as it is monitored by Norton Safe Web http://safeweb.norton.com/report/show?url=underground-modems.comMcAfee SiteAdvisor http://www.siteadvisor.com/sites/underground-modems.comI request that the site ip be removed from you IP Blocking list please so my members can continue to access my forum,i apprciate your help in this matter kind regards
  3. ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/03/19 01:11 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: ACPI.sys Image Path: ACPI.sys Address: 0xF752C000 Size: 187776 File Visible: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2066048 File Visible: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xAA608000 Size: 138496 File Visible: - Status: - Name: afw.sys Image Path: C:\WINDOWS\system32\DRIVERS\afw.sys Address: 0xF797B000 Size: 24192 File Visible: - Status: - Name: afwcore.sys Image Path: C:\WINDOWS\system32\drivers\afwcore.sys Address: 0xF6E7F000 Size: 227968 File Visible: - Status: - Name: ALCXSENS.SYS Image Path: C:\WINDOWS\system32\drivers\ALCXSENS.SYS Address: 0xF6EEF000 Size: 400384 File Visible: - Status: - Name: ALCXWDM.SYS Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS Address: 0xF6F98000 Size: 601920 File Visible: - Status: - Name: ASWFilt.dll Image Path: C:\WINDOWS\system32\Filt\ASWFilt.dll Address: 0xF7A53000 Size: 26624 File Visible: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF74BE000 Size: 96512 File Visible: - Status: - Name: ati2cqag.dll Image Path: C:\WINDOWS\System32\ati2cqag.dll Address: 0xBF057000 Size: 499712 File Visible: - Status: - Name: ati2dvag.dll Image Path: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF012000 Size: 282624 File Visible: - Status: - Name: ati2mtag.sys Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Address: 0xF703F000 Size: 2662400 File Visible: - Status: - Name: ati3duag.dll Image Path: C:\WINDOWS\System32\ati3duag.dll Address: 0xBF16B000 Size: 3133440 File Visible: - Status: - Name: atikvmag.dll Image Path: C:\WINDOWS\System32\atikvmag.dll Address: 0xBF0D1000 Size: 442368 File Visible: - Status: - Name: atiok3x2.dll Image Path: C:\WINDOWS\System32\atiok3x2.dll Address: 0xBF13D000 Size: 188416 File Visible: - Status: - Name: ativvaxx.dll Image Path: C:\WINDOWS\System32\ativvaxx.dll Address: 0xBF468000 Size: 1597440 File Visible: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 File Visible: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xF7D05000 Size: 3072 File Visible: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF7B75000 Size: 4224 File Visible: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7A6B000 Size: 12288 File Visible: - Status: - Name: cercsr6.sys Image Path: cercsr6.sys Address: 0xF78EB000 Size: 29120 File Visible: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF769B000 Size: 53248 File Visible: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF768B000 Size: 36352 File Visible: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xF74D6000 Size: 153344 File Visible: - Status: - Name: dmload.sys Image Path: dmload.sys Address: 0xF7B5F000 Size: 5888 File Visible: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF76EB000 Size: 61440 File Visible: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAA48A000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7BF1000 Size: 8192 File Visible: No Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xAA52A000 Size: 12288 File Visible: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 File Visible: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7D4C000 Size: 4096 File Visible: - Status: - Name: eamon.sys Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys Address: 0xA7C8C000 Size: 315392 File Visible: - Status: - Name: epfw.sys Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys Address: 0xA806E000 Size: 81920 File Visible: - Status: - Name: epfwtdi.sys Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys Address: 0xAA678000 Size: 73728 File Visible: - Status: - Name: evsbc.sys Image Path: C:\WINDOWS\system32\DRIVERS\evsbc.sys Address: 0xF79DB000 Size: 20224 File Visible: - Status: - Name: Fastfat.SYS Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xA74AC000 Size: 143744 File Visible: - Status: - Name: fdc.sys Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xF7953000 Size: 27392 File Visible: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF783B000 Size: 44544 File Visible: - Status: - Name: flpydisk.sys Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xF79F3000 Size: 20480 File Visible: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xF7486000 Size: 129792 File Visible: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF7B71000 Size: 7936 File Visible: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF74FC000 Size: 125056 File Visible: - Status: - Name: gagp30kx.sys Image Path: gagp30kx.sys Address: 0xF76AB000 Size: 46464 File Visible: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806D0000 Size: 131840 File Visible: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF770B000 Size: 52480 File Visible: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xAA652000 Size: 152832 File Visible: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xAA6E3000 Size: 75264 File Visible: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF765B000 Size: 37248 File Visible: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF796B000 Size: 24576 File Visible: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7B5B000 Size: 8192 File Visible: - Status: - Name: kmixer.sys Image Path: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xA5B75000 Size: 172416 File Visible: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\drivers\ks.sys Address: 0xF6F51000 Size: 143360 File Visible: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF745D000 Size: 92288 File Visible: - Status: - Name: mbam.sys Image Path: C:\WINDOWS\system32\drivers\mbam.sys Address: 0xA7DD9000 Size: 11776 File Visible: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF7B79000 Size: 4224 File Visible: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF7963000 Size: 23040 File Visible: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF766B000 Size: 42368 File Visible: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xAA4A2000 Size: 455296 File Visible: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF7A1B000 Size: 19072 File Visible: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF77CB000 Size: 35072 File Visible: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF7319000 Size: 15488 File Visible: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF7389000 Size: 105344 File Visible: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF73A3000 Size: 182656 File Visible: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xF7331000 Size: 10112 File Visible: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xF6E68000 Size: 91520 File Visible: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF776B000 Size: 40576 File Visible: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xF77EB000 Size: 34688 File Visible: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xAA62A000 Size: 162816 File Visible: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF7A2B000 Size: 30848 File Visible: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF73D0000 Size: 574976 File Visible: - Status: - Name: ntkrnlpa.exe Image Path: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2066048 File Visible: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7D31000 Size: 2944 File Visible: - Status: - Name: parport.sys Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xF6EB7000 Size: 80128 File Visible: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF78E3000 Size: 19712 File Visible: - Status: - Name: ParVdm.SYS Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xF7BB5000 Size: 6784 File Visible: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF751B000 Size: 68224 File Visible: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7C23000 Size: 3328 File Visible: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF78DB000 Size: 28672 File Visible: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2066048 File Visible: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xF6F74000 Size: 147456 File Visible: - Status: - Name: processr.sys Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys Address: 0xF76DB000 Size: 35840 File Visible: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF79AB000 Size: 17792 File Visible: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xF72D1000 Size: 8832 File Visible: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF772B000 Size: 51328 File Visible: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF773B000 Size: 41472 File Visible: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF774B000 Size: 48384 File Visible: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF79BB000 Size: 16512 File Visible: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2066048 File Visible: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xAA53A000 Size: 175744 File Visible: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF7B7D000 Size: 4224 File Visible: - Status: - Name: rdpdr.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xF6E38000 Size: 196224 File Visible: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA796B000 Size: 45056 File Visible: No Status: - Name: SandBox.sys Image Path: C:\WINDOWS\system32\DRIVERS\SandBox.sys Address: 0xAA565000 Size: 667136 File Visible: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS Address: 0xF74A6000 Size: 98304 File Visible: - Status: - Name: serenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xF7349000 Size: 15744 File Visible: - Status: - Name: serial.sys Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xF76FB000 Size: 64512 File Visible: - Status: - Name: sisnicxp.sys Image Path: C:\WINDOWS\system32\DRIVERS\sisnicxp.sys Address: 0xF79FB000 Size: 32768 File Visible: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xF7474000 Size: 73472 File Visible: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA7B0B000 Size: 333952 File Visible: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF7B67000 Size: 4352 File Visible: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA7FE6000 Size: 60800 File Visible: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xAA68A000 Size: 361600 File Visible: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\drivers\TDI.SYS Address: 0xF798B000 Size: 20480 File Visible: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF775B000 Size: 40704 File Visible: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xF6DB2000 Size: 384768 File Visible: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF7B6D000 Size: 8192 File Visible: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xF793B000 Size: 30208 File Visible: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF779B000 Size: 59520 File Visible: - Status: - Name: usbohci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xF7933000 Size: 17152 File Visible: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xF6ECB000 Size: 147456 File Visible: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF7A0B000 Size: 20992 File Visible: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF702B000 Size: 81920 File Visible: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF767B000 Size: 52352 File Visible: - Status: - Name: vsb.sys Image Path: C:\WINDOWS\system32\DRIVERS\vsb.sys Address: 0xF7315000 Size: 15360 File Visible: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xF77DB000 Size: 34560 File Visible: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF799B000 Size: 20480 File Visible: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA7EF1000 Size: 83072 File Visible: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF7B5D000 Size: 8192 File Visible: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2066048 File Visible: - Status: - Name: ws2ifsl.sys Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys Address: 0xF7355000 Size: 12032 File Visible: - Status: -
  4. the following logs i DDS.txt and Attach.txt DDS (Ver_09-03-16.01) - NTFSx86 Run by cliff at 1:02:05.81 on 19/03/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.439 [GMT 0:00] FW: Outpost Firewall Pro *disabled* FW: COMODO Firewall Pro *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\cliff\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.com uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Page = hxxp://www.msn.com mStart Page = hxxp://www.msn.com uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com uInternet Settings,ProxyServer = 201.229.208.2:80 mSearchAssistant = hxxp://www.google.com/ie BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191804486234 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {1A1CF384-B76D-4A12-AA96-3DB3C5494606} = 194.168.4.100,194.168.8.100 TCP: {2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3} = 194.168.4.100,194.168.8.100 TCP: {44188752-45E2-4488-9398-96C589E7EB24} = 194.168.4.100,194.168.8.100 TCP: {6C08A0E8-B96D-4D80-A788-3168567EBF76} = 194.168.4.100,194.168.8.100 TCP: {BE2C7A2D-5762-4B03-B65F-C8B49B0E3668} = 194.168.4.100,194.168.8.100 Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cliff\applic~1\mozilla\firefox\profiles\obwy9xeo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - plugin: c:\documents and settings\cliff\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 600000 FF - user.js: nglayout.initialpaint.delay - 600 ============= SERVICES / DRIVERS =============== R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2008-12-24 673920] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-12-24 30864] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-12-24 234640] R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2008-12-24 33408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-19 15504] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2008-11-4 26448] S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-12-24 1238344] S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-19 179856] S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2008-11-4 52944] S3 fsssvc;Windows Live Family Safety; [x] S3 getPlus® Helper;getPlus® Helper; [x] S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848] S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-8-27 30272] ============== File Associations =============== txtfile=c:\windows\NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-03-17 08:33 <DIR> --d----- c:\windows\RestoreSafeDeleted 2009-03-17 00:15 <DIR> --d----- c:\docume~1\cliff\applic~1\RegRun 2009-03-17 00:01 57,556 a------- c:\windows\guard.bmp 2009-03-17 00:01 <DIR> --d----- c:\program files\Greatis 2009-03-13 15:55 0 a------- c:\windows\system32\drivers\SENEKADITGRRFV.SYS.del 2009-03-11 16:43 <DIR> --d----- C:\RootkitNO 2009-03-11 11:12 2 a--shrot c:\windows\winstart.bat 2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\PrivacIE 2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\IETldCache 2009-03-07 00:05 <DIR> --d----- c:\windows\ie8updates 2009-03-06 23:54 81,920 a------- c:\windows\system32\ieencode.dll 2009-03-06 23:52 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-03-05 01:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-03-05 01:26 1,089,593 -------- c:\windows\ntprint.cat 2009-03-04 19:13 <DIR> --d----- c:\windows\system32\XPSViewer 2009-03-04 19:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-03-04 19:07 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-03-04 19:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-03-04 19:07 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-03-04 19:07 117,760 -------- c:\windows\system32\prntvpt.dll 2009-03-04 19:07 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-03-04 19:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-03-04 19:07 <DIR> --d----- C:\6f42334d2be88dc778ff04c32d4ce908 2009-03-04 19:06 <DIR> --d----- c:\windows\SxsCaPendDel 2009-03-04 18:02 <DIR> --d----- c:\program files\Trend Micro 2009-02-28 02:16 7,168 a--sh--- c:\windows\Thumbs.db 2009-02-28 02:13 31 a------- c:\windows\system32\Days5.ini 2009-02-27 03:30 434,688 a------- c:\windows\system32\ss2uinst.exe 2009-02-22 21:57 0 a------- c:\windows\rschkr.ini ==================== Find3M ==================== 2009-02-27 10:27 36,892 a------- c:\windows\system32\btbass.dll 2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-01-07 23:44 339,968 a------- c:\windows\system32\pythoncom25.dll 2009-01-07 23:44 2,117,632 a------- c:\windows\system32\python25.dll 2009-01-07 23:44 348,160 a------- c:\windows\system32\msvcr71.dll 2009-01-07 23:44 114,688 a------- c:\windows\system32\pywintypes25.dll 2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll 2008-10-08 13:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat ============= FINISH: 1:02:21.59 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 07/07/2007 20:21:40 System Uptime: 18/03/2009 04:52:56 (21 hours ago) Motherboard: | | SiS-755 Processor: AMD Sempron Processor 3000+ | Socket 940 | 1799/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 16 GiB total, 6.778 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: SiS 900-Based PCI Fast Ethernet Adapter Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20 Manufacturer: SiS Name: SiS 900-Based PCI Fast Ethernet Adapter PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20 Service: SISNICXP Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel 21140-Based PCI Fast Ethernet Adapter (Generic) Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60 Manufacturer: Intel Name: Intel 21140-Based PCI Fast Ethernet Adapter (Generic) #4 PNP Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60 Service: DC21x4 ==== System Restore Points =================== RP165: 07/03/2009 21:01:39 - Before uninstall OpenDNS Updater 1.3.0.187 RP166: 08/03/2009 21:31:02 - System Checkpoint RP167: 09/03/2009 23:41:15 - System Checkpoint RP168: 11/03/2009 02:53:15 - System Checkpoint RP169: 11/03/2009 03:00:55 - Software Distribution Service 3.0 RP170: 11/03/2009 11:20:36 - RegRun Virus Scan RP171: 11/03/2009 11:25:14 - RegRun Virus Scan RP172: 11/03/2009 11:29:55 - RegRun Virus Scan RP173: 11/03/2009 11:31:00 - RegRun Virus Scan RP174: 12/03/2009 15:46:51 - System Checkpoint RP175: 13/03/2009 15:57:37 - Before uninstall Adobe Flash Player 10 ActiveX RP176: 13/03/2009 15:58:45 - Before uninstall TrojanHunter 5.0 RP177: 14/03/2009 03:03:42 - Software Distribution Service 3.0 RP178: 14/03/2009 22:11:13 - RegRun Virus Scan RP179: 14/03/2009 22:14:07 - RegRun Virus Scan RP180: 16/03/2009 04:34:31 - System Checkpoint RP181: 17/03/2009 05:11:20 - System Checkpoint RP182: 17/03/2009 08:13:29 - RegRun Virus Scan RP183: 17/03/2009 08:14:45 - RegRun Virus Scan RP184: 17/03/2009 08:29:18 - RegRun Virus Scan RP185: 17/03/2009 15:16:45 - Before uninstall UnHackMe 4.80 beta RP186: 17/03/2009 21:01:44 - RegRun Virus Scan RP187: 17/03/2009 21:27:46 - RegRun Virus Scan RP188: 18/03/2009 02:20:05 - Before uninstall RegRun Security Suite Platinum ==== Installed Programs ====================== Adobe Reader 9 Agnitum Outpost Firewall Pro ATI Display Driver C-Media WDM Audio Driver CaptureWizPro 3.90 Critical Update for Windows Media Player 11 (KB959772) CuteFTP 8 Professional DBOX2 Image-Flashing-Assistent 3.1.1 FlashFXP v3 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HyperTerminal Private Edition v6.3 IBP & ARELIS 9.7.1 Infinity USB Unlimited 2.75 Java 6 Update 2 Java SE Runtime Environment 6 Update 1 Lib Debug 1.0 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox (3.0.7) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Realtek AC'97 Audio Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) SiS 900 PCI Fast Ethernet Adapter Driver SMAC 2.7 SolarWinds TFTP Server Trojan Remover 6.7.6 TuneUp Utilities 2009 Unlocker 1.8.7 Update for Windows XP (KB955839) Update for Windows XP (KB967715) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VultureWare DOCSIS Config Editor 0.1 WebFldrs XP WinAce Archiver Windows Doctor 2.0 Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver XoftSpySE Your Uninstaller! 2008 Version 6.2 ==== Event Viewer Messages From Past Week ======== 15/03/2009 14:33:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 15/03/2009 14:32:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 15/03/2009 13:04:00, error: Service Control Manager [7034] - The Logical Disk Manager Administrative Service service terminated unexpectedly. It has done this 1 time(s). 15/03/2009 13:01:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SandBox 15/03/2009 13:01:42, error: Service Control Manager [7001] - The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 15/03/2009 12:28:12, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s). 15/03/2009 12:26:05, error: Service Control Manager [7000] - The fssfltr service failed to start due to the following error: The system cannot find the file specified. 13/03/2009 20:01:27, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 13/03/2009 20:01:27, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 13/03/2009 15:55:44, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). 13/03/2009 15:01:54, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00028A630344 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message). 13/03/2009 13:20:10, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). ==== End Of File ===========================
  5. Here Are The 2 New Log Files Below Malwarebytes' Anti-Malware 1.34 Database version: 1866 Windows 5.1.2600 Service Pack 3 19/03/2009 00:52:24 mbam-log-2009-03-19 (00-52-24).txt Scan type: Quick Scan Objects scanned: 63973 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:55:07, on 19/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.229.208.2:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1191804486234 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A1CF384-B76D-4A12-AA96-3DB3C5494606}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{44188752-45E2-4488-9398-96C589E7EB24}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{6C08A0E8-B96D-4D80-A788-3168567EBF76}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2C7A2D-5762-4B03-B65F-C8B49B0E3668}: NameServer = 194.168.4.100,194.168.8.100 O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - (no file) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5281 bytes
  6. Hi just joined and saying quick hello to all members here,and thanks to Admin for letting me join
  7. Hello i have been unable to update any antivrus/malware applications also not able to conect to messanger when i try to update any of these i get message updates failed make sure you are connected to internet and your firewall is set to allow malware bytes can anyone take look at logs ive enclosed please as ive been told my computer is infected,thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:41, on 04/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.229.208.2:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1191804486234 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{44188752-45E2-4488-9398-96C589E7EB24}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{6C08A0E8-B96D-4D80-A788-3168567EBF76}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2C7A2D-5762-4B03-B65F-C8B49B0E3668}: NameServer = 194.168.4.100,194.168.8.100 O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - (no file) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 5300 bytes Malwarebytes' Anti-Malware 1.34 Database version: 1814 Windows 5.1.2600 Service Pack 3 04/03/2009 18:10:22 mbam-log-2009-03-04 (18-10-22).txt Scan type: Quick Scan Objects scanned: 61654 Time elapsed: 4 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.