Jump to content

Please Help

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Please Help
    Hi, No, I think I will leave it for now and just work around that issue. The next time I format my system I will probably upgrade the operating system as well, maybe in a couple of months. I do feel better about my system now then I did a few weeks ago. Thanks for all your help. I really appreciate it!
  2. Please Help
    Hi, I did do exactly as before, but for some reason it does not seem to work any more. Could it be because of the residual effects of a virus or something, I use to be able to do it before. If there are no other suggestions, I could work around that issue. Thank you!
  3. Please Help
    One other thing... the problem seems to have returned. I turned on my computer today and tried again to rename the folder in c: and it did not work this time, even after using Unlocker again. I even Unlocked all which rebooted my computer and it didn't work. Then I tried to just unlock certain paths and it did not seem to work either, because they were still listed in the Unlocker window. Any other suggestions?? Thanks.
  4. Please Help
    It worked! I had to choose a file that was connected to my c: only and not connected to any of the subdirectories in my c: I tested it, and now I am able to name and rename folders again! Thanks very much!
  5. Please Help
    Hi, I was able to delete the Combofix folder with no error messages. Thanks.
  6. Please Help
    Thanks for the info about Combofix. I uninstalled Combofix and deleted SecurityCheck and got the latest version of Adobe Reader. I deleted explorer.exe from task manager and started a new task. I still cannot rename folders in my C:, same error message. Also, even though I uninstalled Combofix, I still see a Combofix folder in my c:, should I delete that too? Thanks.
  7. Please Help
    Hi, Just a quick question before I uninstall ComboFix. Can I leave Combofix on my machine and run it periodically so it can find and get rid of other bad files? Thanks.
  8. Please Help
    Security Check report: Results of screen317's Security Check version 0.98.9 Windows 2000 Service Pack 4 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus Trend Micro OfficeScan Client ZoneAlarm ZoneAlarm Spy Blocker Avira updated! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware ZoneAlarm Spy Blocker Malwarebytes' Anti-Malware HijackThis 2.0.2 Adobe Flash Player 10 Adobe Reader 7.0.9 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: nslookup.exe missing! GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Remaining issue: I cannot rename a folder in my C: drive. If I try to rename an existing folder or create a new one and name it, I get an "Error renaming File or Folder" Error reads: Cannot rename New Folder: There has been a sharing violation. The source or destination file may be in use. Any suggestions? Thanks.
  9. Please Help
    Hi, I renamed the erase_SR file as instructed. Here is my report from the F-secure scan: 7 malware found TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Imrworldwide (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 49565 System: 3271 Not scanned: 8 Actions: Disinfected: 7 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINNT\SYSTEM32\CONFIG\DEFAULT C:\WINNT\SYSTEM32\CONFIG\SAM C:\WINNT\SYSTEM32\CONFIG\SECURITY C:\WINNT\SYSTEM32\CONFIG\SOFTWARE C:\WINNT\SYSTEM32\CONFIG\SYSTEM C:\OFFICESCAN\SUSPECT\MWSOEMON.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ETILQS_HHRNNGNS791ZXZSB8S5P -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics
  10. Please Help
    I cannot post the results from the last VirusTotal analysis. After clicking on the <Add Reply> button, I get Method not implemented, POST to /forums/index.php not supported Here is the link to the results for c:\winnt\system32\mspmsnsv.dll: http://www.virustotal.com/analisis/05e7195...8bef-1250643399
  11. Please Help
    Hi, Here are the results for the first two VirusTotal analysis, the last one will be in another reply: c:\winnt\erase_SR.exe File a01bc613e7f7df8468a2f5ed8db09d9e received on 2009.07.08 16:49:29 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.18 2009.07.08 - AhnLab-V3 5.0.0.2 2009.07.08 - AntiVir 7.9.0.204 2009.07.08 - Antiy-AVL 2.0.3.1 2009.07.08 - Authentium 5.1.2.4 2009.07.08 - Avast 4.8.1335.0 2009.07.07 - AVG 8.5.0.386 2009.07.08 - BitDefender 7.2 2009.07.08 - CAT-QuickHeal 10.00 2009.07.08 - ClamAV 0.94.1 2009.07.08 - Comodo 1578 2009.07.08 - DrWeb 5.0.0.12182 2009.07.08 - eSafe 7.0.17.0 2009.07.08 - eTrust-Vet 31.6.6604 2009.07.08 - F-Prot 4.4.4.56 2009.07.07 - F-Secure 8.0.14470.0 2009.07.08 - Fortinet 3.117.0.0 2009.07.03 - GData 19 2009.07.08 - Ikarus T3.1.1.64.0 2009.07.08 - Jiangmin 11.0.706 2009.07.08 - K7AntiVirus 7.10.787 2009.07.08 - Kaspersky 7.0.0.125 2009.07.08 - McAfee 5670 2009.07.08 - McAfee+Artemis 5670 2009.07.08 - McAfee-GW-Edition 6.8.5 2009.07.08 - Microsoft 1.4803 2009.07.08 - NOD32 4224 2009.07.08 - Norman 6.01.09 2009.07.08 - nProtect 2009.1.8.0 2009.07.08 - Panda 10.0.0.14 2009.07.08 - PCTools 4.4.2.0 2009.07.08 - Prevx 3.0 2009.07.08 - Rising 21.37.24.00 2009.07.08 - Sophos 4.43.0 2009.07.08 - Sunbelt 3.2.1858.2 2009.07.08 - Symantec 1.4.4.12 2009.07.08 - TheHacker 6.3.4.3.363 2009.07.08 - TrendMicro 8.950.0.1094 2009.07.08 - VBA32 3.12.10.7 2009.07.08 - ViRobot 2009.7.8.1824 2009.07.08 Backdoor.Win32.SdBot.69632.H VirusBuster 4.6.5.0 2009.07.08 - Additional information File size: 69632 bytes MD5 : a01bc613e7f7df8468a2f5ed8db09d9e SHA1 : 14c0569f8058449791e8608bf92c868d2afa086e SHA256: 9d5961d21da2f0b61aea8920a3bf0f07c58d92a2ee1348701e617712b8cbd1a0 PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x3D8F<br> timedatestamp.....: 0x3B02B772 (Wed May 16 19:22:58 2001)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0xA03A 0xB000 6.25 1eb5060072ff3fd978cea87c10687c8b<br>.rdata 0xC000 0x1B0A 0x2000 3.94 7461449c8381ae3f61344f090acc513b<br>.data 0xE000 0x4748 0x3000 1.23 7b351c5c6350c5cb376f727b71776157<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br> TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) ssdeep: 768:bVmBqhguxKj0DeYy+ymquJfRa/ZA2J4aYd9QfoWfGeoYZom:IqhxKjCBKZATaMQggom PEiD : Armadillo v1.71 CWSandbox: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a01bc613e7f7df8468a2f5ed8db09d9e" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a01bc613e7f7df8468a2f5ed8db09d9e</a> RDS : NSRL Reference Data Set<br>- c:\winnt\system32\CTFMON.EXE File CTFMON.EXE received on 2009.04.22 05:38:28 (UTC) Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.22 - AhnLab-V3 5.0.0.2 2009.04.22 - AntiVir 7.9.0.148 2009.04.21 - Antiy-AVL 2.0.3.1 2009.04.21 - Authentium 5.1.2.4 2009.04.21 - Avast 4.8.1335.0 2009.04.21 - AVG 8.5.0.287 2009.04.21 - BitDefender 7.2 2009.04.22 - CAT-QuickHeal 10.00 2009.04.22 - ClamAV 0.94.1 2009.04.22 - Comodo 1124 2009.04.21 - DrWeb 4.44.0.09170 2009.04.22 - eSafe 7.0.17.0 2009.04.21 - eTrust-Vet 31.6.6440 2009.04.20 - F-Prot 4.4.4.56 2009.04.21 - F-Secure 8.0.14470.0 2009.04.22 - Fortinet 3.117.0.0 2009.04.22 - GData 19 2009.04.22 - Ikarus T3.1.1.49.0 2009.04.22 - K7AntiVirus 7.10.710 2009.04.21 - Kaspersky 7.0.0.125 2009.04.22 - McAfee 5591 2009.04.21 - McAfee+Artemis 5591 2009.04.21 - McAfee-GW-Edition 6.7.6 2009.04.22 - Microsoft 1.4602 2009.04.21 - NOD32 4026 2009.04.21 - Norman 6.00.06 2009.04.21 - nProtect 2009.1.8.0 2009.04.22 - Panda 10.0.0.14 2009.04.21 - PCTools 4.4.2.0 2009.04.21 - Prevx1 V2 2009.04.22 - Rising 21.26.20.00 2009.04.22 - Sophos 4.40.0 2009.04.22 - Sunbelt 3.2.1858.2 2009.04.21 - Symantec 1.4.4.12 2009.04.22 - TheHacker 6.3.4.0.312 2009.04.22 - TrendMicro 8.700.0.1004 2009.04.22 - VBA32 3.12.10.2 2009.04.21 - ViRobot 2009.4.22.1703 2009.04.22 - VirusBuster 4.6.5.0 2009.04.21 - Additional information File size: 11264 bytes MD5 : ab176f2171db704d51b8809e8a5c38bd SHA1 : fd3e82bb62bf86e5342ceefee104c9de741f624f SHA256: 3768c80d11f4e6f017740dc3f47b6ebe84be3e1f9d72bba056b09c342e23dec3 PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x2176<br> timedatestamp.....: 0x423F46EB (Mon Mar 21 23:12:59 2005)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x1F2A 0x2000 6.92 5ac20db19a0db6fec2a438f49f9c55b1<br>.data 0x3000 0x1C8 0x200 0.88 fc5d6b36ccfaa664ad676ff8ddae26cb<br>.rsrc 0x4000 0x5D0 0x600 3.37 22ff68b90e4c9a61303c57a7cb1198d2<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br> TrID : File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 192:V2FGoSzlYWpiqfd/Yq4HED1XT8uGagB5ycdTUgS5yWopW:V2jgt4WXgslc9Uv8WopW PEiD : - RDS : NSRL Reference Data Set<br>-
  12. Please Help
    Hi and thanks for your help. Update: By fixing one line from the Hijack This, I was able run and delete all the files from MBAM and they did not return after rebooting this time. Then I got your message about running ComboFix... So, my last MBAM log contained no infected files: Malwarebytes' Anti-Malware 1.40 Database version: 2702 Windows 5.0.2195 Service Pack 4 8/26/2009 8:35:06 PM mbam-log-2009-08-26 (20-35-06).txt Scan type: Quick Scan Objects scanned: 95890 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix log: ComboFix 09-08-26.05 - Administrator 08/26/2009 17:13.1.1 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.639.390 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Administrator\Application Data\Windows Protection Suite c:\documents and settings\Administrator\Application Data\Windows Protection Suite\cookies.sqlite c:\documents and settings\Administrator\Local Settings\Temp\IadHide5.dll c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Application Data\WINSPSys c:\documents and settings\All Users\Application Data\WINSPSys\winps.cfg c:\program files\Mozilla Firefox\searchplugins\search.xml c:\recycler\S-1-5-21-1004336348-1788223648-725345543-500 c:\recycler\S-1-5-21-1106591827-654009076-425818713-500 c:\recycler\S-1-5-21-1161191959-2006596497-1451377629-500 c:\recycler\S-1-5-21-1851790228-1399273013-1408832246-500 c:\recycler\S-1-5-21-244122443-1089559749-1396666437-500 c:\recycler\S-1-5-21-634664336-1480134410-1310543000-500 c:\recycler\S-1-5-21-797854463-345337248-359742564-500 c:\winnt\system32\UACpyeutowkurgwvbl.dat c:\winnt\Web\default.htt ----- BITS: Possible infected sites ----- hxxp://download.esd.intuit.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UACd.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))))) . 2009-08-24 23:53 . 2009-03-30 14:32 97512 ----a-w- c:\winnt\system32\drivers\avipbb.sys 2009-08-24 23:53 . 2009-03-24 20:07 65240 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2009-08-24 23:53 . 2009-02-13 16:28 18520 ----a-w- c:\winnt\system32\drivers\avgntmgr.sys 2009-08-24 23:53 . 2009-02-13 16:16 64488 ----a-w- c:\winnt\system32\drivers\avgntdd.sys 2009-08-24 23:53 . 2009-08-24 23:53 -------- d-----w- c:\program files\Avira 2009-08-24 23:53 . 2009-08-24 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-24 23:26 . 2009-08-24 23:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2009-08-24 02:31 . 2009-07-24 13:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-08-24 02:19 . 2009-08-24 02:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-08-24 01:09 . 2009-08-24 01:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8 2009-08-24 00:22 . 2009-08-24 00:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-08-23 20:03 . 2008-10-16 18:06 268648 ----a-w- c:\winnt\system32\mucltui.dll 2009-08-23 02:27 . 2004-07-14 01:12 69632 ------w- c:\winnt\erase_SR.exe 2009-08-23 02:13 . 2009-08-23 02:13 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-12 21:09 . 2009-08-12 21:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC-FAX TX 2009-08-11 20:56 . 2009-04-23 09:05 407552 ----a-w- c:\winnt\system32\mstsc.exe 2009-08-11 20:56 . 2009-06-15 07:23 655872 -c----w- c:\winnt\system32\dllcache\mstscax.dll 2009-08-11 20:56 . 2009-06-15 07:23 655872 ----a-w- c:\winnt\system32\mstscax.dll 2009-08-05 05:04 . 2009-08-05 05:04 90164 -c----w- c:\winnt\system32\dllcache\atl.dll 2009-08-05 05:04 . 2009-08-05 05:04 90164 ----a-w- c:\winnt\system32\atl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-24 23:38 . 2009-05-22 21:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\avg8 2009-08-24 01:28 . 2009-05-22 21:30 -------- d-----w- c:\program files\AVG 2009-08-24 00:59 . 2004-07-29 09:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-24 00:54 . 2004-07-29 12:20 -------- d-----w- c:\program files\RealVNC 2009-08-23 22:15 . 2009-05-23 00:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-23 19:55 . 2004-07-29 08:51 70520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-23 03:53 . 2006-07-29 20:45 -------- d-----w- c:\program files\Trend Micro 2009-08-23 02:16 . 2009-06-01 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 02:13 . 2007-06-20 21:48 30386478 ----a-w- c:\winnt\Internet Logs\tvDebug.zip 2009-08-03 17:36 . 2009-06-01 20:10 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2009-06-01 20:10 18456 ----a-w- c:\winnt\system32\drivers\mbam.sys 2009-07-27 11:27 . 1999-12-06 21:00 81168 ----a-w- c:\winnt\system32\fontsub.dll 2009-07-27 11:27 . 1999-12-06 21:00 165136 ----a-w- c:\winnt\system32\t2embed.dll 2009-07-22 00:30 . 2009-07-22 14:14 1073664 ----a-w- c:\winnt\Internet Logs\xDB4B.tmp 2009-07-13 16:54 . 2009-07-13 16:45 1878984 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-07-13 13:13 . 2004-06-17 21:02 78608 ----a-w- c:\winnt\system32\avifil32.dll 2009-07-13 06:18 . 2004-06-22 18:45 233472 ----a-w- c:\winnt\system32\wmpdxm.dll 2009-07-12 20:13 . 2009-07-12 20:15 6497280 ----a-w- c:\winnt\Internet Logs\xDB4A.tmp 2009-07-12 20:13 . 2009-07-12 20:15 2692608 ----a-w- c:\winnt\Internet Logs\xDB49.tmp 2009-07-12 04:02 . 2009-07-12 04:02 159032 ----a-w- c:\winnt\system32\atl90.dll 2009-07-11 23:41 . 2009-07-11 23:41 97280 ----a-w- c:\winnt\system32\ATL80.dll 2009-07-10 16:49 . 2004-06-07 18:19 601088 ----a-w- c:\winnt\system32\INETCOMM.DLL 2009-07-10 16:49 . 2002-10-11 19:08 47616 ----a-w- c:\winnt\system32\INETRES.DLL 2009-07-10 16:49 . 2003-03-03 20:57 229376 ----a-w- c:\winnt\system32\MSOEACCT.DLL 2009-07-10 16:49 . 2003-03-03 20:57 91136 ----a-w- c:\winnt\system32\MSOERT2.DLL 2009-07-10 16:47 . 2003-03-03 20:57 44032 ----a-w- c:\winnt\system32\MSIDENT.DLL 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\3DVIA 2009-06-26 15:53 . 2009-06-26 15:53 576512 ----a-w- c:\winnt\system32\WININET.DLL 2009-06-02 23:23 . 2004-06-22 13:59 1225728 ----a-w- c:\winnt\system32\quartz.dll 2009-06-01 20:23 . 2009-06-01 20:24 5982208 ----a-w- c:\winnt\Internet Logs\xDB48.tmp 2009-06-01 20:23 . 2009-06-01 20:24 24064 ----a-w- c:\winnt\Internet Logs\xDB47.tmp 2009-06-01 20:19 . 2009-06-01 20:20 61440 ----a-w- c:\winnt\Internet Logs\xDB46.tmp 2009-06-01 20:12 . 2009-06-01 20:13 5981696 ----a-w- c:\winnt\Internet Logs\xDB45.tmp 2009-06-01 19:58 . 2009-06-01 19:59 5976064 ----a-w- c:\winnt\Internet Logs\xDB44.tmp 2009-06-01 19:34 . 2009-06-01 19:37 41984 ----a-w- c:\winnt\Internet Logs\xDB42.tmp 2009-06-01 19:34 . 2009-06-01 19:37 5952000 ----a-w- c:\winnt\Internet Logs\xDB43.tmp 2009-06-01 19:30 . 2009-06-01 19:32 5959680 ----a-w- c:\winnt\Internet Logs\xDB41.tmp 2009-06-01 19:24 . 2009-06-01 19:25 51200 ----a-w- c:\winnt\Internet Logs\xDB40.tmp 2009-06-01 19:19 . 2009-06-01 19:21 5947392 ----a-w- c:\winnt\Internet Logs\xDB3F.tmp 2009-06-01 19:03 . 2009-06-01 19:05 311808 ----a-w- c:\winnt\Internet Logs\xDB3E.tmp 2004-06-16 18:52 . 2004-06-16 18:52 21952 ---h--w- c:\program files\folder.htt 2009-05-17 20:25 . 2009-05-17 20:25 0 --sh--r- c:\winnt\FFSSET.BIN . ------- Sigcheck ------- [-] 2005-03-21 19:13 11264 AB176F2171DB704D51B8809E8A5C38BD c:\winnt\system32\CTFMON.EXE [-] 2002-11-26 23:03 52224 36678803A8030EE9A771935CFC1848BD c:\winnt\system32\mspmsnsv.dll c:\winnt\system32\drivers\ip6fw.sys ... is missing !! c:\winnt\system32\termsrv.dll ... is missing !! c:\winnt\system32\comres.dll ... is missing !! c:\winnt\system32\xmlprov.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\winnt\system32\NVMCTRAY.DLL" [2003-10-06 49152] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-01-12 2500096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-10-06 5058560] "OfficeScanNT Monitor"="c:\officescan\pccntmon.exe" [2006-02-07 356352] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-13 282624] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248] "CitiVAN"="c:\program files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 192512] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376] "nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2003-10-06 741376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-11-18 241664] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/24/2009 7:53 PM 108289] R2 Array_Utility_Service8.3.1.84;Array Utility Service 8,3,1,84;c:\program files\Array Networks\Common\8,3,1,84\arr_isrv.exe [9/29/2008 9:01 AM 344139] R2 ArraySSL_VPN_Service8.3.1.84;Array SSL VPN Service 8,3,1,84;c:\program files\Array Networks\Array SSL VPN\8,3,1,84\arr_srvs.exe [9/29/2008 9:01 AM 192587] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 12:37 PM 13088] R2 TmFilter;Trend Micro Filter;c:\officescan\TmFilter.sys [11/9/2005 8:32 PM 252128] S3 ATP;Array Networks VPN Adapter;c:\winnt\system32\drivers\atpdrvr.sys [9/29/2008 9:01 AM 16896] S3 OnePointDomainAdminService;Domain Migration Administrator Agent;c:\program files\OnePointDomainAgent\DCTAgentService.exe [4/24/2006 5:01 PM 122880] --- Other Services/Drivers In Memory --- *NewlyCreated* - IPNAT *NewlyCreated* - RASAUTO *NewlyCreated* - SHAREDACCESS . - - - - ORPHANS REMOVED - - - - Notify-ckpNotify - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://msn.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DEIIIDJGBHHJDEF LSP: %SystemRoot%\system32\msafd.dll Trusted Zone: turbotax.com Trusted Zone: webkinz.com\www TCP: {C19B43F9-0961-495C-8354-95504CAF6F57} = 10.0.26.210 DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://connect.ny.itg.com/prx/000/http/localhost/arr_x.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x7dge8is.default\ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 17:36 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(180) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL - - - - - - - > 'explorer.exe'(2024) c:\winnt\AppPatch\AcLayers.DLL c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide5.dll c:\winnt\system32\SHDOCVW.DLL . Completion time: 2009-08-26 17:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-26 21:55 Pre-Run: 4,354,150,400 bytes free Post-Run: 6,573,850,624 bytes free 218 --- E O F --- 2009-08-25 21:23 Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:10 PM, on 8/26/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Array Networks\Common\8,3,1,84\arr_isrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Array Networks\Array SSL VPN\8,3,1,84\arr_srvs.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\OfficeScan\ntrtscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\OfficeScan\tmlisten.exe C:\OfficeScan\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\OfficeScan\OfcPfwSvc.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\OfficeScan\pccntupd.exe C:\WINNT\TEMP\ZR806B.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [shutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DEIIIDJGBHHJDEF (file missing) O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DEIIIDJGBHHJDEF (file missing) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251040415281 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://connect.ny.itg.com/prx/000/http/localhost/arr_x.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Array SSL VPN Service 8,3,1,84 (ArraySSL_VPN_Service8.3.1.84) - Array Networks, Inc. - C:\Program Files\Array Networks\Array SSL VPN\8,3,1,84\arr_srvs.exe O23 - Service: Array Utility Service 8,3,1,84 (Array_Utility_Service8.3.1.84) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,84\arr_isrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan\OfcPfwSvc.exe O23 - Service: Domain Migration Administrator Agent (OnePointDomainAdminService) - NetIQ Corporation - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe -- End of file - 11573 bytes Thanks very much again, I really appreciate your help!
  13. Please Help
    Ran anti-malware, it found some infected files which were deleted, but after rebooting they returned. Cannot use Task Manager. Here is the log from HijackThis, Thanks. : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:02:21 PM, on 8/23/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Array Networks\Common\8,3,1,84\arr_isrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Array Networks\Array SSL VPN\8,3,1,84\arr_srvs.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\OfficeScan\ntrtscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\OfficeScan\tmlisten.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\OfficeScan\OfcPfwSvc.exe C:\WINNT\TEMP\LI813B.EXE C:\OfficeScan\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe C:\Documents and Settings\All Users\Application Data\fead405\WIfead.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O1 - Hosts: 94.232.248.66 browser-security.microsoft.com O1 - Hosts: 94.232.248.66 antivirprotection.com O1 - Hosts: 94.232.248.66 www.antivirprotection.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [shutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly O4 - HKCU\..\Run: [Windows Protection Suite] "C:\Documents and Settings\All Users\Application Data\fead405\WIfead.exe" /s /d O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DEIIIDJGBHHJDEF (file missing) O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DEIIIDJGBHHJDEF (file missing) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251040415281 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} (ArrVPNAX Control) - https://connect.ny.itg.com/prx/000/http/localhost/arr_x.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Array SSL VPN Service 8,3,1,84 (ArraySSL_VPN_Service8.3.1.84) - Array Networks, Inc. - C:\Program Files\Array Networks\Array SSL VPN\8,3,1,84\arr_srvs.exe O23 - Service: Array Utility Service 8,3,1,84 (Array_Utility_Service8.3.1.84) - Array Networks, Inc. - C:\Program Files\Array Networks\Common\8,3,1,84\arr_isrv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan\OfcPfwSvc.exe O23 - Service: Domain Migration Administrator Agent (OnePointDomainAdminService) - NetIQ Corporation - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan\tmlisten.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe -- End of file - 13027 bytes
  14. Please Help
    Thanks, I will do that.
  15. Please Help
    I have 'Windows Protection Suite' virus on my computer. When I run Malwarebytes Anti-Malware on my machine, it finds the infected files and I remove the selected, but to complete the removal process it indicates I have to reboot my machine. After I reboot, I see the false error messages Windows Protection Suite displays again and I know it has not been removed from my machine. I rerun the Malwarebytes Anti-Malware a second time and it seems to find the same infected files again. The same cycle occurs again and again after rebooting. Anti-Malware must be missing some infected files because after rebooting, the previously deleted files are detected on my machine again . Any suggestions? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.