Jump to content

UncleGlenny

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by UncleGlenny

  1. UncleGlenny
    I still use the Ultima Online Client to play the Game Ultima Online. Is this unsafe? I followed your instructions and everything seemed to go ok. I also installed both programs you directed me to. Thanks for the tip on the freebie software. Here is the log you requested: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:07:44 AM, on 9/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WlanUtil_ASIL] C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248622636306 O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252897293921 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 6285 bytes
  2. UncleGlenny
    I found the DNA program and actually uninstalled it. I always wondered what that was. Log is ^^^^^. Thanks again.
  3. UncleGlenny
    As soon as I followed all your past instructions the Auto Updates opped right on! Thank you! As for the recommendations, as this computer was given to me, I am unsure what the P2P program is or how to shut it off. Any help? Here is the log you requested. In the mean time I'm going to try and find that program and shut it down. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:41:04 PM, on 9/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WlanUtil_ASIL] C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1248622636306 O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252897293921 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 6045 bytes
  4. UncleGlenny
    ComboFix 09-09-17.04 - trendys 09/17/2009 23:01.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.118 [GMT -5:00] Running from: c:\documents and settings\trendys\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\trendys\Desktop\CFScript.txt FILE :: "c:\windows\Lruqanunevifo.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\trendys\Local Settings\Application Data\{857973DA-F40C-4616-B14A-D0BAA03A8CC9} c:\documents and settings\trendys\Local Settings\Application Data\{857973DA-F40C-4616-B14A-D0BAA03A8CC9}\chrome.manifest c:\documents and settings\trendys\Local Settings\Application Data\{857973DA-F40C-4616-B14A-D0BAA03A8CC9}\chrome\content\_cfg.js c:\documents and settings\trendys\Local Settings\Application Data\{857973DA-F40C-4616-B14A-D0BAA03A8CC9}\chrome\content\overlay.xul c:\documents and settings\trendys\Local Settings\Application Data\{857973DA-F40C-4616-B14A-D0BAA03A8CC9}\install.rdf c:\windows\Lruqanunevifo.dat Malwarebytes' Anti-Malware 1.41 Database version: 2818 Windows 5.1.2600 Service Pack 3 9/18/2009 12:10:17 AM mbam-log-2009-09-18 (00-10-17).txt Scan type: Quick Scan Objects scanned: 85595 Time elapsed: 5 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-17 23:39 . 2009-09-17 23:39 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-17 23:39 . 2009-09-17 23:39 -------- d-----w- C:\Combo-Fix 2009-09-17 23:39 . 2009-09-17 23:39 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor 2009-09-17 18:45 . 2009-09-17 23:39 -------- d-----w- C:\RECYCLER(2) 2009-09-13 20:42 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-09-13 20:42 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-09-13 20:41 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2009-09-13 20:41 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-09-13 20:41 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-09-13 20:41 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-09-13 20:41 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys 2009-09-13 20:41 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-09-13 20:41 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2009-09-13 20:41 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-09-13 20:41 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2009-09-13 20:41 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-09-13 20:41 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2009-09-13 20:41 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-09-13 20:40 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-09-13 20:40 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-09-13 20:40 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-09-13 20:40 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-09-12 07:33 . 2009-09-12 07:33 -------- d-----w- c:\documents and settings\trendys\Application Data\Malwarebytes 2009-09-12 07:33 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 07:33 . 2009-09-17 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 07:33 . 2009-09-12 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 07:33 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 23:32 . 2009-09-10 23:32 -------- d-----w- c:\program files\UOAM 2009-09-06 16:53 . 2009-09-06 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Games 2009-09-06 08:07 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-09-05 16:17 . 2009-09-07 18:46 -------- d-----w- c:\documents and settings\trendys\Application Data\IGN_DLM 2009-09-04 21:10 . 2009-09-07 18:44 -------- d-----w- c:\program files\ConnectUO Desktop 2009-09-04 18:23 . 2009-09-16 07:54 -------- d-----w- c:\documents and settings\trendys\Local Settings\Application Data\ApplicationHistory 2009-09-04 18:19 . 2009-09-04 18:19 -------- d-----w- c:\windows\system32\URTTEMP 2009-08-28 08:08 . 2009-08-28 08:09 -------- d-----w- C:\57ae6288e3d1651e9098d233ffcf16e4 2009-08-26 18:22 . 2009-09-06 17:49 -------- d-----w- c:\program files\Razor 2009-08-26 18:15 . 2009-08-26 18:15 -------- d-----w- c:\program files\MSBuild 2009-08-26 18:06 . 2009-08-28 08:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-26 18:05 . 2009-08-26 18:05 -------- d-----w- c:\program files\Reference Assemblies 2009-08-26 18:04 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-26 08:00 . 2009-09-06 08:06 -------- d-----w- c:\program files\EA Games 2009-08-26 06:55 . 2009-08-26 06:55 -------- d-----w- c:\documents and settings\trendys\Local Settings\Application Data\DNA 2009-08-26 06:55 . 2009-09-18 04:09 -------- d-----w- c:\documents and settings\trendys\Application Data\DNA 2009-08-26 06:55 . 2009-09-18 04:09 -------- d-----w- c:\program files\DNA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-18 03:53 . 2007-11-13 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-06 23:35 . 2007-11-13 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-03 17:20 . 2007-12-20 16:00 30512 ----a-w- c:\documents and settings\trendys\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 17:52 . 2009-08-14 23:51 -------- d-----w- c:\documents and settings\trendys\Application Data\DivX 2009-08-16 23:13 . 2007-11-19 19:40 -------- d-----w- c:\documents and settings\trendys\Application Data\Apple Computer 2009-08-09 23:47 . 2009-08-09 23:47 -------- d-----w- c:\program files\Microsoft 2009-08-09 23:45 . 2009-08-09 23:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-09 23:45 . 2007-11-13 18:57 -------- d-----w- c:\program files\Java 2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 06:58 . 2009-07-31 06:58 -------- d-----w- c:\program files\NCH Software 2009-07-31 06:57 . 2009-07-31 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-07-31 06:57 . 2009-07-31 06:57 -------- d-----w- c:\documents and settings\trendys\Application Data\NCH Swift Sound 2009-07-27 09:14 . 2009-07-27 09:14 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-25 22:22 . 2009-07-25 22:21 -------- d-----w- c:\program files\iTunes 2009-07-25 22:22 . 2009-07-25 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-25 22:21 . 2009-07-25 22:21 -------- d-----w- c:\program files\iPod 2009-07-25 22:15 . 2007-11-19 19:36 -------- d-----w- c:\program files\Common Files\Apple 2009-07-25 22:12 . 2007-11-19 19:38 -------- d-----w- c:\program files\QuickTime 2009-07-25 22:09 . 2009-07-25 22:09 -------- d-----w- c:\program files\Apple Software Update 2009-07-25 21:10 . 2009-07-25 21:10 -------- d-----w- c:\program files\LanExpress 2009-07-25 21:10 . 2007-11-13 18:10 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-25 21:03 . 2009-07-25 21:03 -------- d-----w- c:\program files\Charter 2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2006-02-28 12:00 915456 ------w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\57ae6288e3d1651e9098d233ffcf16e4 ---- 2009-08-28 08:09 . 2008-06-19 05:33 72 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\msxpsinc.ppd 2009-08-28 08:09 . 2008-06-19 05:33 72 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\msxpsinc.ppd 2009-08-28 08:09 . 2008-06-19 05:33 2204 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\msxpsdrv.inf 2009-08-28 08:09 . 2008-06-19 16:03 73 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\msxpsinc.gpd 2009-08-28 08:09 . 2008-06-19 05:33 2204 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\msxpsdrv.inf 2009-08-28 08:09 . 2008-07-06 12:06 10929 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\msxpsdrv.cat 2009-08-28 08:09 . 2008-07-06 12:06 10929 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\msxpsdrv.cat 2009-08-28 08:09 . 2008-07-06 12:06 147456 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\filterpipelineprintproc.dll 2009-08-28 08:08 . 2008-07-06 12:06 89088 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\filterpipelineprintproc.dll 2009-08-28 08:08 . 2008-07-06 12:06 765440 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\mxdwdrv.dll 2009-08-28 08:08 . 2008-07-06 12:06 1676288 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\i386\xpssvcs.dll 2009-08-28 08:08 . 2008-07-06 12:06 748032 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\mxdwdrv.dll 2008-07-06 22:36 . 2008-07-06 22:36 2936832 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\xpssvcs.dll 2008-06-19 16:03 . 2008-06-19 16:03 73 ------w- c:\57ae6288e3d1651e9098d233ffcf16e4\amd64\msxpsinc.gpd ((((((((((((((((((((((((((((( SnapShot@2009-09-18_00.01.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-18 04:08 . 2009-09-18 04:08 16384 c:\windows\temp\Perflib_Perfdata_4e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-26 318272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "WlanUtil_ASIL"="c:\program files\LanExpress\WlanASIL\Utility\WlanASIL.exe" [2006-11-09 655360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\EA Games\\Ultima Online 2D Client\\client.exe"= "c:\\Program Files\\EA Games\\Ultima Online 2D Client\\UO.exe"= R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [7/25/2009 4:10 PM 18944] S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [7/25/2009 4:03 PM 437760] S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [7/25/2009 4:03 PM 408064] S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-17 23:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... hidec.exe [1916] scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2128) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-09-18 23:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-18 04:16 ComboFix2.txt 2009-09-18 00:07 ComboFix3.txt 2009-09-17 18:39 Pre-Run: 19,338,661,888 bytes free Post-Run: 19,297,763,328 bytes free 209 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=c134f0a6de904d4daed4719416990d5d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-18 05:00:00 # local_time=2009-09-18 12:00:00 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=63336 # found=5 # cleaned=5 # scan_time=1749 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\65860e6.sys.vir a variant of Win32/Rustock.NKU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP74\A0008797.sys a variant of Win32/Rustock.NKU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP74\A0008812.sys a variant of Win32/Rustock.NKU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP77\A0009438.sys a variant of Win32/Rustock.NKU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP77\A0009454.sys a variant of Win32/Rustock.NKU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. UncleGlenny
    The three log files requested are attached. All3Logs.txt
  6. UncleGlenny
    I keep getting left with two registry infections. It won't allow me to access Windows Updates. It won't let me turn the service on and when I try, it says access denied. I have read other posts concerning this but the people giving the solutions always warn that the solution given is for THAT PERSON ONLY. So, rather than trying to follow instructions given to someone else, I suppose I should get help from the beginning. Here is what the log says after I reboot: Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP64\A0007379.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\65860e6.sys (Rootkit.Rustock) -> Delete on reboot. The two Hiijack files stay however. Please help.
  7. UncleGlenny
    Anyone? Please...thank you.
  8. UncleGlenny
    I keep getting left with two infectionss. It won't allow me to access Windows Updates. It won't let me turn the service on and when I try is says access denied. I have read other posts concerning this but the people giving the solutions always warn that the solution given is for THAT PERSON ONLY. So, rather than trying to follow instructions given to someone else, I suppose I should get help from the beginning. Here is what the log says after I reboot: Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{617559B0-E6E1-4559-8464-307E56286962}\RP64\A0007379.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\65860e6.sys (Rootkit.Rustock) -> Delete on reboot. The two Hiijack files stay however. Please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.