Jump to content

hockeylove

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. hockeylove
    Thanks so much for your help!
  2. hockeylove
    Hi, Thanks!! Here is Security Check checkup.txt; Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 CA eTrust PestPatrol Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 21 Out of date Java installed! Adobe Flash Player Adobe Reader 7.0 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe ALWILS~1 Avast5 avastUI.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````
  3. hockeylove
    Hi, F-Secure scan again will not seem to do anything. This time I left it for twoo hours and came back to see the same screen- with "dial" timmer. I read that i might need to remove certain programs for this to run? Is there an alternitive to this scan? Thanks
  4. hockeylove
    The ESET OnlineScan worked with no problem Here is the report- C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Application Data\Sun\Java\Deployment\cache\6.0\6\49e26146-23cf8ed9 multiple threats C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP137\A0011302.sys Win32/Olmarik.ZC trojan
  5. hockeylove
    Hi, F-Secure Online Scanner never got going. No notification bar to install the ActiveX control , but let me accept the License terms. Never got past that to downloaded scanner components and databases.
  6. hockeylove
    Hi- Here are the logs ComboFix 10-07-19.05 - Owner 07/20/2010 14:01:13.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.409 [GMT -4:00] Running from: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\rldxfmitr c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\tvejivncc c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\wcvtywynm . ((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 ))))))))))))))))))))))))))))))) . 2010-07-19 22:41 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-07-19 22:40 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-19 22:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-07-19 04:05 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-19 04:05 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-19 04:05 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-19 04:05 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-19 04:05 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-19 04:05 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-19 04:05 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-19 04:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-07-19 04:04 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-18 15:44 . 2010-07-18 15:44 -------- d-----w- C:\spoolerlogs 2010-07-11 04:26 . 2010-07-11 04:26 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-20 01:20 . 2006-10-23 14:48 28078 ----a-w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\wklnhst.dat 2010-07-18 15:43 . 2010-07-18 15:43 16384 ----a-w- c:\windows\~DF3978.tmp 2010-06-22 03:31 . 2010-01-20 04:34 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\ZoomBrowser EX 2010-06-15 04:16 . 2009-09-23 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-06-14 14:31 . 2006-06-17 09:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-10 22:59 . 2006-08-10 15:09 -------- d-----w- c:\program files\America Online 9.0 2010-05-27 05:45 . 2010-03-02 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-04 17:20 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2009-09-10 12:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22 . 2006-06-17 09:23 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-02 04:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-02 04:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2008-04-25 14:36 . 2008-04-25 14:36 449784 ----a-w- c:\program files\msgr8us.exe 1998-02-10 23:34 . 2007-01-13 20:26 128000 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7311360] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PD6000StatusMonitor"="c:\windows\system32\PD6000SM.EXE" [2003-02-21 266240] "nwiz"="nwiz.exe" [2005-11-30 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-30 86016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "HostManager"="c:\program files\Common Files\AOL\1155222575\EE\AOLHostManager.exe" [2004-11-03 125528] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312] "RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232] . Contents of the 'Scheduled Tasks' folder 2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-20 14:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2676) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-20 14:08:56 ComboFix-quarantined-files.txt 2010-07-20 18:08 ComboFix2.txt 2010-07-20 17:21 ComboFix3.txt 2010-07-20 05:16 ComboFix4.txt 2010-07-19 22:13 ComboFix5.txt 2010-07-20 17:54 Pre-Run: 164,272,013,312 bytes free Post-Run: 164,249,165,824 bytes free - - End Of File - - 01104DD23E0E4ED8AFABB684B9E3832B DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 14:13:05.42 on Tue 07/20/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.361 [GMT -4:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [readericon] c:\program files\digital media reader\readericon45G.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [PD6000StatusMonitor] c:\windows\system32\PD6000SM.EXE mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HostManager] c:\program files\common files\aol\1155222575\ee\AOLHostManager.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CHotkey] zHotkey.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_02\bin\jusched.exe" StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-22 93320] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-10 30192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232] =============== Created Last 30 ================ 2010-07-20 17:05:55 98816 ----a-w- c:\windows\sed.exe 2010-07-20 17:05:55 77312 ----a-w- c:\windows\MBR.exe 2010-07-20 17:05:55 256512 ----a-w- c:\windows\PEV.exe 2010-07-20 17:05:55 161792 ----a-w- c:\windows\SWREG.exe 2010-07-19 22:41:04 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-07-19 22:40:46 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-19 22:39:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-07-19 22:03:37 0 d-sha-r- C:\cmdcons 2010-07-19 15:33:26 49265 ----a-w- c:\windows\system32\jpicpl32.cpl 2010-07-19 04:04:58 38848 ----a-w- c:\windows\avastSS.scr 2010-07-18 15:44:37 0 d-----w- C:\spoolerlogs 2010-07-18 15:43:18 16384 ----a-w- c:\windows\~DF3978.tmp 2010-07-11 04:26:42 0 d-----w- c:\docume~1\owner~1.you\applic~1\MSNInstaller ==================== Find3M ==================== 2010-07-20 01:20:55 28078 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2008-04-25 14:36:55 449784 ----a-w- c:\program files\msgr8us.exe 1998-02-10 23:34:48 128000 ----a-w- c:\program files\UNWISE.EXE 2009-11-06 16:05:24 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-11-17 22:00:41 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-12-03 02:11:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat 2009-11-09 19:58:04 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat ============= FINISH: 14:13:13.78 ===============
  7. hockeylove
    Thank you again Here is the MBAM Quick Scan log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4326 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/19/2010 9:11:26 PM mbam-log-2010-07-19 (21-11-26).txt Scan type: Quick scan Objects scanned: 144387 Time elapsed: 6 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. hockeylove
    Sorry here is the whole log ComboFix 10-07-18.05 - Owner 07/19/2010 13:21:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.579 [GMT -4:00] Running from: c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1663827251 c:\documents and settings\Owner.YOUR-D3D3F0FEB8\GoToAssistDownloadHelper.exe c:\windows\igeyogovi.dll c:\windows\system32\11478.exe c:\windows\system32\15724.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\28145.exe c:\windows\system32\29358.exe c:\windows\system32\491.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\logs c:\windows\system32\logs\Settings.dat c:\windows\Tasks\fzvlzcog.job c:\windows\uvebuhog.dll c:\windows\xpsp1hfm.log Infected copy of c:\windows\system32\drivers\sym_u3.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-19 04:05 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-19 04:05 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-19 04:05 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-19 04:05 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-19 04:05 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-19 04:05 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-19 04:05 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-19 04:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-07-19 04:04 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-18 15:44 . 2010-07-18 15:44 -------- d-----w- C:\spoolerlogs 2010-07-18 15:40 . 2010-07-18 15:59 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\tvejivncc 2010-07-11 04:26 . 2010-07-11 04:26 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\MSNInstaller 2010-06-24 16:32 . 2010-06-24 17:04 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\rldxfmitr 2010-06-19 23:52 . 2010-06-20 03:19 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Local Settings\Application Data\wcvtywynm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-19 06:13 . 2006-10-23 14:48 28078 ----a-w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\wklnhst.dat 2010-07-18 15:43 . 2010-07-18 15:43 16384 ----a-w- c:\windows\~DF3978.tmp 2010-06-22 21:44 . 2010-02-18 12:32 419776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-06-22 03:31 . 2010-01-20 04:34 -------- d-----w- c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\ZoomBrowser EX 2010-06-15 04:16 . 2009-09-23 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-06-10 22:59 . 2006-08-10 15:09 -------- d-----w- c:\program files\America Online 9.0 2010-05-27 05:45 . 2010-03-02 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 19:39 . 2010-03-02 04:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-02 04:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2008-04-25 14:36 . 2008-04-25 14:36 449784 ----a-w- c:\program files\msgr8us.exe 1998-02-10 23:34 . 2007-01-13 20:26 128000 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((( SnapShot@2009-11-17_21.06.52 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll - 2006-06-17 09:23 . 2009-11-05 08:22 72108 c:\windows\system32\perfc009.dat + 2006-06-17 09:23 . 2010-06-20 14:54 72108 c:\windows\system32\perfc009.dat - 2006-08-10 15:24 . 2008-09-08 17:19 16105 c:\windows\system32\Lang\TradChin.bin + 2006-08-10 15:24 . 2009-11-23 16:42 16105 c:\windows\system32\Lang\TradChin.bin + 2006-08-10 15:24 . 2009-11-23 16:42 20305 c:\windows\system32\Lang\Thai.bin - 2006-08-10 15:24 . 2008-09-08 17:19 20305 c:\windows\system32\Lang\Thai.bin - 2006-08-10 15:24 . 2008-09-08 17:19 22252 c:\windows\system32\Lang\SWEDISH.bin + 2006-08-10 15:24 . 2009-11-23 16:42 22252 c:\windows\system32\Lang\SWEDISH.bin - 2006-08-10 15:24 . 2008-09-08 17:19 25526 c:\windows\system32\Lang\Spanish.bin + 2006-08-10 15:24 . 2009-11-23 16:42 25526 c:\windows\system32\Lang\Spanish.bin + 2006-08-10 15:24 . 2009-11-23 16:42 15224 c:\windows\system32\Lang\SimChin.bin - 2006-08-10 15:24 . 2008-09-08 17:19 15224 c:\windows\system32\Lang\SimChin.bin + 2006-08-10 15:24 . 2009-11-23 16:42 24205 c:\windows\system32\Lang\Russian.bin - 2006-08-10 15:24 . 2008-09-08 17:19 24205 c:\windows\system32\Lang\Russian.bin + 2006-08-10 15:24 . 2009-11-23 16:42 24139 c:\windows\system32\Lang\Portuguese.bin - 2006-08-10 15:24 . 2008-09-08 17:19 24139 c:\windows\system32\Lang\Portuguese.bin - 2006-08-10 15:24 . 2008-09-08 17:19 23011 c:\windows\system32\Lang\Portuguese(Brazil).bin + 2006-08-10 15:24 . 2009-11-23 16:42 23011 c:\windows\system32\Lang\Portuguese(Brazil).bin - 2006-08-10 15:24 . 2008-09-08 17:19 22098 c:\windows\system32\Lang\Polish.bin + 2006-08-10 15:24 . 2009-11-23 16:42 22098 c:\windows\system32\Lang\Polish.bin - 2006-08-10 15:24 . 2008-09-08 17:19 18617 c:\windows\system32\Lang\Korean.bin + 2006-08-10 15:24 . 2009-11-23 16:42 18617 c:\windows\system32\Lang\Korean.bin - 2006-08-10 15:24 . 2008-09-08 17:19 22506 c:\windows\system32\Lang\Japanese.bin + 2006-08-10 15:24 . 2009-11-23 16:42 22506 c:\windows\system32\Lang\Japanese.bin - 2006-08-10 15:24 . 2008-09-08 17:19 25297 c:\windows\system32\Lang\Italian.bin + 2006-08-10 15:24 . 2009-11-23 16:42 25297 c:\windows\system32\Lang\Italian.bin - 2006-08-10 15:24 . 2008-09-08 17:19 22982 c:\windows\system32\Lang\Greek.bin + 2006-08-10 15:24 . 2009-11-23 16:42 22982 c:\windows\system32\Lang\Greek.bin + 2006-08-10 15:24 . 2009-11-23 16:42 23724 c:\windows\system32\Lang\German.bin - 2006-08-10 15:24 . 2008-09-08 17:19 23724 c:\windows\system32\Lang\German.bin + 2006-08-10 15:24 . 2009-11-23 16:42 25175 c:\windows\system32\Lang\French.bin - 2006-08-10 15:24 . 2008-09-08 17:19 25175 c:\windows\system32\Lang\French.bin - 2006-08-10 15:24 . 2008-09-08 17:19 20429 c:\windows\system32\Lang\English.bin + 2006-08-10 15:24 . 2009-11-23 16:42 20429 c:\windows\system32\Lang\English.bin - 2006-08-10 15:24 . 2008-09-08 17:19 23657 c:\windows\system32\Lang\Dutch.bin + 2006-08-10 15:24 . 2009-11-23 16:42 23657 c:\windows\system32\Lang\Dutch.bin - 2006-08-10 15:24 . 2008-09-08 17:19 22368 c:\windows\system32\Lang\Danish.bin + 2006-08-10 15:24 . 2009-11-23 16:42 22368 c:\windows\system32\Lang\Danish.bin + 2006-08-10 15:24 . 2009-11-23 16:42 19713 c:\windows\system32\Lang\Arabic.bin - 2006-08-10 15:24 . 2008-09-08 17:19 19713 c:\windows\system32\Lang\Arabic.bin + 2008-09-07 18:21 . 2005-03-04 09:07 49250 c:\windows\system32\javaw.exe + 2008-09-07 18:21 . 2005-03-04 09:06 49248 c:\windows\system32\java.exe + 2007-10-09 18:13 . 2007-10-09 18:13 38144 c:\windows\system32\drivers\EAPPkt.sys + 2009-11-17 21:59 . 2009-11-17 21:59 21035 c:\windows\system32\drivers\AegisP.sys + 2004-08-04 06:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys + 2006-08-10 15:12 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys + 2009-11-17 21:09 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-11-17 21:09 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-11-17 21:09 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-11-17 21:09 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-11-17 21:09 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-11-17 21:09 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\cache\rasauto.dll + 2009-11-17 21:09 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-11-17 21:09 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\cache\msgsvc.dll + 2009-11-17 21:09 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-11-17 21:09 . 2008-04-14 00:11 22016 c:\windows\system32\dllcache\cache\lpk.dll + 2009-11-17 21:09 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-11-17 21:09 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-11-17 21:09 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2009-11-17 21:09 . 2004-08-10 19:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys - 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-11-09 16:57 . 2009-11-17 21:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat + 2009-11-09 16:57 . 2009-11-17 22:00 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat - 2006-06-17 09:44 . 2009-11-17 21:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-06-17 09:44 . 2010-04-25 15:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-09-08 16:54 . 2005-07-14 15:48 40960 c:\windows\system32\ChCfg.exe - 2008-09-08 16:54 . 2005-07-14 14:48 40960 c:\windows\system32\ChCfg.exe + 2009-11-17 21:58 . 2009-11-17 21:58 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe + 2009-11-17 21:58 . 2009-11-17 21:58 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe - 2008-09-08 16:53 . 2005-05-02 16:43 69632 c:\windows\Alcmtr.exe + 2009-11-19 04:26 . 2005-05-02 17:43 69632 c:\windows\ALCMTR.EXE + 2006-08-10 15:12 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll + 2009-11-17 21:09 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\cache\sfc.dll + 2009-11-17 21:09 . 2004-08-10 19:00 2944 c:\windows\system32\dllcache\cache\null.sys + 2009-11-17 21:09 . 2004-08-10 19:00 4224 c:\windows\system32\dllcache\cache\beep.sys + 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2004-01-07 16:21 . 2004-01-07 15:21 237936 c:\windows\system32\unicows.dll - 2004-01-07 16:21 . 2004-01-07 16:21 237936 c:\windows\system32\unicows.dll + 2006-10-11 20:05 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIRES.DLL + 2006-10-11 20:05 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIDRVUI.DLL + 2006-10-11 20:05 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\eastman_kodak_compan1eb1\UNIDRV.DLL + 2006-06-17 09:23 . 2010-06-20 14:54 444358 c:\windows\system32\perfh009.dat - 2006-06-17 09:23 . 2009-11-05 08:22 444358 c:\windows\system32\perfh009.dat + 2008-09-07 18:21 . 2005-03-04 10:36 127078 c:\windows\system32\javaws.exe + 2007-12-28 20:02 . 2007-12-28 20:02 287232 c:\windows\system32\drivers\wg111v3.sys + 2004-03-16 17:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys + 2004-08-04 06:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys + 2009-11-17 21:09 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-11-17 21:09 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\cache\wininet.dll + 2009-11-17 21:09 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-11-17 21:09 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-11-17 21:09 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-11-17 21:09 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe + 2009-11-17 21:09 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll + 2009-11-17 21:09 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll + 2009-11-17 21:09 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys + 2009-11-17 21:09 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\cache\mfc40u.dll + 2009-11-17 21:09 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-11-17 21:09 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-11-17 21:09 . 2008-04-14 00:11 792064 c:\windows\system32\dllcache\cache\comres.dll + 2009-11-17 21:09 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\cache\comctl32.dll + 2009-11-17 21:09 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2010-03-02 02:21 . 2010-03-02 02:21 219648 c:\windows\Installer\16ddf6.msi + 2009-02-26 03:32 . 2009-12-11 06:03 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe - 2009-02-26 03:32 . 2009-02-26 03:32 102400 c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe + 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-11-17 21:09 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-11-17 21:09 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-11-17 21:09 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-11-17 21:09 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe + 2009-12-11 06:03 . 2009-12-11 06:03 3762688 c:\windows\Installer\2a05195d.msi - 2008-09-08 16:53 . 2005-11-09 09:14 15473664 c:\windows\RTHDCPL.exe + 2008-09-08 16:53 . 2005-11-09 10:14 15473664 c:\windows\RTHDCPL.exe + 2009-11-17 21:56 . 2009-11-17 21:56 17638912 c:\windows\Downloaded Installations\{BBDA860C-E4CC-4246-93D2-7E1E7698BB91}\NETGEAR WG111v3 wireless USB 2.0 adapter.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-30 7311360] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PD6000StatusMonitor"="c:\windows\system32\PD6000SM.EXE" [2003-02-21 266240] "nwiz"="nwiz.exe" [2005-11-30 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-30 86016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "HostManager"="c:\program files\Common Files\AOL\1155222575\EE\AOLHostManager.exe" [2004-11-03 125528] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "CHotkey"="zHotkey.exe" [2004-12-09 550912] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312] "RTHDCPL"="RTHDCPL.EXE" [2005-11-09 15473664] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232] . Contents of the 'Scheduled Tasks' folder 2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s . - - - - ORPHANS REMOVED - - - - BHO-{7a367c32-8288-483f-8e4e-85a844d815a5} - bemadoko.dll HKU-Default-Run-AntiVirus Plus - c:\documents and settings\Owner.YOUR-D3D3F0FEB8\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(680) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\zHotkey.exe c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\arservice.exe c:\windows\RTHDCPL.EXE c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\drivers\KodakCCS.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\ScsiAccess.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2010-07-19 13:35:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-19 17:35 ComboFix2.txt 2009-11-17 21:19 Pre-Run: 165,829,419,008 bytes free Post-Run: 165,800,259,584 bytes free - - End Of File - - C10F0C52032576C306A1086E9B85AA9D
  9. hockeylove
    I onil posted the larger of the two logs
  10. hockeylove
    HERE IS DDS LOG DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 18:31:34.98 on Mon 07/19/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.258 [GMT -4:00] AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\PD6000SM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE svchost.exe C:\PROGRA~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner.YOUR-D3D3F0FEB8\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [readericon] c:\program files\digital media reader\readericon45G.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [PD6000StatusMonitor] c:\windows\system32\PD6000SM.EXE mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HostManager] c:\program files\common files\aol\1155222575\ee\AOLHostManager.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [CHotkey] zHotkey.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_02\bin\jusched.exe" StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-22 93320] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-10 30192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232] =============== Created Last 30 ================ 2010-07-19 22:03:37 0 d-sha-r- C:\cmdcons 2010-07-19 17:09:40 77312 ----a-w- c:\windows\MBR.exe 2010-07-19 15:33:26 49265 ----a-w- c:\windows\system32\jpicpl32.cpl 2010-07-19 04:04:58 38848 ----a-w- c:\windows\avastSS.scr 2010-07-18 15:44:37 0 d-----w- C:\spoolerlogs 2010-07-18 15:43:18 16384 ----a-w- c:\windows\~DF3978.tmp 2010-07-11 04:26:42 0 d-----w- c:\docume~1\owner~1.you\applic~1\MSNInstaller ==================== Find3M ==================== 2010-07-19 06:13:47 28078 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat 2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe 2008-04-25 14:36:55 449784 ----a-w- c:\program files\msgr8us.exe 1998-02-10 23:34:48 128000 ----a-w- c:\program files\UNWISE.EXE 2009-11-06 16:05:24 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-11-17 22:00:41 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-12-03 02:11:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120220081203\index.dat 2009-11-09 19:58:04 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat ============= FINISH: 18:32:18.87 ===============
  11. hockeylove
    THNK YOU!! Here is the log c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-9 113664] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1155222575\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\drivers\\KodakCCS.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/19/2010 12:05 AM 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/19/2010 12:05 AM 17744] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/22/2009 11:49 PM 93320] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/10/2006 10:57 AM 30192] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232] . Contents of the 'Scheduled Tasks' folder 2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 18:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3456) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-07-19 18:13:24 ComboFix-quarantined-files.txt 2010-07-19 22:13 ComboFix2.txt 2010-07-19 17:35 ComboFix3.txt 2009-11-17 21:19 Pre-Run: 165,762,002,944 bytes free Post-Run: 165,743,779,840 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 3810C571F21001F0240E4092DEC4528E
  12. hockeylove
    I have been having problems with the google redirect virus. Did full scan and still have the problem. Ran Combo Fix, and now was told not to. Don't now what to do next. Thanks in advance!
  13. hockeylove
    When I type a search word or phrase in Google I get a list of proposed website, and then when I click on one of the listed websites, instead of goiing to that website, I am sent to a similar website (jump or redirect) that offers additional search services for the same word or phrase I ran a few MALWAREBYTES ANTI-MALWARE viruses were found and deleted. Then I ran AVAST virus scan and viruses were found and deleted The redirect is still not gone. As per other post I downloaded and ran COMBOFIX. I am affraid that I have a backdoor trojan or rootkit. Thank you so nuch for your help. MALWAREBYTES LOG Database version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/19/2010 1:50:52 AM mbam-log-2010-07-19 (01-50-52).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 39465 Time elapsed: 28 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 MALWAREBYTES LOG Database version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/19/2010 5:30:46 AM mbam-log-2010-07-19 (05-30-46).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 261080 Time elapsed: 58 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appinit_dlls (Trojan.Witkinat) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\eMusic Download Manager\winamp_plugin.exe (Adware.BHO) -> Quarantined and deleted successfully. COMBOFIX LOG scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,ff,a2,38,30,1b,c9,4b,84,54,db,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(680) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\zHotkey.exe c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLHOS~1.EXE c:\progra~1\COMMON~1\AOL\115522~1\EE\AOLServiceHost.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\arservice.exe c:\windows\RTHDCPL.EXE c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\drivers\KodakCCS.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\ScsiAccess.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\dllhost.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2010-07-19 13:35:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-19 17:35 ComboFix2.txt 2009-11-17 21:19 Pre-Run: 165,829,419,008 bytes free Post-Run: 165,800,259,584 bytes free - - End Of File - - C10F0C52032576C306A1086E9B85AA9D
  14. hockeylove
    Please help me, my computer is infected and I do not know how to remove these infected files. I ran Malwarebytes full scan and removed infected files but still have the google redirect problem. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 7/19/2010 5:30:46 AM mbam-log-2010-07-19 (05-30-46).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 261080 Time elapsed: 58 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appinit_dlls (Trojan.Witkinat) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\eMusic Download Manager\winamp_plugin.exe (Adware.BHO) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.