Jump to content

landis31205

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. landis31205
    well.... i got through all of that with Avira Antivi.... it did detect 5 malicious files and quarantined them.... BUT i still have no programs listed under 'programs' and all my icons on the desktop are "hidden"; as well as files and folders all over.... would you happen to have any other suggestions.... or am i getting to the point of wiping this thing clean totally? (UGGHHHHHH) thanks!!!
  2. landis31205
    Just wondering how much longer I am suppose to wait to hear back from someone? my last contact was the 29th, and its the 2nd now.... in the meantime my computer now has windows xp recovery - using bleeping computers I tried to remove it, but got stuck at the tdsskill program, because although downloaded and saved to my desktop and renamed to a ".com" file it will not open and run.... please help me fix these issues.....
  3. landis31205
    i forgot to attach the screenshot; here it is
  4. landis31205
    Thanks for the reply! I tried to update malwarebytes, but got an error, a screenshot pix is attached for that i did run a quick scan; malwarebytes log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6956 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/29/2011 6:59:05 AM mbam-log-2011-06-29 (06-59-05).txt Scan type: Quick scan Objects scanned: 167464 Time elapsed: 11 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) combofix log ComboFix 11-06-29.02 - Landis 06/29/2011 7:46.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -4:00] Running from: c:\documents and settings\Landis\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Landis\Application Data\Adobe\plugs c:\documents and settings\Landis\Application Data\Adobe\shed c:\documents and settings\Landis\Desktop\Windows XP Repair.lnk c:\documents and settings\Landis\My Documents\iexplore.exe c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk c:\documents and settings\Landis\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk . c:\windows\system32\srsvc.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 ))))))))))))))))))))))))))))))) . . 2011-06-29 01:13 . 2011-06-29 01:13 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl2f4fd415.sys 2011-06-29 01:12 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\mpengine.dll 2011-06-28 10:48 . 2011-06-29 00:45 -------- d-----w- c:\documents and settings\Landis\Application Data\Sammsoft 2011-06-28 10:33 . 2011-06-29 10:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 10:33 . 2011-06-29 10:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-28 10:33 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-06-28 10:33 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-06-28 10:33 . 2011-06-28 10:33 -------- d-----w- c:\program files\Avira 2011-06-28 10:33 . 2011-06-28 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-06-28 10:30 . 2011-06-28 10:30 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-27 00:49 . 2011-06-27 00:49 -------- d--h--w- c:\documents and settings\Landis\Application Data\Malwarebytes 2011-06-27 00:48 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-27 00:48 . 2011-06-27 00:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-27 00:48 . 2011-06-27 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-27 00:48 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-08 16:29 . 2011-06-08 16:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 16:35 . 2011-06-07 16:35 103864 ---ha-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2011-06-02 18:35 . 2011-06-03 00:27 -------- d--h--w- c:\documents and settings\Landis\Local Settings\Application Data\PhotoChannel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2010-11-17 15:45 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-29 16:19 . 2008-04-14 03:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2008-04-14 08:42 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2008-04-14 08:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 16:11 . 2008-04-14 08:41 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 12:01 . 2008-04-14 03:07 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2008-04-14 03:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . . . [-] 2010-02-24 . 0085A8F0468699C6CFAD4769092BEF21 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . c:\windows\System32\drivers\beep.sys ... is missing !! c:\windows\System32\srsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2010-10-17 235005] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-17 663552] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1583:TCP"= 1583:TCP:Pervasive DBEngine "3351:TCP"= 3351:TCP:Pervasive DBEngine . R1 MpKsl07d63c0a;MpKsl07d63c0a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl07d63c0a.sys [6/29/2011 7:14 AM 28752] R1 MpKsl2f4fd415;MpKsl2f4fd415;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl2f4fd415.sys [6/28/2011 9:13 PM 28752] R1 MpKsl9d79e210;MpKsl9d79e210;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKsl9d79e210.sys [6/29/2011 7:25 AM 28752] R1 MpKslaa8ef488;MpKslaa8ef488;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{118886A4-CD28-4B0E-9379-93BD1C343D31}\MpKslaa8ef488.sys [6/29/2011 7:13 AM 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/28/2011 6:33 AM 136360] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [9/5/2007 12:25 PM 455968] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480] S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl1a2cca0f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl1a2cca0f.sys [?] S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl757dc345.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FBD4BB8E-3AA4-42E1-A9BC-84B3C5ACA28C}\MpKsl757dc345.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/23/2010 11:31 AM 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SSMDRV . Contents of the 'Scheduled Tasks' folder . 2011-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-06-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://espn.go.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-29 07:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL] @Denied: ) (Everyone) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-06-29 07:59:24 ComboFix-quarantined-files.txt 2011-06-29 11:59 . Pre-Run: 17,510,215,680 bytes free Post-Run: 21,280,010,240 bytes free . - - End Of File - - E4EB5E7373C301E9D6F9C8EF44F41ADB DDS LOG: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Landis at 7:00:02 on 2011-06-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\ARO 2011\aro.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://espn.go.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290005742734 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290005798062 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 TCP: Interfaces\{9666AD4E-0169-452E-AD7E-B62ADBE79446} : DhcpNameServer = 68.87.73.246 68.87.71.230 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-28 11608] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R1 MpKsl00695fe4;MpKsl00695fe4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys [2011-6-27 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 61960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-14 54760] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl1a2cca0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl1a2cca0f.sys [?] S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl757dc345.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl757dc345.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-23 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-06-28 10:48:20 -------- d-----w- c:\documents and settings\landis\application data\Sammsoft 2011-06-28 10:47:59 -------- d-----w- c:\program files\ARO 2011 2011-06-28 10:33:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 10:33:40 -------- d-----w- c:\program files\Avira 2011-06-28 10:33:40 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-06-28 10:30:06 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-28 01:06:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys 2011-06-28 00:54:07 -------- d-----w- c:\windows\pss 2011-06-27 23:10:18 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\mpengine.dll 2011-06-27 00:49:02 -------- d--h--w- c:\documents and settings\landis\application data\Malwarebytes 2011-06-27 00:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-27 00:48:56 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-27 00:48:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-27 00:48:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-08 16:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 16:35:34 103864 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-02 18:35:43 -------- d--h--w- c:\documents and settings\landis\local settings\application data\PhotoChannel . ==================== Find3M ==================== . 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 7:01:55.48 ===============
  5. landis31205
    Malware did catch the MS Removal Tool...but ever since, my files are still hidden. I can view hidden files to access them- but they are remaining hidden. My desktop as well has the greyed out icons. All under start, progams- there are NONE listed there!!! all shortcuts are gone, etc... I am unable to zip the the attach.txt and the ark.txt because when i right click and go to "send to" my only option is D: Drive (dvd).... so, i'm attaching them as whole files, they do NOT exceed the 10MB global upload quota.... ark.txtattach.txt THANKS DDS and Malwarebytes log to follow DDS LOG: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Landis at 7:00:02 on 2011-06-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\ARO 2011\aro.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://espn.go.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290005742734 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290005798062 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 TCP: Interfaces\{9666AD4E-0169-452E-AD7E-B62ADBE79446} : DhcpNameServer = 68.87.73.246 68.87.71.230 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-28 11608] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R1 MpKsl00695fe4;MpKsl00695fe4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys [2011-6-27 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 61960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-14 54760] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl1a2cca0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl1a2cca0f.sys [?] S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl757dc345.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl757dc345.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-23 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-06-28 10:48:20 -------- d-----w- c:\documents and settings\landis\application data\Sammsoft 2011-06-28 10:47:59 -------- d-----w- c:\program files\ARO 2011 2011-06-28 10:33:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 10:33:40 -------- d-----w- c:\program files\Avira 2011-06-28 10:33:40 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-06-28 10:30:06 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-28 01:06:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys 2011-06-28 00:54:07 -------- d-----w- c:\windows\pss 2011-06-27 23:10:18 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\mpengine.dll 2011-06-27 00:49:02 -------- d--h--w- c:\documents and settings\landis\application data\Malwarebytes 2011-06-27 00:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-27 00:48:56 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-27 00:48:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-27 00:48:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-08 16:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 16:35:34 103864 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-02 18:35:43 -------- d--h--w- c:\documents and settings\landis\local settings\application data\PhotoChannel . ==================== Find3M ==================== . 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 7:01:55.48 =============== MALWAREBYTES LOG -SECOND SCAN IN FULL MODE (DO YOU WANT THE SAFE MODE SCAN LOG?) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6956 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/27/2011 3:42:09 PM mbam-log-2011-06-27 (15-42-09).txt Scan type: Quick scan Objects scanned: 154572 Time elapsed: 11 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. landis31205
    Malware did catch the MS Removal Tool...but ever since, my files are still hidden. I can view hidden files to access them- but they are remaining hidden. My desktop as well has the greyed out icons. I am unable to zip the the attach.txt and the ark.txt because when i right click and go to "send to" my only option is D: Drive (dvd).... any other suggestions? THANKS DDS and Malwarebytes log to follow DDS LOG: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Landis at 7:00:02 on 2011-06-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.449 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\ARO 2011\aro.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://espn.go.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MPlayerForWindows_UpdateReminder] "c:\program files\mplayer for windows\AutoUpdate.exe" /L=1033 /TASK mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290005742734 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290005798062 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 TCP: Interfaces\{9666AD4E-0169-452E-AD7E-B62ADBE79446} : DhcpNameServer = 68.87.73.246 68.87.71.230 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-28 11608] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R1 MpKsl00695fe4;MpKsl00695fe4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys [2011-6-27 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-28 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-28 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-28 61960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-14 54760] R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] S1 MpKsl1a2cca0f;MpKsl1a2cca0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl1a2cca0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl1a2cca0f.sys [?] S1 MpKsl757dc345;MpKsl757dc345;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\mpksl757dc345.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd4bb8e-3aa4-42e1-a9bc-84b3c5aca28c}\MpKsl757dc345.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-23 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-06-28 10:48:20 -------- d-----w- c:\documents and settings\landis\application data\Sammsoft 2011-06-28 10:47:59 -------- d-----w- c:\program files\ARO 2011 2011-06-28 10:33:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-28 10:33:40 -------- d-----w- c:\program files\Avira 2011-06-28 10:33:40 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-06-28 10:30:06 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-28 01:06:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\MpKsl00695fe4.sys 2011-06-28 00:54:07 -------- d-----w- c:\windows\pss 2011-06-27 23:10:18 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a4a7792-34f9-4bdc-898d-8bf67cdcecf0}\mpengine.dll 2011-06-27 00:49:02 -------- d--h--w- c:\documents and settings\landis\application data\Malwarebytes 2011-06-27 00:48:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-27 00:48:56 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-27 00:48:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-27 00:48:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-08 16:29:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 16:35:34 103864 ---ha-w- c:\program files\internet explorer\plugins\nppdf32.dll 2011-06-02 18:35:43 -------- d--h--w- c:\documents and settings\landis\local settings\application data\PhotoChannel . ==================== Find3M ==================== . 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 7:01:55.48 =============== MALWAREBYTES LOG -SECOND SCAN IN FULL MODE (DO YOU WANT THE SAFE MODE SCAN LOG?) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6956 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/27/2011 3:42:09 PM mbam-log-2011-06-27 (15-42-09).txt Scan type: Quick scan Objects scanned: 154572 Time elapsed: 11 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.