Jump to content

I NEED HELP


Recommended Posts

Ok i tried malwarebytes and it wont run. So i did hijack and go a log here it is

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:54:01 PM, on 8/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Faerie%20Solitaire/Images/stg_drm.ocx

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--

End of file - 8726 bytes

so what does all that mean... i just want my computer fixed

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Let's see if we can get some more info so we know what we are dealing with.

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

    ( They can also be found in the C:\RSIT folder )

SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to post
Share on other sites

Logfile of random's system information tool 1.06 (written by random/random)

Run by Jeff at 2009-08-25 18:57:37

Microsoft Windows XP Professional Service Pack 3

System drive C: has 183 GB (77%) free of 238 GB

Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:57:52 PM, on 8/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Jeff\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Jeff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Faerie%20Solitaire/Images/stg_drm.ocx

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--

End of file - 9282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

IEHlprObj Class - C:\Program Files\iWin Games\iWinGamesHookIE.dll [2009-04-27 141312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 267592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 267592]

{8113B5DE-F7EB-4154-A311-497FB80D8BD0} - IE Custom Tools - C:\Program Files\Video Add-on\ictmdl.dll []

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 []

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]

"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Program Files\DNA\btdna.exe [2009-01-26 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc]

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem]

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.06 2009-08-25 18:57:56

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

913D Camera-->C:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x0009 -removeonly

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe

Link to post
Share on other sites

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

No Hidden Processes found

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_iastor.sys

Service Name: ---

Module Base: EB5FA000

Module End: EB6B1000

Hidden: Yes

********************************************************************************

**********

********************************************************************************

**********

No SSDT Hooks found

********************************************************************************

**********

********************************************************************************

**********

Kernel Hooks:

Hooked Function: ZwYieldExecution

At Address: 80504AE8

Jump To: ED375518

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection

At Address: 805B2E14

Jump To: ED375544

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnloadKey

At Address: 80622060

Jump To: ED375649

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwTerminateProcess

At Address: 805D29AA

Jump To: ED37555D

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetValueKey

At Address: 80621D36

Jump To: ED3755DB

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetInformationProcess

At Address: 805CDE52

Jump To: ED3754C6

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetContextThread

At Address: 805D1702

Jump To: ED3754DA

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRestoreKey

At Address: 80625168

Jump To: ED375673

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwReplaceKey

At Address: 8062585C

Jump To: ED375687

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey

At Address: 806231D2

Jump To: ED3755AF

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryValueKey

At Address: 806219E8

Jump To: ED3755F1

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryMultipleValueKey

At Address: 806228FE

Jump To: ED375607

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwQueryKey

At Address: 80624EA8

Jump To: ED37569B

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory

At Address: 805B83E6

Jump To: ED375502

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread

At Address: 805CB694

Jump To: ED375488

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess

At Address: 805CB408

Jump To: ED375474

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenKey

At Address: 80624B82

Jump To: ED375571

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwNotifyChangeKey

At Address: 80625976

Jump To: ED37565F

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection

At Address: 805B2006

Jump To: ED37552E

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwEnumerateValueKey

At Address: 8062425A

Jump To: ED37561D

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwEnumerateKey

At Address: 80623FF0

Jump To: ED375633

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteValueKey

At Address: 80623E10

Jump To: ED3755C5

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteKey

At Address: 80623C40

Jump To: ED375599

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcessEx

At Address: 805D1142

Jump To: ED3754B0

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcess

At Address: 805D11F8

Jump To: ED37549C

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateKey

At Address: 806237B0

Jump To: ED375585

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile

At Address: 80579084

Jump To: ED3754EE

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: PsCreateSystemThread

At Address: 805D1142

Jump To: ED3754B0

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Ok that is the last of it... Thank you ahead of time for your help

Hooked Function: PsCreateSystemProcess

At Address: 805D11F8

Jump To: ED37549C

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

Object: C:\System Volume Information\tracking.log

Status: Access denied

Object: C:\System Volume Information\_restore{13F43F2C-5921-4293-9441-57C9FFE16FDE}

Status: Access denied

Link to post
Share on other sites

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware

    [*] then click Finish.

    [*]If an update is found, it will download and install the latest version.

    [*]Once the program has loaded, select Perform full scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    [*]If requested, please reboot

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Link to post
Share on other sites

ComboFix 09-08-26.05 - Jeff 08/26/2009 23:16.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.720 [GMT -4:00]

Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FW: VCOM NetDefense Firewall 7 *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Helper

c:\program files\iWin Games\iWinGamesHookIE.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Installer\18c85.msi

c:\windows\Installer\2311c1a.msp

c:\windows\Installer\7c81cf5.msp

c:\windows\kb913800.exe

c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK

c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK

.

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))

.

2009-08-26 23:44 . 2009-08-26 23:44 -------- d-----w- c:\windows\LastGood

2009-08-25 22:40 . 2009-08-25 22:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore

2009-08-24 13:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-23 19:09 . 2009-08-26 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-08-23 17:51 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-08-23 17:51 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-08-23 17:51 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-08-23 17:51 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2009-08-23 17:50 . 2009-08-23 17:51 -------- d-----w- c:\program files\Common Files\McAfee

2009-08-23 17:50 . 2009-08-23 17:51 -------- d-----w- c:\program files\McAfee.com

2009-08-23 17:50 . 2009-08-25 22:34 -------- d-----w- c:\program files\McAfee

2009-08-23 17:48 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-08-23 17:34 . 2009-08-23 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-08-22 23:11 . 2009-08-22 23:11 0 ----a-w- c:\documents and settings\Jeff\settings.dat

2009-08-22 16:48 . 2009-08-22 16:48 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Blizzard Entertainment

2009-08-19 21:00 . 2009-08-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-12 23:23 . 2009-08-12 23:23 34062 ----a-w- c:\documents and settings\Jeff\Application Data\Move Networks\ie_bin\Uninst.exe

2009-08-12 23:18 . 2009-08-12 23:23 -------- d-----w- c:\documents and settings\Jeff\Application Data\Move Networks

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 03:19 . 2009-04-28 14:56 -------- d-----w- c:\program files\iWin Games

2009-08-26 23:33 . 2008-04-19 22:37 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-26 23:27 . 2009-04-30 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-26 00:43 . 2009-01-26 18:03 -------- d-----w- c:\program files\World of Warcraft

2009-08-23 17:42 . 2009-02-06 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\CA

2009-08-22 23:08 . 2006-12-29 23:44 -------- d-----w- c:\program files\Dl_cats

2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-20 20:14 . 2008-07-01 13:21 34 -c--a-w- c:\documents and settings\Jeff\jagex_runescape_preferences.dat

2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2004-08-10 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 04:03 . 2008-06-13 02:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-07-13 02:58 . 2009-07-13 02:54 -------- d-----w- c:\documents and settings\Jeff\Application Data\Faerie Solitaire

2009-07-13 00:18 . 2009-07-13 00:18 -------- d-----w- c:\documents and settings\Jeff\Application Data\SpinTop Games

2009-07-12 23:29 . 2009-07-12 23:30 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-12 23:29 . 2006-12-30 09:23 -------- d-----w- c:\program files\Java

2009-07-12 23:29 . 2009-07-12 23:29 152576 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-12 23:23 . 2009-07-11 19:09 -------- d-----w- c:\program files\Windows Desktop Search

2009-07-12 03:52 . 2009-07-12 03:48 -------- d-----w- c:\program files\Microsoft

2009-07-12 03:52 . 2009-07-12 03:52 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-07-12 03:51 . 2009-07-12 03:47 -------- d-----w- c:\program files\Windows Live

2009-07-12 03:50 . 2009-07-12 03:50 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-07-12 03:49 . 2009-07-12 03:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-07-12 03:48 . 2009-07-12 03:48 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-07-12 03:37 . 2009-07-12 03:37 -------- d-----w- c:\program files\Common Files\Windows Live

2009-07-12 03:36 . 2006-12-29 23:26 79728 -c--a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-11 19:10 . 2009-07-11 19:10 -------- d-----w- c:\documents and settings\Jeff\Application Data\Windows Search

2009-07-11 19:09 . 2009-07-11 19:09 -------- d-----w- c:\documents and settings\Jeff\Application Data\Windows Desktop Search

2009-07-11 18:49 . 2009-07-11 18:49 -------- d-----w- c:\program files\CONEXANT

2009-07-11 18:47 . 2009-07-11 18:47 -------- d-----w- c:\program files\Dell

2009-07-11 04:33 . 2007-03-20 20:38 -------- d-----w- c:\program files\Microsoft Works

2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-21 12:46 . 2009-07-11 18:49 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2006-12-29 22:55 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 10:03 . 2009-07-11 18:49 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 10:03 . 2009-05-01 02:02 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 10:03 . 2009-05-01 02:02 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 10:03 . 2009-05-01 02:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 10:03 . 2007-12-05 05:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 10:03 . 2006-12-30 02:43 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 10:03 . 2006-12-30 02:43 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 10:03 . 2006-12-30 02:43 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 10:03 . 2006-12-30 02:43 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 10:03 . 2006-12-30 02:43 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 10:03 . 2006-12-30 02:43 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 06:14 . 2004-08-10 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:09 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-07-17 02:38 . 2008-07-01 01:12 88 --sh--r- c:\windows\system32\BBC0098C34.sys

2008-07-17 02:59 . 2008-07-01 01:04 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"tmproxy"=2 (0x2)

"TmPfw"=2 (0x2)

"Tmntsrv"=2 (0x2)

"PcCtlCom"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"CLTNetCnService"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"idsvc"=3 (0x3)

"PPCtlPriv"=3 (0x3)

"fsssvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

"c:\\WINDOWS\\system32\\dlcccoms.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\iWin Games\\iWinGames.exe"=

"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [7/11/2009 11:51 PM 55152]

R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/27/2009 9:49 AM 78104]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/23/2009 1:53 PM 210216]

S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2/14/2009 8:17 PM 29824]

S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-23 01:26]

2009-08-23 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-23 01:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 23:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-08-27 23:21

ComboFix-quarantined-files.txt 2009-08-27 03:21

Pre-Run: 191,572,213,760 bytes free

Post-Run: 191,630,675,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

221 --- E O F --- 2009-08-26 23:27

Link to post
Share on other sites

There is no sign of active infection, what problems are you having exactly ?

What happens when you try to run MalwareBytes ?

You appear to have two firewalls installed, have you removed one ?

I ran malwarebyte and cant find the log to post it..

When i ran it it said 27 objects infected.. im still looking for it

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.40

Database version: 2702

Windows 5.1.2600 Service Pack 3

8/27/2009 12:15:52 PM

mbam-log-2009-08-27 (12-15-52).txt

Scan type: Full Scan (C:\|)

Objects scanned: 246913

Time elapsed: 1 hour(s), 9 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 28

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Jeff\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Log\2007 Aug 22 - 11_03_35 PM_741.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Log\2007 Aug 22 - 11_03_36 PM_632.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Log\2007 Aug 23 - 03_00_00 AM_304.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Log\2007 Aug 23 - 03_00_00 AM_476.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jeff\Application Data\SpywareBot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Ok here is the log file.

Thank you for you help and patience

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.