Jump to content

I have an infection. Please help!


Recommended Posts

I ran mbam on my system and came up with 2 viruses. After following the instructions I have attached the two log files and posted the contents of DDS. Please let me know if you can help me!

DDS (Ver_10-03-17.01) - NTFSx86

Run by jeanelle at 14:24:24.03 on Mon 04/12/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.822 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\jeanelle.ACUMENTELECOM\Desktop\MWB\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mWinlogon: Userinit=c:\windows\system32\Userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java

Attach.zip

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please post the log from MBAM and we will take it from there.

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3982

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/12/2010 1:40:33 PM

mbam-log-2010-04-12 (13-40-33).txt

Scan type: Full scan (C:\|)

Objects scanned: 198299

Time elapsed: 1 hour(s), 1 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jeanelle\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 10-05-03.02 - jeanelle 05/03/2010 14:16:27.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1007 [GMT -6:00]

Running from: c:\documents and settings\jeanelle.ACUMENTELECOM\Desktop\MWB\ComboFix.exe

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Jeanelle\Local Settings\Temporary Internet Files\16JM2SBN.jpg

c:\documents and settings\Jeanelle\Local Settings\Temporary Internet Files\m7SIh.jpg

c:\documents and settings\Jeanelle\Local Settings\Temporary Internet Files\N7FB5sy.jpg

c:\documents and settings\Jeanelle\Local Settings\Temporary Internet Files\RPWc6B7.jpg

c:\program files\WindowsUpdate

c:\windows\system32\uactmp.db

.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))

.

2010-04-28 13:35 . 2010-04-28 13:35 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\Microsoft Help

2010-04-27 19:07 . 2010-04-27 19:07 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-04-26 19:33 . 2010-04-26 19:33 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\Mozilla

2010-04-12 18:24 . 2010-04-12 18:24 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\Malwarebytes

2010-04-12 17:57 . 2010-04-12 17:57 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\TeamViewer

2010-04-12 17:57 . 2010-04-12 17:57 -------- d-----w- c:\program files\TeamViewer

2010-04-08 17:57 . 2010-04-08 17:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2010-04-07 21:08 . 2010-04-27 19:08 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Tracing

2010-04-07 18:31 . 2010-04-07 18:31 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\Help

2010-04-06 14:00 . 2010-04-06 14:00 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\Apple Computer

2010-04-06 13:40 . 2010-04-08 18:17 69232 ----a-w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-06 13:33 . 2010-04-06 15:16 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\Adobe

2010-04-05 21:23 . 2010-04-05 21:23 -------- d-sh--w- c:\documents and settings\jeanelle.ACUMENTELECOM\IECompatCache

2010-04-05 21:22 . 2010-04-05 21:22 -------- d-sh--w- c:\documents and settings\jeanelle.ACUMENTELECOM\PrivacIE

2010-04-05 21:22 . 2010-04-05 21:22 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\AIM Toolbar

2010-04-05 21:18 . 2010-04-05 21:18 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\Viewpoint

2010-04-05 21:17 . 2010-04-05 21:17 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\acccore

2010-04-05 21:12 . 2010-04-05 21:12 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\AOL OCP

2010-04-05 21:12 . 2010-04-05 21:12 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\AOL

2010-04-05 21:12 . 2010-04-05 21:12 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\KodakGallery

2010-04-05 19:45 . 2010-04-05 19:45 -------- d-----w- c:\documents and settings\jeanelle.ACUMENTELECOM\Local Settings\Application Data\LogMeIn

2010-04-05 19:45 . 2010-04-05 19:45 -------- d-sh--w- c:\documents and settings\jeanelle.ACUMENTELECOM\IETldCache

2010-04-05 19:31 . 2008-11-10 17:41 32656 ----a-w- c:\windows\system32\msonpmon.dll

2010-04-05 19:31 . 2006-10-27 01:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-04-05 19:29 . 2010-04-08 17:59 -------- d-----w- c:\program files\Microsoft Works

2010-04-05 19:28 . 2010-04-05 19:28 -------- d-----w- c:\program files\Microsoft.NET

2010-04-05 19:26 . 2010-04-05 19:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-04-05 19:25 . 2010-04-05 19:29 -------- d-----w- c:\windows\SHELLNEW

2010-04-05 19:25 . 2010-04-05 19:25 -------- d-----w- c:\documents and settings\tekkis\Local Settings\Application Data\Microsoft Help

2010-04-05 19:24 . 2010-04-28 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-05 19:24 . 2010-04-05 19:24 -------- d-----r- C:\MSOCache

2010-04-05 18:52 . 2010-04-05 18:52 -------- d-----w- c:\program files\7-Zip

2010-04-05 17:38 . 2010-04-05 17:38 -------- d-----w- c:\documents and settings\tekkis\Application Data\IObit

2010-04-05 15:44 . 2010-04-05 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-04-05 15:16 . 2009-02-26 21:11 91976 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2010-04-05 15:16 . 2010-04-05 15:16 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-04-05 15:16 . 2010-04-05 15:16 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-04-05 15:16 . 2006-05-16 17:58 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\WindowsInstaller-KB893803-x86.exe

2010-04-05 15:16 . 2009-02-26 23:19 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\Setup.exe

2010-04-05 15:16 . 2009-02-26 22:07 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\smcinst.exe

2010-04-05 15:16 . 2008-12-10 22:47 3553808 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\LUSETUP.EXE

2010-04-05 15:16 . 2008-12-10 22:46 927096 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}\LuCheck.exe

2010-04-05 14:19 . 2010-04-05 14:19 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-03 14:25 . 2006-11-08 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-05-03 14:08 . 2008-11-03 23:08 -------- d-----w- c:\program files\LogMeIn

2010-04-12 18:24 . 2009-06-04 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-05 19:29 . 2009-05-07 00:29 -------- d-----w- c:\program files\MSBuild

2010-04-05 15:18 . 2006-11-08 15:02 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-04-05 15:16 . 2009-12-07 22:57 -------- d-----w- c:\program files\Symantec

2010-04-05 15:16 . 2010-04-05 15:16 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-04-05 15:16 . 2010-04-05 15:16 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-04-05 15:16 . 2006-11-08 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-03-30 06:46 . 2009-06-04 20:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 06:45 . 2009-06-04 20:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\22177\AdobeARM.exe

2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\22177\AdobeExtractFiles.dll

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\22177\ReaderUpdater.exe

2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\22177\AcrobatUpdater.exe

2010-03-23 21:03 . 2010-03-23 21:03 -------- d-----w- c:\documents and settings\Jeanelle\Application Data\TeamViewer

2010-03-21 05:30 . 2009-11-21 06:23 79488 ----a-w- c:\documents and settings\Jeanelle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 15:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2009-12-17 18:31 . 2010-01-05 19:07 57856 ----a-w- c:\program files\internet explorer\plugins\FTDWSER.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\documents and settings\jeanelle.ACUMENTELECOM\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-02 13:28 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1162999446\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1162999446\\ee\\aim6.exe"=

"c:\\Program Files\\Allworx\\Call Viewer\\CallViewer.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:VNC

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 8:11 AM 18432]

R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 1:57 AM 11904]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/19/2009 7:27 AM 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/5/2010 9:23 AM 102448]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]

S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7032 v5.10\HwIOctl.sys --> c:\program files\Setup Files\MS-7032 v5.10\HwIOctl.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: af.mil\www.afway

FF - ProfilePath - c:\documents and settings\jeanelle.ACUMENTELECOM\Application Data\Mozilla\Firefox\Profiles\1ennhwr4.default\

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

SafeBoot-Symantec Antvirus

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-03 14:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2010-05-03 14:23:42

ComboFix-quarantined-files.txt 2010-05-03 20:23

ComboFix2.txt 2009-06-08 19:41

Pre-Run: 55,412,269,056 bytes free

Post-Run: 55,603,212,288 bytes free

- - End Of File - - 5C6B36603842BB0F4958D29530512F1E

Link to post
Share on other sites

I followed the instructions on the link you sent me. However, I couldn't locate any of the files it refered to. I ran DDS and posted the two logs afterwards per your instructions (attach, DDS).

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/8/2006 7:57:42 AM

System Uptime: 4/27/2010 1:06:41 PM (212 hours ago)

Motherboard: MSI | | MS-7032

Processor: AMD Sempron Processor 3400+ | CPU 1 | 2000/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 51.61 GiB free.

D: is CDROM ()

M: is NetworkDisk (NTFS) - 34 GiB total, 17.845 GiB free.

Y: is NetworkDisk (NTFS) - 271 GiB total, 210.384 GiB free.

Z: is NetworkDisk (NTFS) - 271 GiB total, 210.384 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/3/2010 2:15:48 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP BiDi Channel Components Installer

7-Zip 4.65

Adobe Flash Player 10 ActiveX

Adobe Reader 9.2

Advanced SystemCare 3

AIM 6

AIM Toolbar

Allworx Call Viewer

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

CCleaner (remove only)

CCScore

Compatibility Pack for the 2007 Office system

Download Updater (AOL LLC)

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Eusing Free Registry Cleaner

Form Fill (Windows Live Toolbar)

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

InfoPrint AFP Viewer Plug-In

InstallMgr

Java 6 Update 13

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

KSU

LiveUpdate 3.3 (Symantec Corporation)

LogMeIn

Malwarebytes' Anti-Malware

MAS 90 Workstation ()

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Mozilla Firefox (3.6.3)

MSN

MSN Toolbar

MSVCRT

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

netbrdg

Notifier

OfotoXMI

OGA Notifier 2.0.0048.0

PCDADDIN

PCDHELP

Platform

QuickTime

Realtek AC'97 Audio

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Segoe UI

SFR

SHASTA

SKIN0001

SKINXSDK

Smart Menus (Windows Live Toolbar)

staticcr

Symantec Endpoint Protection

TeamViewer 5

tooltips

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Word 2007 (KB974631)

Update for Outlook 2007 Junk Email Filter (kb981433)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIA Platform Device Manager

VIA Rhine-Family Fast-Ethernet Adapter

Viewpoint Media Player

VPRINTOL

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Live Upload Tool

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

WinZip

WIRELESS

==== Event Viewer Messages From Past Week ========

5/4/2010 10:47:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.

5/4/2010 10:47:26 AM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/30/2010 4:00:48 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ACUMENTELECOM due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86

Run by jeanelle at 9:24:12.65 on Thu 05/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.499 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

M:\MAS 90\Version4\MAS90\Home\pvxwin32.exe

M:\MAS 90\Version4\MAS90\launcher\launch32.exe

M:\MAS 90\Version4\MAS90\Home\pvxwin32.exe

M:\MAS 90\Version4\MAS90\Home\pvxwin32.exe

M:\MAS 90\Version4\MAS90\Home\pvxwin32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\mmc.exe

C:\Documents and Settings\jeanelle.ACUMENTELECOM\Desktop\MWB\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

StartupFolder: c:\docume~1\jeanel~1.ac~\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: af.mil\www.afway

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162989606125

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244502326854&h=cc326c68af413cbb70b0aa114cddc8a4/&filename=jinstall-6u13-windows-i586-jc.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: c:\docume~1\alluse~1\applic~1\micros~1\windows\mspdb38.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeanel~1.ac~\applic~1\mozilla\firefox\profiles\1ennhwr4.default\

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [2004-10-6 18432]

R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [2004-10-7 11904]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-12-18 108392]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-3 47640]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-2-1 2440120]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-19 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-5 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100505.021\NAVENG.SYS [2010-5-5 84912]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100505.021\NAVEX15.SYS [2010-5-5 1324720]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

S3 HwIOctl;HwIOctl;\??\c:\program files\setup files\ms-7032 v5.10\hwioctl.sys --> c:\program files\setup files\ms-7032 v5.10\HwIOctl.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-04 16:47:43 0 d-----w- c:\docume~1\jeanel~1.ac~\applic~1\MSNInstaller

2010-05-03 20:15:35 98816 ----a-w- c:\windows\sed.exe

2010-05-03 20:15:35 77312 ----a-w- c:\windows\MBR.exe

2010-05-03 20:15:35 256512 ----a-w- c:\windows\PEV.exe

2010-05-03 20:15:35 161792 ----a-w- c:\windows\SWREG.exe

2010-04-12 20:15:58 0 ----a-w- c:\documents and settings\jeanelle.acumentelecom\defogger_reenable

2010-04-12 18:24:40 0 d-----w- c:\docume~1\jeanel~1.ac~\applic~1\Malwarebytes

2010-04-12 17:57:48 0 d-----w- c:\docume~1\jeanel~1.ac~\applic~1\TeamViewer

2010-04-12 17:57:40 0 d-----w- c:\program files\TeamViewer

2010-04-07 21:08:36 0 d-----w- c:\documents and settings\jeanelle.acumentelecom\Tracing

==================== Find3M ====================

2010-04-05 15:16:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-04-05 15:16:33 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-04-05 15:16:33 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-04-05 15:16:33 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-30 06:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 06:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-17 15:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2008-12-09 23:11:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120920081210\index.dat

============= FINISH: 9:24:31.20 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    mspdb38.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.