Jump to content

here is my latest hijack this log, what should i do now


Recommended Posts

first off, thanks for being here, you are all lifesavers.

i have run malwarebytes, eset, vipre, hijackthis and a few others. i do not trust my windows defender. here is my latest hijackthis log. i did not delete anything recommended for removal by myself, the only things fixed so far were by the anti malware and antivirus programs themselves. i have a hijack this log from after running each program. i have my kerio personal firewall running so nothing starts up or changes without my permission (as far as i know). my pc is acting crazy, no file associations. the way i got malwarebytes to run was to change it from .exe to .com. now most of my things seem to work, but there are programs, dlls, other system32 things, verify cslids and all kinds of stuff i do not recognize as being needed to run programs. i trust nothing at this point, and once i am all clean, i will start from scratch with new installs of all my security programs. i had windows defender, a hosts file, kerio personal fire wall, but i had to turn them off to update my droid and i forgot to turn antivirus back on for like a day and bang, i had the fake update window. i knew it was fake and did damage control immediatly catching a file called qkc.exe trying to run. i changed the name of it so it could not run. malwarebytes found it and killed it. my win xp was just updated end of march and i always do it manually, as i do updates for all my programs. i need to repair my windows operating system, i have a lenovo s10e netbook with win xp home sp3. all the installation files/recovery stuff is on a partition which i have never used before. i do not know how to or if that is even infected. so now what should i do? also, i have kasperky disabled because i tried and could not delete it when the trial ran out(i do not use 'trial' programs anymore for that reason) combofix told me i had norton running which i had a long time ago, but do not anymore, which caused me to not even run combofix because it sounded like the fake security programs. i guess i am a bit punchy with downloads and with all this. i never in all my years had one single spyware or virus and now i do. i am usually the one who does the fixing and this has me punchy. this virus stuff is really alot like cockaroached and bedbugs. just won't go away and even after they do, you still think they are there. thanks again for all your help.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:09:56 PM, on 4/15/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\malika\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.coasttocoastam.com

O15 - Trusted Zone: http://gabster.fm1071.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/dcode/ActiveX/MSDcode.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://win7pro.vlabcenter.com/ActiveX/VMRCActiveXClient1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250558695483

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259529810765

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 8889 bytes

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please Download Rootkit Unhooker Save it to your desktop.

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

hi elise and thank you so much for your help.

you are truly a deity to me!

i have run the dds and here is the contenst of dds.txt. i was unable to temporarily disable my kerio personal firewall, the icon on the task bar has disappeared, but i do know it is still working, so i 'allowed' anything that popped up when i ran dds.

i made sure i was disconnected from the internet.

i tried to turn off my microsoft security essentials, but i had already disable the service for it and the processes and the start up for it on my last restart. i opened the main window using 'start, programs..." so i could uncheck 'enable real time protection' but it did not let me, with a warning that it needed to be updated from the main mse main window--not allowing me to open the 'settings' tab (probably because i had it disabled through 'services'). it lists the last update as april 12, and i know i did not update it that day, i was afraid to because of this virus/malware. i shut the window using task manager.

IMPORTANT: i do not know how to zip the 'Attach.txt' file, and am afraid to go online to look up how to do it. i tried right clicking on it, but the menu does not have 'zip' as one of the choices, it is not in the 'send to' sub menu.

i eagerly await your reply---i am in no hurry, and will not do a thing to my computer unless you tell me to!

thanks again!

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by malika at 8:43:40.87 on Sat 04/16/2011

Internet Explorer: 8.0.6001.18702

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Security *Disabled*

FW: Kaspersky Internet Security *Disabled*

FW: Sunbelt Personal Firewall *Enabled*

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:8080;https=localhost:8080

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: <NO NAME> =

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: coasttocoastam.com\www

Trusted Zone: fm1071.com\gabster

Trusted Zone: google.com\services

Trusted Zone: startpage.com\us2

Trusted Zone: yahoo.com\login

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/dcode/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://win7pro.vlabcenter.com/ActiveX/VMRCActiveXClient1.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250558695483

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259529810765

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

Notify: PicNotify - PicNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\malika\applic~1\mozilla\firefox\profiles\2ehttaqz.default\

FF - prefs.js: browser.search.selectedEngine - Hyperwords

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\malika\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Read it Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}

FF - Ext: Personal Menu: CompactMenuCE@Merci.chao - %profile%\extensions\CompactMenuCE@Merci.chao

FF - Ext: Pencil: pencil@evolus.vn - %profile%\extensions\pencil@evolus.vn

FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: Redirect Cleaner: redirectcleaner@example.net - %profile%\extensions\redirectcleaner@example.net

FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}

FF - Ext: Link Pad: linkpad@idusk.net - %profile%\extensions\linkpad@idusk.net

FF - Ext: Cookie Button: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5} - %profile%\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}

FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-04-15 22:44:34 -------- d-----w- c:\program files\ESET

2011-04-15 21:25:35 340 ----a-w- C:\Start_.cmd

2011-04-15 21:25:35 -------- d-----w- C:\Combo-Fix

2011-04-14 10:38:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-04-14 10:38:42 27984 ----a-w- c:\windows\system32\sbbd.exe

2011-04-14 10:38:19 -------- d-----w- C:\VIPRERESCUE

2011-04-14 03:40:56 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63ebb143-ac70-4a86-a38d-ae23af924768}\MpKsl76cfcfea.sys

2011-04-14 00:53:44 -------- d-----w- c:\docume~1\malika\applic~1\Malwarebytes

2011-04-14 00:53:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-14 00:53:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-14 00:53:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-14 00:53:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-12 23:48:31 -------- d-----w- c:\docume~1\malika\locals~1\applic~1\ArcSoft

2011-04-12 23:48:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft

2011-04-12 23:42:18 -------- d-----w- c:\docume~1\malika\locals~1\applic~1\OLYMPUS

2011-04-12 23:39:16 -------- d-----w- c:\program files\OLYMPUS

2011-04-12 21:04:50 -------- d-----w- c:\docume~1\malika\applic~1\FLEXnet

2011-04-12 21:00:36 -------- d-----w- c:\program files\Encina Software

2011-04-12 20:57:20 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2011-04-12 20:57:20 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2011-04-12 20:57:20 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-04-12 20:57:19 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2011-04-12 20:57:19 317952 ------w- c:\windows\system32\imapi2.dll

2011-04-12 18:03:32 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63ebb143-ac70-4a86-a38d-ae23af924768}\MpKsld24cd9f3.sys

2011-04-08 19:37:22 -------- d-----w- C:\AC_SWM

2011-04-08 15:47:22 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2011-04-08 15:47:22 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2011-04-08 15:47:22 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2011-04-08 15:47:21 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2011-04-08 15:47:21 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-04-08 15:47:21 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2011-04-08 15:47:21 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2011-04-07 12:51:17 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63ebb143-ac70-4a86-a38d-ae23af924768}\mpengine.dll

2011-04-03 18:10:17 -------- d-----w- c:\program files\Selectsoft

2011-04-03 16:10:04 -------- d-----w- c:\program files\Hasbro

2011-04-03 14:33:14 -------- d-----w- c:\program files\Sony Online Entertainment

2011-04-03 05:08:04 -------- d-----w- c:\docume~1\malika\applic~1\Hoyle Casino

2011-04-03 04:26:14 -------- d-----w- c:\docume~1\malika\applic~1\Hoyle FaceCreator

2011-04-03 04:26:13 -------- d-----w- c:\docume~1\malika\applic~1\Hoyle Puzzle and Board Games

2011-04-03 02:01:44 -------- d-----w- c:\docume~1\malika\applic~1\Boomzap

2011-04-03 02:01:31 -------- d-----w- c:\program files\Encore

2011-04-02 03:39:48 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-04-02 03:39:48 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2011-04-02 03:39:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2011-04-02 03:39:24 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2011-04-02 03:39:23 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2011-03-31 18:36:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Samsung

2011-03-31 18:34:52 -------- d-----w- c:\program files\Samsung

2011-03-31 18:33:50 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-03-31 18:33:49 770912 ----a-w- c:\windows\system32\Msfdbqp.dll

2011-03-31 18:33:49 511328 ----a-w- c:\windows\system32\Synchronization2.dll

2011-03-31 18:33:49 397152 ----a-w- c:\windows\system32\Msfdbse.dll

2011-03-31 18:33:49 230240 ----a-w- c:\windows\system32\Msfdb.dll

2011-03-31 18:33:49 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll

2011-03-31 18:33:48 253280 ----a-w- c:\windows\system32\MetaStore2.dll

2011-03-31 18:33:48 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll

2011-03-31 18:33:48 156512 ----a-w- c:\windows\system32\FeedSync2.dll

2011-03-23 02:01:18 -------- d-----w- c:\program files\MSXML 4.0

2011-03-23 01:57:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-03-23 01:55:45 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-03-23 01:55:19 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-03-23 01:54:29 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2011-03-23 01:54:29 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-03-23 01:54:28 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-03-23 01:52:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-03-23 01:49:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.

==================== Find3M ====================

.

2011-03-11 05:14:18 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

============= FINISH: 8:46:40.64 ===============

Link to post
Share on other sites

now here is the contents of my 'report.txt':

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB92FA000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xB98E9000 kl1.sys 5369856 bytes (Kaspersky Lab, Kaspersky Unified Driver)

0xA8A49000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5210112 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)

0xB914A000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xB9E4F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA6AF8000 C:\WINDOWS\system32\drivers\btaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device)

0xA8798000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB90A1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA887D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA8911000 C:\WINDOWS\system32\drivers\SbFw.sys 266240 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall driver)

0xA8972000 C:\WINDOWS\system32\DRIVERS\klif.sys 245760 bytes (Kaspersky Lab, Klif Mini-Filter fre_wnet_x86)

0xB923B000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9E22000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xA8808000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xA876E000 C:\WINDOWS\System32\Drivers\RTS5121.sys 172032 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista)

0xB92BE000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA8855000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xA89AE000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xA7A5C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xA8A25000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB929A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB90FF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA8833000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9EF3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xA6B79000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 122880 bytes (Broadcom Corporation., Bluetooth LAN Access Server Driver)

0xA8728000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)

0xB9E08000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F13000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB9EDC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB9133000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA8034000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB92E6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA88FE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB9122000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA168000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)

0xBA258000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA1C8000 C:\WINDOWS\system32\DRIVERS\sbfwim.sys 61440 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall NDIS Intermediate driver)

0xBA2D8000 C:\WINDOWS\system32\drivers\sbhips.sys 61440 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall Host Intrusion Prevention Driver)

0xA8271000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA248000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0A8000 poerwve.sys 57344 bytes

0xA8F91000 C:\WINDOWS\system32\DRIVERS\btwhid.sys 53248 bytes (Broadcom Corporation., Bluetooth Virtual HID Minidriver)

0xBA0F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xBA198000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA308000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA108000 klbg.sys 45056 bytes (Kaspersky Lab, KLBG Mini-Filter)

0xBA0C8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA1D8000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)

0xA6CEA000 C:\WINDOWS\System32\Drivers\btwusb.sys 40960 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)

0xBA0B8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA1F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA1B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xA8FB1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA128000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA148000 C:\WINDOWS\system32\DRIVERS\klfltdev.sys 36864 bytes (Kaspersky Lab, KLFLTDEV Pnp device filter)

0xBA1A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA77E2000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA448000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)

0xA7B48000 C:\WINDOWS\system32\DRIVERS\btwmodem.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)

0xBA400000 C:\WINDOWS\system32\DRIVERS\klim5.sys 32768 bytes (Kaspersky Lab, Kaspersky Lab Intermediate Network Driver)

0xBA410000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA3E8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA4B0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA490000 C:\DOCUME~1\malika\LOCALS~1\Temp\mbr.sys 28672 bytes

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA3F0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA498000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EBB143-AC70-4A86-A38D-AE23AF924768}\MpKsl76cfcfea.sys 24576 bytes (Microsoft Corporation, KSLDriver)

0xBA3B8000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EBB143-AC70-4A86-A38D-AE23AF924768}\MpKsld24cd9f3.sys 24576 bytes (Microsoft Corporation, KSLDriver)

0xBA480000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)

0xBA438000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)

0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA348000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA370000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA338000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA408000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xBA560000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xBA594000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA8545000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xBA570000 C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys 12288 bytes (Lenovo Corporation, ACPI Virtual Power Controller Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xBA588000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBA58C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB9272000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xB98C1000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xA8A05000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA656000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA654000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5EC000 C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS 8192 bytes

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA658000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA664000 C:\WINDOWS\system32\drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)

0xBA61A000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes

0xBA65A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA606000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)

0xBA60C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA604000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA744000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA719000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA6EC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

Link to post
Share on other sites

Hi again, lets first get some order in all running security programs.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Kaspersky Internet Security.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

IMPORTANT: i have removed kaspersky using 'add and remove programs'. it was an expired trial version. i did not have both antivirus programs running at the same time, but i am concerned about the microsoft security essentials being compromised. for this reason i had disabled from startup and in services. and this concerns me also. i have not yet restarted my computer after the uninstall of kaspersky (very afraid to). i also cannot disable my firewall because there is no icon in the taskbar, when i try to bring it back through the start button menu, it asks for a password (i did not password protect it!). i know it is running, i see it in the task manager and asks for permision for everything you have advised me to run so far. i will download combofix after the restart if that is ok. but first i need to see what you think i should do after you read this.

thanks again.

Link to post
Share on other sites

one more thing, i downloaded the norton removal tool (norton came with the netbook and i never used it, it is not listed in 'add and remove' anymore because i thought i removed it!)--but i removed kasperksy first. i did indeed download combofix. i am about to restart my computer as instructed for the kaspersky removal, then i will use the norton removal tool (if i can--which will cause more restarts) and then i will try combofix. my concerns with combofix is should i allow permissions for anything/everything that kerio asks me to when i start combofix? i tried it once before and never completed it because of all the permission requests flying at me from kerio personal firewall. this firewall is what saved me in the first place! also should i download it and/or use it before or after all the restarts? i am not questioning your instructions (you are the goddess) but i am questioning what i can and cannot trust with this pc! thanks

Link to post
Share on other sites

i tried to run combofix and it triggered kerio to ask for alot of program start permissions--one that particularly worried me was for firefox. i gave it all the permissions and combofox not show in my task manager nor did anything happen othere than a small combofix progress bar, after that, nothing. why does it need to start firefox?

i can give you a list of the programs it asked permissions for.

i did run the norton removal tool and restarted several times with no problems after the removal. i keep getting various outgoing connection alerts for many different ip numbers like this one that i copied and pasted from the kerio window that pops up:

[4/16/2011 3:48:49 PM]

Direction: outgoing

Local Point: 192.168.1.12, port 1361

Adapter: Broadcom 802.11g Network Adapter - Packet Scheduler Miniport

Remote Point: 235.web01.lstn.mb-internal.com [216.245.195.235], port http [80]

Protocol: [6] TCP

Application path: c:\Program Files\Internet Explorer\iexplore.exe

Description: Internet Explorer

File version: 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

Created: 2008/7/21, 19:14:46

Modified: 2009/3/8, 19:09:26

Accessed: 2011/4/16, 19:15:23

RuleId = 2415919911.

i am guessing that this particular on is malwarebytes.org but i do not like to guess.should i be concerned?

i will not do anything else till you tell me to. combofix did not appear to work. i tried once before i started posting at this forum, and it did not work then.

thanks again!

Link to post
Share on other sites

I tried safemode and combofix warned to shut down mse which i could not seem to do so i restarted in regular mode and uninstalled it, booted to safe mode and now combofix is downloading and updating from microsoft (the restore tool or somthing?) so things are moving along!!

Link to post
Share on other sites

here is the text from combofix.txt:

ComboFix 11-04-15.06 - malika 04/16/2011 17:36:00.1.2 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1659 [GMT -4:00]

Running from: c:\documents and settings\malika\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\regedit.com

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))

.

.

2011-04-15 21:25 . 2011-04-15 21:25 -------- d-----w- C:\Combo-Fix

2011-04-15 20:40 . 2011-04-15 20:56 -------- d-----w- c:\windows\BDOSCAN8

2011-04-14 10:38 . 2010-11-09 18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-04-14 10:38 . 2010-11-09 18:56 27984 ----a-w- c:\windows\system32\sbbd.exe

2011-04-14 10:38 . 2011-04-14 15:27 -------- d-----w- C:\VIPRERESCUE

2011-04-14 00:53 . 2011-04-14 00:53 -------- d-----w- c:\documents and settings\malika\Application Data\Malwarebytes

2011-04-14 00:53 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-14 00:53 . 2011-04-14 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-04-14 00:53 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-14 00:53 . 2011-04-15 10:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-12 23:48 . 2011-04-12 23:48 -------- d-----w- c:\documents and settings\malika\Local Settings\Application Data\ArcSoft

2011-04-12 23:48 . 2011-04-12 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft

2011-04-12 23:47 . 2011-04-12 23:48 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-04-12 23:47 . 2011-04-12 23:47 -------- d-----w- c:\program files\ArcSoft

2011-04-12 23:42 . 2011-04-12 23:42 -------- d-----w- c:\documents and settings\malika\Local Settings\Application Data\OLYMPUS

2011-04-12 23:39 . 2011-04-12 23:39 -------- d-----w- c:\program files\OLYMPUS

2011-04-12 21:04 . 2011-04-12 21:04 -------- d-----w- c:\documents and settings\malika\Application Data\FLEXnet

2011-04-12 21:00 . 2011-04-12 21:00 -------- d-----w- c:\program files\Encina Software

2011-04-12 21:00 . 2011-04-12 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision

2011-04-12 21:00 . 2011-04-12 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2011-04-12 20:57 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll

2011-04-12 20:57 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-04-12 20:57 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys

2011-04-12 20:57 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll

2011-04-12 20:57 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll

2011-04-08 19:37 . 2011-04-08 19:48 -------- d-----w- C:\AC_SWM

2011-04-08 15:47 . 2011-01-03 08:38 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2011-04-08 15:47 . 2011-01-03 08:38 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2011-04-08 15:47 . 2011-01-03 08:38 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2011-04-08 15:47 . 2011-01-03 08:38 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2011-04-08 15:47 . 2011-01-03 08:38 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2011-04-08 15:47 . 2010-12-21 05:55 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2011-04-08 15:47 . 2010-12-21 05:55 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-04-03 18:10 . 2011-04-03 18:10 -------- d-----w- c:\program files\Selectsoft

2011-04-03 16:10 . 2011-04-03 16:10 -------- d-----w- c:\program files\Hasbro

2011-04-03 14:33 . 2011-04-03 15:46 -------- d-----w- c:\program files\Sony Online Entertainment

2011-04-03 05:08 . 2011-04-03 05:16 -------- d-----w- c:\documents and settings\malika\Application Data\Hoyle Casino

2011-04-03 04:26 . 2011-04-03 05:15 -------- d-----w- c:\documents and settings\malika\Application Data\Hoyle FaceCreator

2011-04-03 04:26 . 2011-04-03 05:05 -------- d-----w- c:\documents and settings\malika\Application Data\Hoyle Puzzle and Board Games

2011-04-03 02:01 . 2011-04-03 04:20 -------- d-----w- c:\documents and settings\malika\Application Data\Boomzap

2011-04-03 02:01 . 2011-04-03 05:06 -------- d-----w- c:\program files\Encore

2011-04-02 03:39 . 2011-01-03 08:38 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2011-04-02 03:39 . 2010-12-21 05:55 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-04-02 03:39 . 2011-01-03 08:38 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2011-04-02 03:39 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2011-04-02 03:39 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2011-03-31 22:51 . 2011-03-31 22:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-03-31 18:36 . 2011-04-07 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung

2011-03-31 18:34 . 2011-04-02 03:39 -------- d-----w- c:\program files\Samsung

2011-03-31 18:33 . 2011-03-31 18:33 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-03-31 18:33 . 2011-03-31 18:33 397152 ----a-w- c:\windows\system32\Msfdbse.dll

2011-03-31 18:33 . 2011-03-31 18:33 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll

2011-03-31 18:33 . 2011-03-31 18:33 770912 ----a-w- c:\windows\system32\Msfdbqp.dll

2011-03-31 18:33 . 2011-03-31 18:33 230240 ----a-w- c:\windows\system32\Msfdb.dll

2011-03-31 18:33 . 2011-03-31 18:33 511328 ----a-w- c:\windows\system32\Synchronization2.dll

2011-03-31 18:33 . 2011-03-31 18:33 253280 ----a-w- c:\windows\system32\MetaStore2.dll

2011-03-31 18:33 . 2011-03-31 18:33 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll

2011-03-31 18:33 . 2011-03-31 18:33 156512 ----a-w- c:\windows\system32\FeedSync2.dll

2011-03-23 02:01 . 2011-03-23 02:01 -------- d-----w- c:\program files\MSXML 4.0

2011-03-23 01:57 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-03-23 01:55 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-03-23 01:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-03-23 01:54 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2011-03-23 01:54 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-03-23 01:54 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-03-23 01:52 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-03-23 01:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 05:14 . 2011-03-11 05:14 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-03-11 05:14 . 2011-03-11 05:14 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2011-02-09 13:53 . 2008-07-21 20:04 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-07-21 20:04 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 22:11 . 2009-11-30 04:25 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58 . 2008-07-21 19:13 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-07-21 19:13 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2008-07-21 20:04 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2009-03-03 00:05 241752 ----a-w- c:\windows\system32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-23 1146880]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]

2009-03-03 00:05 1163264 ----a-w- c:\windows\system32\PicNotify.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2008-04-17 18:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]

2008-08-28 23:10 1283984 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]

2008-07-10 00:21 4456448 ----a-w- c:\program files\Lenovo\Energy Management\utility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-26 01:53 135664 ----atw- c:\documents and settings\malika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-02-28 07:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-28 07:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-11-18 00:06 210208 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]

2009-05-28 05:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-02-03 17:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-10-18 19:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-28 07:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-08-02 01:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-03-04 17:34 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]

2009-03-03 00:05 323584 ----a-w- c:\program files\Lenovo\VeriFaceIII\PManage.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ACDaemon"=2 (0x2)

"BcmSqlStartupSvc"=3 (0x3)

"SUService"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"MsMpSvc"=2 (0x2)

"IDriverT"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [10/25/2009 9:47 PM 270888]

R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/14/2011 6:38 AM 98392]

R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]

R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [3/2/2009 7:54 PM 9472]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/2/2009 8:00 PM 157696]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [10/25/2009 9:47 PM 65576]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/2/2009 7:55 PM 1684736]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [4/8/2011 11:47 AM 30312]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [3/11/2011 1:14 AM 20032]

S3 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [12/1/2008 10:32 PM 307200]

S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [3/27/2009 10:11 AM 27904]

S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [7/27/2009 11:36 AM 1190784]

S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [3/27/2009 10:11 AM 1187072]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [4/8/2011 11:47 AM 121192]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [4/8/2011 11:47 AM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [4/8/2011 11:47 AM 136680]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2009 10:21 PM 133104]

S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/21/2008 4:04 PM 14336]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2009-08-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca6e3962453758.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 02:21]

.

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1589511137-1526459618-3738170285-1010Core.job

- c:\documents and settings\malika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 01:53]

.

2009-08-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 20:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:8080;https=localhost:8080

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: coasttocoastam.com\www

Trusted Zone: fm1071.com\gabster

Trusted Zone: google.com\services

Trusted Zone: startpage.com\us2

Trusted Zone: yahoo.com\login

FF - ProfilePath - c:\documents and settings\malika\Application Data\Mozilla\Firefox\Profiles\2ehttaqz.default\

FF - prefs.js: browser.search.selectedEngine - Hyperwords

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: Read it Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com

FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}

FF - Ext: Personal Menu: CompactMenuCE@Merci.chao - %profile%\extensions\CompactMenuCE@Merci.chao

FF - Ext: Pencil: pencil@evolus.vn - %profile%\extensions\pencil@evolus.vn

FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}

FF - Ext: Redirect Cleaner: redirectcleaner@example.net - %profile%\extensions\redirectcleaner@example.net

FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}

FF - Ext: Link Pad: linkpad@idusk.net - %profile%\extensions\linkpad@idusk.net

FF - Ext: Cookie Button: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5} - %profile%\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}

FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\docume~1\malika\LOCALS~1\Temp\SAMSUNG\USB Drivers\-r\Uninstall.exe

AddRemove-03_Swallowtail - c:\docume~1\malika\LOCALS~1\Temp\SAMSUNG\USB Drivers\-r\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\docume~1\malika\LOCALS~1\Temp\SAMSUNG\USB Drivers\-r\04_semseyite\Uninstall.exe

AddRemove-16_Shrewsbury - c:\docume~1\malika\LOCALS~1\Temp\SAMSUNG\USB Drivers\-r\16_Shrewsbury\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-16 17:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1128)

c:\windows\system32\PicNotify.dll

c:\windows\system32\FaceVerify.dll

c:\windows\system32\MainOp.dll

c:\windows\system32\VideoOp.dll

c:\windows\system32\Image.dll

c:\windows\system32\Momo.dll

c:\windows\system32\Apblend.dll

c:\windows\system32\SetDev.dll

c:\windows\system32\FunFrm.dll

c:\windows\system32\facev.dll

.

- - - - - - - > 'explorer.exe'(680)

c:\windows\system32\WININET.dll

c:\windows\system32\IcnOvrly.dll

c:\windows\system32\btmmhook.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wscntfy.exe

c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe

c:\windows\RTHDCPL.EXE

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

.

**************************************************************************

.

Completion time: 2011-04-16 17:55:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-16 21:55

.

Pre-Run: 124,391,661,568 bytes free

Post-Run: 123,047,120,896 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1D2A8A44941D239964820CC7DF588E6B

Link to post
Share on other sites

There is a severe storm in my area so i am waiting till it is done before i get back online...thunder, lightining and high winds...all ingredients for big power surges and zapped equipment---i don't trust surge protectors. i live in north eastern united states...will be back after crazy weather-a night at the most. Still post if u can, i will be able to check with my android, but the pc is unplugged and off for now!

Link to post
Share on other sites

Hi again,

I hope the storm will pass quickly and not do too much damage. You are completely right, better be on the safe side an plug out your computer.

When back on, let me know how things are running on your computer.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

I am running updated mbam. After combofix was done i noticed a windows security sheild in my taskbar. It was red and warned no antivirus. I dont know if that was real or fake but we shall see....my next post will be the mbam log. So good morning to you!

Link to post
Share on other sites

this is my mbam log. i downloaded and ran it in safe mode (after updating of course). the red shield is in the taskbar again saying the security center is turned off and i see nothing in the task manager that shows me where or what that is running from. also, rundll32.exe is now running in the task manager processes.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:40:39 PM, on 4/16/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\mmc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\malika\Desktop\ELISE\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.coasttocoastam.com

O15 - Trusted Zone: http://gabster.fm1071.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/dcode/ActiveX/MSDcode.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://win7pro.vlabcenter.com/ActiveX/VMRCActiveXClient1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250558695483

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259529810765

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 8171 bytes

Link to post
Share on other sites

that was the wrong file---here is the correct one----

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6383

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/17/2011 9:07:21 AM

mbam-log-2011-04-17 (09-07-21).txt

Scan type: Full scan (C:\|)

Objects scanned: 263969

Time elapsed: 31 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

i am really messing up here---i posted the wrong file, tried to repost the correct one and cant see it here....for some reason the forum would not let me use the 'add reply' button (maybe it was too soon after my first post?), so i used 'quick reply' then didn't see the reply after i hit 'post'. sorry about all the confusion---here, finally here is the correct log from mbam....(the wrong was a hijack this log i had on the desktop--sorry!)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6383

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/17/2011 9:07:21 AM

mbam-log-2011-04-17 (09-07-21).txt

Scan type: Full scan (C:\|)

Objects scanned: 263969

Time elapsed: 31 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

i get this from kerio:

'application is launching another application:

windows control panel

windows security center notification app"

(i have denied running the app just yet so i do not know what happens yet---i am afraid to!)

Application path: c:\WINDOWS\system32\control.exe

Description: Windows Control Panel

File version: 5.1.2600.0 (xpclient.010817-1148)

Product name: Microsoft

Link to post
Share on other sites

i did not see it before but i know it was there in the task manager--a running process 'wscntfy.exe' when the sheild came up on taskbar. i also did not click on the balloon that says 'click here to fix this problem'. i think it is the real thing, but is it infected?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.