Jump to content

Malware won't Scan


Recommended Posts

Per the instructions, have the two .txt files. Pasting below & attaching. Thank you in advance...

***********

attach.txt*

***********

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/12/2008 8:31:51 AM

System Uptime: 10/31/2011 9:27:08 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Benicia

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | CPU 1 | 2199/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 457 GiB total, 317.807 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 1.258 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Microsoft Tun Miniport Adapter #2

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: HP Photosmart C4500

Device ID: ROOT\IMAGE\0000

Manufacturer: Hewlett-Packard

Name: HP Photosmart C4500

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

AAC Decoder

Acrobat.com

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Bonjour

BufferChm

C4580

C4580_Help

Cards_Calendar_OrderGift_DoMorePlugout

CDDRV_Installer

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

DivX Version Checker

DocProc

DocProcQFolder

Enhanced Multimedia Keyboard Solution

erLT

eSupportQFolder

Facebook Video Calling 1.0.0.8714

Garmin Lifetime Updater

Garmin USB Drivers

Garmin WebUpdater

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService

H.264 Decoder

Hardware Diagnostic Tools

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Experience Enhancements

HP Customer Feedback

HP Demo

HP Easy Setup - Frontend

HP Imaging Device Functions 11.0

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4

HP Photosmart Essential 2.5

HP Photosmart Essential 3.0

HP Picasso Media Center Add-In

HP Smart Web Printing

HP Solution Center 11.0

HP Total Care Advisor

HP Update

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 20

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

KhalInstallWrapper

Korean Fonts Support For Adobe Reader 9

LightScribe System Software 1.10.23.1

LightScribeTemplateLabeler

Logitech QuickCam

Logitech QuickCam Driver Package

Logitech SetPoint

Logitech Updater

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MKV Splitter

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

Network

NLOP

OCR Software by I.R.I.S. 11.0

OGA Notifier 2.0.0048.0

PanoStandAlone

Power2Go

PowerDirector

PS_AIO_04_C4580_ProductContext

PS_AIO_04_C4580_Software

PS_AIO_04_C4580_Software_Min

PSSWCORE

Python 2.5

QuickTime

Real Alternative 1.9.0

RealPlayer

Realtek High Definition Audio Driver

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Segoe UI

Skype™ 5.1

Slacker Software Player

SmartWebPrinting

Soft Data Fax Modem with SmartCP

SolutionCenter

Spybot - Search & Destroy

Status

STOPzilla

SwiftKey 1.0.2 (build 10)

TBS WMP Plug-in

TestPokerStars.com

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.4053

Ventrilo Client

VideoToolkit01

VLC media player 0.9.4

WeatherBug Gadget

WebReg

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xvid 1.2.1 final uninstall

ZIP Reader 8.00.0018

ZoneAlarm Antivirus

ZoneAlarm Internet Security Suite

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

10/31/2011 9:35:58 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

10/31/2011 9:30:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

10/31/2011 9:29:46 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/31/2011 9:29:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/31/2011 9:29:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt is3srv KLIF spldr Wanarpv6

10/31/2011 9:29:09 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/31/2011 9:29:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/31/2011 9:29:09 PM, Error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: Access is denied.

10/31/2011 9:28:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/31/2011 9:28:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/31/2011 9:28:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/31/2011 9:28:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/31/2011 9:27:46 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

10/31/2011 9:27:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

10/31/2011 9:26:07 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

10/31/2011 9:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

10/31/2011 9:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

10/31/2011 9:25:41 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

10/31/2011 9:25:41 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 9:25:41 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 6:11:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt is3srv

10/31/2011 6:11:09 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.

10/31/2011 6:08:35 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C4500 series with shared resource name HP Photosmart C4500 series. Error 2114. The printer cannot be used by others on the network.

10/31/2011 6:03:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee SiteAdvisor Service service to connect.

10/31/2011 6:03:46 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 6:03:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

10/31/2011 5:22:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

10/31/2011 5:22:53 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 5:21:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

10/31/2011 5:21:05 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 5:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

10/31/2011 5:20:47 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

10/31/2011 5:20:22 AM, Error: Service Control Manager [7000] - The ZoneAlarm Toolbar IswSvc service failed to start due to the following error: Access is denied.

10/31/2011 5:19:56 AM, Error: EventLog [6008] - The previous system shutdown at 5:17:56 AM on 10/31/2011 was unexpected.

10/31/2011 5:15:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

10/31/2011 5:15:41 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 5:15:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

10/31/2011 4:58:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.

10/31/2011 4:58:10 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 4:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}

10/31/2011 4:48:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

10/31/2011 4:48:19 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2011 4:47:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

10/31/2011 1:58:57 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.O&threatid=166941 Scan ID: {C287850F-25BE-40D5-8D5A-FCE92BBDDB21} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/Sirefef.O ID: 166941 Severity ID: 5 Category ID: 8 Path: process:pid:968 Action: Remove Error Code: 0x80508017 Error description: Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.

.

==== End Of File ===========================

********

**DDS***

********

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20

Run by PDBill at 21:56:20 on 2011-10-31

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1998 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\949350380:319843015.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\Taskmgr.exe

"C:\Windows\system32\svchost.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

mURLSearchHooks: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - c:\program files\zonealarm_security_suite\prxtbZon0.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real alternative\rpbrowserrecordplugin.dll

BHO: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - c:\program files\zonealarm_security_suite\prxtbZon0.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - c:\program files\zonealarm_security_suite\prxtbZon0.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRunOnce: [GrpConv] grpconv -o

mRunOnce: [Wrapper] runonce

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.250.0.12

TCP: Interfaces\{8A036162-0248-4802-9C30-088CEA65A84C} : DhcpNameServer = 192.168.1.1 71.250.0.12

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 497280]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-25 1153368]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-8 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-25 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

.

=============== Created Last 30 ================

.

2011-11-01 01:45:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-01 01:44:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-01 01:35:59 -------- d-----w- c:\users\pdbill\appdata\roaming\Malwarebytes

2011-10-31 22:39:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-31 20:01:11 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-28 12:26:54 -------- d-----w- c:\program files\STOPzilla!

2011-10-28 12:26:54 -------- d-----w- c:\program files\common files\iS3

2011-10-28 12:26:53 -------- d-----w- c:\programdata\STOPzilla!

2011-10-28 05:55:23 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{333f933a-4c1b-47d7-b6f2-dafbf732051b}\mpengine.dll

2011-10-28 00:08:41 -------- d-----w- c:\program files\zonealarm_security_suite

2011-10-27 23:58:00 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-27 22:39:28 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-10-27 22:39:28 480720 ----a-r- c:\windows\system32\SZBase5.dll

2011-10-27 22:39:28 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-10-27 22:39:28 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-10-27 22:39:26 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-10-27 22:39:26 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-10-27 22:39:26 456144 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-10-27 22:39:26 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-10-27 22:39:26 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-10-27 22:39:26 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-10-27 22:39:26 103888 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-10-27 22:39:24 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2011-10-13 21:47:28 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 21:47:28 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 21:47:28 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 21:47:28 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 21:47:26 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 21:47:11 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 21:47:11 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 21:47:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-13 21:47:11 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 21:47:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-10-07 12:25:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 16:21:00 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys

2011-09-26 16:21:00 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-16 21:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

.

============= FINISH: 21:58:12.71 ===============

attach.txt

dds.txt

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.