|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 9th, 2009, 09:51 AM
|
|||
|
|||
Mozilla Pop Ups
I recently was browsing through websites on Mozilla Firefox and then all the sudden, randomly, adobe reader logo opens and then goes away. Now my AVG Free virus program is saying it detected a threat, my Spybot Search and Destory is saying that there are things wanting to change my registry.
Now, every time I'm on my Mozilla Firefox it has ads poping up and sometimes displaying blank pages and sometimes display random sites. I ran all my virus programs: AVG, SS&D, AdAware, and Malwarebytes' Anti-Malware and removed the files it says were infected. But still these pop ups are showing up. Please help and let me know whatever I can do to help. I want my computer to be virus and bot free. Thank you so much in advance. --------------- Here is a screen shot of one of the pop ups:  --------------- And here is my hijack logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:00:06 AM, on 4/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [CPM87bf6e91] Rundll32.exe "c:\windows\system32\konazuki.dll",a O4 - HKLM\..\Run: [848c5d0d] rundll32.exe "C:\WINDOWS\system32\pawovuda.dll",b O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\mizokomo.dll c:\windows\system32\konazuki.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\konazuki.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\konazuki.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9056 bytes --------------- new pop ups:   ---------------   
Last edited by lemichaelporrec; April 9th, 2009 at 08:10 PM. Reason: added pop up image and logfile 
|
|
#2
April 9th, 2009, 08:03 PM
|
|||
|
|||
|
Can someone please help? I've provided enough information.
|
|
#3
April 10th, 2009, 06:15 AM
|
||||
|
||||
|
Hi lemichaelporrec and welcome. Your Hijack This log indicates that your operating system is infected but I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.
Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Please do not run any programs other than those that I suggest or install any new software while I am helping you.
|
|
#4
April 11th, 2009, 07:06 AM
|
|||
|
|||
|
DDS (Ver_09-03-16.01) - NTFSx86
Run by Michael at 23:04:15.32 on Fri 04/10/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1334 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.dell4me.com/myway uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [<NO NAME>] mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [domeyazosa] Rundll32.exe "c:\windows\system32\hovebipu.dll",s mRun: [CPM87bf6e91] Rundll32.exe "c:\windows\system32\wukaripa.dll",a StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profi les\9u3k4bib.default\ FF - prefs.js: browser.search.selectedEngine - Bomb-mp3 FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\9u3k4bib.default\ext ensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-6 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-8 325640] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-8 27656] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-8 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-8 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120] =============== Created Last 30 ================ 2009-04-09 00:17 <DIR> --d----- c:\docume~1\michael\applic~1\Jasc 2009-04-05 10:37 208,744 a------- c:\windows\system32\muweb.dll 2009-04-05 10:27 <DIR> --dsh--- C:\found.003 2009-04-05 00:28 <DIR> --d----- c:\program files\Jasc Software Inc 2009-04-03 18:43 <DIR> --dsh--- C:\found.002 2009-03-24 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm 2009-03-24 22:08 <DIR> --d----- c:\program files\Last.fm 2009-03-22 00:03 73,728 a------- c:\windows\system32\javacpl.cpl 2009-03-22 00:03 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-21 23:52 <DIR> --dsh--- C:\found.001 2009-03-16 15:38 <DIR> --d----- c:\windows\pss 2009-03-13 12:56 <DIR> --d----- c:\program files\iPod 2009-03-13 12:55 <DIR> --d----- c:\program files\iTunes 2009-03-13 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 10:26 268,648 a------- c:\windows\system32\mucltui.dll 2009-03-13 10:26 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-03-12 13:32 <DIR> --d----- c:\windows\system32\windows media 2009-03-12 13:32 <DIR> --d-h--- c:\windows\msdownld.tmp 2009-03-12 13:32 <DIR> --d----- c:\program files\Windows Media Components 2009-03-12 13:31 <DIR> --d----- c:\program files\Huelix Solutions 2009-03-12 13:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Huelix Solutions 2009-03-12 13:21 <DIR> --d----- c:\documents and settings\michael\dwhelper 2009-03-12 13:08 <DIR> --d----- c:\documents and settings\michael\Tracing 2009-03-12 12:58 <DIR> --d----- c:\program files\common files\Windows Live 2009-03-12 10:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore 2009-03-12 10:57 <DIR> --d----- c:\program files\AIM6 ==================== Find3M ==================== 2009-04-09 12:06 63,488 a--sh--- c:\windows\system32\yopopanu.exe 2009-03-27 13:42 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-03-08 03:18 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-03-08 03:18 325,640 a------- c:\windows\system32\drivers\avgldx86.sys 2009-03-06 20:31 15,688 a------- c:\windows\system32\lsdelete.exe 2009-03-06 20:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-03-03 21:32 78,535 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll ============= FINISH: 23:05:00.99 ===============
|
|
#5
April 11th, 2009, 07:06 AM
|
|||
|
|||
|
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 3/3/2009 4:18:09 PM System Uptime: 4/10/2009 8:17:32 PM (3 hours ago) Motherboard: Dell Inc. | | 0X9238 Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 53.674 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\2B0754E14A4FC000 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\2B0754E14A4FC000 Service: NIC1394 ==== System Restore Points =================== RP1: 3/3/2009 4:18:13 PM - System Checkpoint RP2: 3/3/2009 7:34:55 PM - Removed NetZeroInstallers RP3: 3/3/2009 7:35:25 PM - Removed EarthLink setup files RP4: 3/3/2009 7:36:07 PM - Software Distribution Service 3.0 RP5: 3/3/2009 8:00:50 PM - Software Distribution Service 3.0 RP6: 3/3/2009 8:17:22 PM - Software Distribution Service 3.0 RP7: 3/3/2009 8:19:10 PM - Software Distribution Service 3.0 RP8: 3/3/2009 8:20:01 PM - Software Distribution Service 3.0 RP9: 3/3/2009 8:20:45 PM - Software Distribution Service 3.0 RP10: 3/3/2009 9:24:46 PM - Software Distribution Service 3.0 RP11: 3/3/2009 9:54:42 PM - Installed Windows Media Player 10 RP12: 3/3/2009 9:56:17 PM - Installed Windows Media Player 10 RP13: 3/3/2009 9:56:52 PM - Software Distribution Service 3.0 RP14: 3/3/2009 10:15:32 PM - Software Distribution Service 3.0 RP15: 3/4/2009 7:15:31 AM - Installed Microsoft Office Basic Edition 2003 RP16: 3/5/2009 3:00:15 AM - Software Distribution Service 3.0 RP17: 3/5/2009 9:40:38 PM - Installed Paint Shop Pro 7 Evaluation RP18: 3/5/2009 9:42:56 PM - RP19: 3/6/2009 8:48:59 AM - Software Distribution Service 3.0 RP20: 3/6/2009 4:34:48 PM - Installed iTunes RP21: 3/7/2009 11:30:25 AM - Removed Get High Speed Internet! RP22: 3/7/2009 11:30:58 AM - Removed Jasc Paint Shop Photo Album 5 RP23: 3/7/2009 11:32:16 AM - Removed Jasc Paint Shop Pro Studio, Dell Editon RP24: 3/7/2009 11:37:24 AM - Removed Paint Shop Pro 7 Evaluation RP25: 3/7/2009 11:37:51 AM - RP26: 3/7/2009 11:39:10 AM - Installed Paint Shop Pro 7 Try And Buy RP27: 3/8/2009 2:18:26 AM - Installed AVG Free 8.5 RP28: 3/8/2009 11:58:30 AM - Avg8 Update RP29: 3/9/2009 12:43:41 PM - System Checkpoint RP30: 3/11/2009 10:25:19 AM - System Checkpoint RP31: 3/11/2009 11:01:51 PM - Software Distribution Service 3.0 RP32: 3/12/2009 12:58:47 PM - Removed Windows Live Sign-in Assistant RP33: 3/12/2009 12:59:48 PM - Removed Windows Live Upload Tool RP34: 3/13/2009 12:05:12 PM - Software Distribution Service 3.0 RP35: 3/14/2009 12:51:50 PM - System Checkpoint RP36: 3/15/2009 3:01:10 AM - Software Distribution Service 3.0 RP37: 3/15/2009 3:16:57 AM - Removed Musicmatch for Windows Media Player RP38: 3/15/2009 3:17:59 AM - Removed NetWaiting RP39: 3/15/2009 3:22:00 AM - Removed QuickBooks RP40: 3/15/2009 3:26:32 AM - Removed WordPerfect Office 12 RP41: 3/15/2009 3:30:55 AM - Removed Sonic RecordNow Audio RP42: 3/15/2009 3:32:01 AM - Removed Sonic RecordNow Copy RP43: 3/15/2009 3:32:58 AM - Removed Sonic RecordNow Data RP44: 3/15/2009 3:34:51 AM - Removed Sonic Update Manager RP45: 3/15/2009 3:36:30 AM - Removed Microsoft Plus! Digital Media Edition Installer RP46: 3/15/2009 3:38:50 AM - Removed Microsoft Plus! Photo Story 2 LE RP47: 3/15/2009 3:40:22 AM - Removed Bonjour RP48: 3/16/2009 1:35:56 PM - System Checkpoint RP49: 3/17/2009 5:03:28 PM - System Checkpoint RP50: 3/18/2009 6:25:39 PM - System Checkpoint RP51: 3/19/2009 9:50:51 PM - System Checkpoint RP52: 3/20/2009 10:24:00 PM - System Checkpoint RP53: 3/22/2009 12:02:25 AM - Installed Java(TM) 6 Update 11 RP54: 3/23/2009 2:48:32 PM - System Checkpoint RP55: 3/24/2009 4:17:14 PM - System Checkpoint RP56: 3/25/2009 5:07:23 PM - System Checkpoint RP57: 3/26/2009 10:33:11 AM - Avg8 Update RP58: 3/27/2009 1:40:50 PM - Avg8 Update RP59: 3/27/2009 1:43:44 PM - Avg8 Update RP60: 3/28/2009 2:28:33 PM - System Checkpoint RP61: 3/29/2009 4:27:15 PM - System Checkpoint RP62: 3/30/2009 6:18:05 PM - System Checkpoint RP63: 3/31/2009 1:55:47 PM - Software Distribution Service 3.0 RP64: 4/1/2009 2:13:02 PM - System Checkpoint RP65: 4/2/2009 2:28:53 PM - System Checkpoint RP66: 4/3/2009 7:50:17 PM - System Checkpoint RP67: 4/4/2009 9:45:10 PM - System Checkpoint RP68: 4/5/2009 12:26:42 AM - Removed Paint Shop Pro 7 Try And Buy RP69: 4/5/2009 12:28:47 AM - Installed Paint Shop Pro 7 Evaluation RP70: 4/6/2009 12:38:04 AM - System Checkpoint RP71: 4/7/2009 12:40:03 AM - System Checkpoint RP72: 4/8/2009 2:12:24 AM - System Checkpoint RP73: 4/9/2009 12:17:56 AM - RP74: 4/10/2009 1:01:04 AM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 6.0.1 AIM 6 ALPS Touch Pad Driver AOLIcon Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver AVG 8.5 Broadcom Management Programs 2 Conexant D110 MDC V.92 Modem Critical Update for Windows Media Player 11 (KB959772) Dell Driver Reset Tool Dell Media Experience Dell Picture Studio v3.0 Dell Support 5.0.0 (630) Dell System Restore Digital Line Detect HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel(R) PROSet/Wireless Software Internal Network Card Power Management Internet Explorer Default Page iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 11 Last.fm 1.5.4.24567 Macromedia Flash Player Malwarebytes' Anti-Malware mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable mIWA mIWCA mLogView mMHouse Modem Helper Mozilla Firefox (3.0.8) mPfMgr mPfWiz mProSafe mSSO MSXML 4.0 SP2 (KB954430) mToolkit mWlsSafe mXML My Way Search Assistant mZConfig Notepad++ Paint Shop Pro 7 Evaluation PowerDVD 5.5 QuickSet QuickTime RealPlayer Basic Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Sonic DLA Spybot - Search & Destroy Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 4/5/2009 12:26:57 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 4/4/2009 12:29:23 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 4/9/2009 11:25:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde 4/10/2009 2:53:42 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/10/2009 2:57:39 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0012F07F9705 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 4/10/2009 3:08:28 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00123FD6C8F7. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 4/10/2009 6:56:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/10/2009 7:26:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 4/10/2009 8:41:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F07F9705 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). ==== End Of File ===========================
|
|
#6
April 11th, 2009, 07:21 AM
|
||||
|
||||
|
Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).
Doubleclick on combofix.exe and the scan will start (go ahead and install the Recovery Console if you are asked to do so). When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. NB Please disable your antivirus program as it may interfere with ComboFix's routines.
|
|
#7
April 11th, 2009, 08:10 AM
|
|||
|
|||
|
ComboFix 09-04-04.01 - Michael 2009-04-10 23:56:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1512 [GMT -7:00] Running from: C:\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-10 23:30 . 2009-04-10 23:30 3,067,803 -ra------ C:\ComboFix.exe 2009-04-09 00:17 . 2009-04-09 00:17 <DIR> d-------- c:\documents and settings\Michael\Application Data\Jasc 2009-04-05 10:37 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-05 10:27 . 2009-04-05 10:27 <DIR> d--hs---- C:\found.003 2009-04-05 00:28 . 2009-04-05 00:28 <DIR> d-------- c:\program files\Jasc Software Inc 2009-04-03 18:43 . 2009-04-03 18:43 <DIR> d--hs---- C:\found.002 2009-04-03 18:15 . 2009-04-03 18:15 <DIR> d-------- c:\documents and settings\Frank\Application Data\AdobeUM 2009-03-24 22:09 . 2009-03-24 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm 2009-03-24 22:08 . 2009-03-27 16:26 <DIR> d-------- c:\program files\Last.fm 2009-03-22 00:03 . 2009-03-22 00:02 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 00:03 . 2009-03-22 00:02 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-21 23:52 . 2009-03-21 23:52 <DIR> d--hs---- C:\found.001 2009-03-17 21:50 . 2009-03-17 21:50 <DIR> d-------- c:\documents and settings\Michael\Application Data\AdobeUM 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\program files\Notepad++ 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\documents and settings\Michael\Application Data\Notepad++ 2009-03-13 12:56 . 2009-03-13 12:56 <DIR> d-------- c:\program files\iPod 2009-03-13 12:55 . 2009-03-15 05:51 <DIR> d-------- c:\program files\iTunes 2009-03-13 12:55 . 2009-03-13 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 10:26 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:26 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\windows\system32\windows media 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\program files\Windows Media Components 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\program files\Huelix Solutions 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Huelix Solutions 2009-03-12 13:21 . 2009-03-12 13:21 <DIR> d-------- c:\documents and settings\Michael\dwhelper 2009-03-12 13:08 . 2009-03-12 13:08 <DIR> d-------- c:\documents and settings\Michael\Tracing 2009-03-12 12:58 . 2009-03-12 12:58 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-12 11:00 . 2009-03-12 11:00 <DIR> d-------- c:\documents and settings\Michael\Application Data\acccore 2009-03-12 10:59 . 2009-03-12 11:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2009-03-12 10:59 . 2009-03-12 10:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-03-12 10:57 . 2009-03-12 10:59 <DIR> d-------- c:\program files\AIM6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-04-11 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-09 20:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-09 19:06 63,488 --sha-w c:\windows\system32\yopopanu.exe 2009-03-27 20:42 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-22 07:02 --------- d-----w c:\program files\Java 2009-03-15 10:34 --------- d-----w c:\program files\Sonic 2009-03-15 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-03-15 10:23 --------- d-----w c:\program files\Common Files\Intuit 2009-03-15 10:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 10:17 --------- d-----w c:\program files\MUSICMATCH 2009-03-13 20:13 --------- d-----w c:\program files\Microsoft Works 2009-03-13 19:56 --------- d-----w c:\program files\Common Files\Apple 2009-03-13 18:36 --------- d-----w c:\program files\Rainlendar2 2009-03-12 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-12 17:58 --------- d-----w c:\program files\Common Files\AOL 2009-03-10 06:20 --------- d-----w c:\documents and settings\Frank\Application Data\Apple Computer 2009-03-08 10:18 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-08 10:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-08 10:18 --------- d-----w c:\program files\AVG 2009-03-07 03:31 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-07 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-07 03:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-07 03:26 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-07 03:26 --------- d-----w c:\program files\Lavasoft 2009-03-07 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-07 03:13 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes 2009-03-07 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 03:09 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-07 00:35 --------- d-----w c:\documents and settings\Michael\Application Data\Apple Computer 2009-03-07 00:34 --------- d-----w c:\program files\QuickTime 2009-03-07 00:33 --------- d-----w c:\program files\Apple Software Update 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-06 00:16 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 15:21 --------- d-----w c:\documents and settings\Frank\Application Data\CyberLink 2009-03-04 15:17 --------- d-----w c:\program files\Common Files\L&H 2009-03-04 15:16 --------- d-----w c:\program files\Microsoft ActiveSync 2009-03-04 15:15 --------- d-----w c:\program files\Microsoft.NET 2009-03-04 05:58 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-04 04:01 --------- d-----w c:\program files\MSXML 4.0 2009-03-04 03:32 --------- d-----w c:\program files\McAfee.com 2009-03-04 03:32 --------- d-----w c:\program files\Common Files\SWF Studio 2009-03-04 00:20 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall 2009-03-04 00:20 --------- d-----w c:\documents and settings\Frank\Application Data\McAfee.com Personal Firewall 2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-06 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-10 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 03:18 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-06-10 03:12 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-06 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120] . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-06 20:29] 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe HKLM-Run-domeyazosa - c:\windows\system32\hovebipu.dll HKLM-Run-CPM87bf6e91 - c:\windows\system32\wukaripa.dll MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ FF - prefs.js: browser.search.selectedEngine - Bomb-mp3 FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ext ensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************** ************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 23:59:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1084) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'winlogon.exe'(1268) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-04-11 0:02:38 ComboFix-quarantined-files.txt 2009-04-11 07:02:32 Pre-Run: 57,495,977,984 bytes free Post-Run: 57,514,930,176 bytes free 197 --- E O F --- 2009-03-15 10:15:23
|
|
#8
April 11th, 2009, 10:17 AM
|
||||
|
||||
|
Before we go any further, could you please follow the instructions here and disable Spybot's TeaTimer else any changes we make may not be saved. Please make sure that it stays disabled until I give you the "all clear". If TeaTimer reinstates itself, please uninstall Spybot before it causes problems.
Open notepad and copy and paste the text in the codebox below into it: Code:
File:: c:\windows\system32\yopopanu.exe  ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.
|
|
#9
April 11th, 2009, 10:46 AM
|
|||
|
|||
|
ComboFix 09-04-04.01 - Michael 2009-04-11 2:40:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1357 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point FILE :: c:\windows\system32\yopopanu.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\yopopanu.exe . ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-10 23:30 . 2009-04-10 23:30 3,067,803 -ra------ C:\ComboFix.exe 2009-04-09 00:17 . 2009-04-09 00:17 <DIR> d-------- c:\documents and settings\Michael\Application Data\Jasc 2009-04-05 10:37 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-05 10:27 . 2009-04-05 10:27 <DIR> d--hs---- C:\found.003 2009-04-05 00:28 . 2009-04-05 00:28 <DIR> d-------- c:\program files\Jasc Software Inc 2009-04-03 18:43 . 2009-04-03 18:43 <DIR> d--hs---- C:\found.002 2009-04-03 18:15 . 2009-04-03 18:15 <DIR> d-------- c:\documents and settings\Frank\Application Data\AdobeUM 2009-03-24 22:09 . 2009-03-24 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm 2009-03-24 22:08 . 2009-03-27 16:26 <DIR> d-------- c:\program files\Last.fm 2009-03-22 00:03 . 2009-03-22 00:02 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 00:03 . 2009-03-22 00:02 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-21 23:52 . 2009-03-21 23:52 <DIR> d--hs---- C:\found.001 2009-03-17 21:50 . 2009-03-17 21:50 <DIR> d-------- c:\documents and settings\Michael\Application Data\AdobeUM 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\program files\Notepad++ 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\documents and settings\Michael\Application Data\Notepad++ 2009-03-13 12:56 . 2009-03-13 12:56 <DIR> d-------- c:\program files\iPod 2009-03-13 12:55 . 2009-03-15 05:51 <DIR> d-------- c:\program files\iTunes 2009-03-13 12:55 . 2009-03-13 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 10:26 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:26 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\windows\system32\windows media 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\program files\Windows Media Components 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\program files\Huelix Solutions 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Huelix Solutions 2009-03-12 13:21 . 2009-03-12 13:21 <DIR> d-------- c:\documents and settings\Michael\dwhelper 2009-03-12 13:08 . 2009-03-12 13:08 <DIR> d-------- c:\documents and settings\Michael\Tracing 2009-03-12 12:58 . 2009-03-12 12:58 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-12 11:00 . 2009-03-12 11:00 <DIR> d-------- c:\documents and settings\Michael\Application Data\acccore 2009-03-12 10:59 . 2009-03-12 11:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2009-03-12 10:59 . 2009-03-12 10:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-03-12 10:57 . 2009-03-12 10:59 <DIR> d-------- c:\program files\AIM6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-04-11 09:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-11 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-09 20:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-27 20:42 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-22 07:02 --------- d-----w c:\program files\Java 2009-03-15 10:34 --------- d-----w c:\program files\Sonic 2009-03-15 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-03-15 10:23 --------- d-----w c:\program files\Common Files\Intuit 2009-03-15 10:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 10:17 --------- d-----w c:\program files\MUSICMATCH 2009-03-13 20:13 --------- d-----w c:\program files\Microsoft Works 2009-03-13 19:56 --------- d-----w c:\program files\Common Files\Apple 2009-03-13 18:36 --------- d-----w c:\program files\Rainlendar2 2009-03-12 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-12 17:58 --------- d-----w c:\program files\Common Files\AOL 2009-03-10 06:20 --------- d-----w c:\documents and settings\Frank\Application Data\Apple Computer 2009-03-08 10:18 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-08 10:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-08 10:18 --------- d-----w c:\program files\AVG 2009-03-07 03:31 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-07 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-07 03:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-07 03:26 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-07 03:26 --------- d-----w c:\program files\Lavasoft 2009-03-07 03:13 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes 2009-03-07 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 00:35 --------- d-----w c:\documents and settings\Michael\Application Data\Apple Computer 2009-03-07 00:34 --------- d-----w c:\program files\QuickTime 2009-03-07 00:33 --------- d-----w c:\program files\Apple Software Update 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-06 00:16 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 15:21 --------- d-----w c:\documents and settings\Frank\Application Data\CyberLink 2009-03-04 15:17 --------- d-----w c:\program files\Common Files\L&H 2009-03-04 15:16 --------- d-----w c:\program files\Microsoft ActiveSync 2009-03-04 15:15 --------- d-----w c:\program files\Microsoft.NET 2009-03-04 05:58 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-04 04:01 --------- d-----w c:\program files\MSXML 4.0 2009-03-04 03:32 --------- d-----w c:\program files\McAfee.com 2009-03-04 03:32 --------- d-----w c:\program files\Common Files\SWF Studio 2009-03-04 00:20 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall 2009-03-04 00:20 --------- d-----w c:\documents and settings\Frank\Application Data\McAfee.com Personal Firewall 2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-11_ 0.00.00.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-11 07:31:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2d0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-06 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "domeyazosa"="c:\windows\system32\hovebipu.dll " [BU] "CPM87bf6e91"="c:\windows\system32\wukaripa.dl l" [BU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-10 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 03:18 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-06-10 03:12 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-06 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120] . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-06 20:29] 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ FF - prefs.js: browser.search.selectedEngine - Bomb-mp3 FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ext ensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************** ************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 02:42:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1040) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-04-11 2:45:26 ComboFix-quarantined-files.txt 2009-04-11 09:45:15 ComboFix2.txt 2009-04-11 07:02:41 Pre-Run: 57,502,117,888 bytes free Post-Run: 57,488,683,008 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect 203 --- E O F --- 2009-03-15 10:15:23
|
|
#10
April 12th, 2009, 12:05 AM
|
||||
|
||||
|
Did you disable TeaTimer as I asked? Something has put some malware startups back and TeaTimer is a prime suspect. I think it would be a good idea to uninstall Spybot. Reboot afterwards please.
Next, open notepad and copy and paste the text in the codebox below into it. Save the file as CFScript.txt and drop it on ComboFix like you did before. Code:
Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "domeyazosa"=- "CPM87bf6e91"=- Also go online and update Malwarebytes' Anti-Malware please. When you have done this, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply.
|
|
#11
April 12th, 2009, 06:26 AM
|
|||
|
|||
|
ComboFix 09-04-04.01 - Michael 2009-04-11 20:44:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))))) . 2009-04-11 20:42 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-10 23:30 . 2009-04-10 23:30 3,067,803 -ra------ C:\ComboFix.exe 2009-04-09 00:17 . 2009-04-09 00:17 <DIR> d-------- c:\documents and settings\Michael\Application Data\Jasc 2009-04-05 10:37 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-05 10:27 . 2009-04-05 10:27 <DIR> d--hs---- C:\found.003 2009-04-05 00:28 . 2009-04-05 00:28 <DIR> d-------- c:\program files\Jasc Software Inc 2009-04-03 18:43 . 2009-04-03 18:43 <DIR> d--hs---- C:\found.002 2009-04-03 18:15 . 2009-04-03 18:15 <DIR> d-------- c:\documents and settings\Frank\Application Data\AdobeUM 2009-03-24 22:09 . 2009-03-24 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm 2009-03-24 22:08 . 2009-03-27 16:26 <DIR> d-------- c:\program files\Last.fm 2009-03-22 00:03 . 2009-03-22 00:02 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 00:03 . 2009-03-22 00:02 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-21 23:52 . 2009-03-21 23:52 <DIR> d--hs---- C:\found.001 2009-03-17 21:50 . 2009-03-17 21:50 <DIR> d-------- c:\documents and settings\Michael\Application Data\AdobeUM 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\program files\Notepad++ 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\documents and settings\Michael\Application Data\Notepad++ 2009-03-13 12:56 . 2009-03-13 12:56 <DIR> d-------- c:\program files\iPod 2009-03-13 12:55 . 2009-03-15 05:51 <DIR> d-------- c:\program files\iTunes 2009-03-13 12:55 . 2009-03-13 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 10:26 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:26 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\windows\system32\windows media 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\program files\Windows Media Components 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\program files\Huelix Solutions 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Huelix Solutions 2009-03-12 13:21 . 2009-03-12 13:21 <DIR> d-------- c:\documents and settings\Michael\dwhelper 2009-03-12 13:08 . 2009-03-12 13:08 <DIR> d-------- c:\documents and settings\Michael\Tracing 2009-03-12 12:58 . 2009-03-12 12:58 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-12 11:00 . 2009-03-12 11:00 <DIR> d-------- c:\documents and settings\Michael\Application Data\acccore 2009-03-12 10:59 . 2009-03-12 11:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2009-03-12 10:59 . 2009-03-12 10:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-03-12 10:57 . 2009-03-12 10:59 <DIR> d-------- c:\program files\AIM6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-04-11 09:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-11 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-09 20:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-27 20:42 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-22 07:02 --------- d-----w c:\program files\Java 2009-03-15 10:34 --------- d-----w c:\program files\Sonic 2009-03-15 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-03-15 10:23 --------- d-----w c:\program files\Common Files\Intuit 2009-03-15 10:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 10:17 --------- d-----w c:\program files\MUSICMATCH 2009-03-13 20:13 --------- d-----w c:\program files\Microsoft Works 2009-03-13 19:56 --------- d-----w c:\program files\Common Files\Apple 2009-03-13 18:36 --------- d-----w c:\program files\Rainlendar2 2009-03-12 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-12 17:58 --------- d-----w c:\program files\Common Files\AOL 2009-03-10 06:20 --------- d-----w c:\documents and settings\Frank\Application Data\Apple Computer 2009-03-08 10:18 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-08 10:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-08 10:18 --------- d-----w c:\program files\AVG 2009-03-07 03:31 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-07 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-07 03:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-07 03:26 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-07 03:26 --------- d-----w c:\program files\Lavasoft 2009-03-07 03:13 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes 2009-03-07 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 00:35 --------- d-----w c:\documents and settings\Michael\Application Data\Apple Computer 2009-03-07 00:34 --------- d-----w c:\program files\QuickTime 2009-03-07 00:33 --------- d-----w c:\program files\Apple Software Update 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-06 00:16 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 15:21 --------- d-----w c:\documents and settings\Frank\Application Data\CyberLink 2009-03-04 15:17 --------- d-----w c:\program files\Common Files\L&H 2009-03-04 15:16 --------- d-----w c:\program files\Microsoft ActiveSync 2009-03-04 15:15 --------- d-----w c:\program files\Microsoft.NET 2009-03-04 05:58 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-04 04:01 --------- d-----w c:\program files\MSXML 4.0 2009-03-04 03:32 --------- d-----w c:\program files\McAfee.com 2009-03-04 03:32 --------- d-----w c:\program files\Common Files\SWF Studio 2009-03-04 00:20 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall 2009-03-04 00:20 --------- d-----w c:\documents and settings\Frank\Application Data\McAfee.com Personal Firewall 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-11_ 0.00.00.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-11 17:01:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_354.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-06 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-10 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 03:18 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-06-10 03:12 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-06 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120] . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-06 20:29] 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ FF - prefs.js: browser.search.selectedEngine - Bomb-mp3 FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ext ensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************** ************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-11 20:46:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-04-11 20:51:37 ComboFix-quarantined-files.txt 2009-04-12 03:51:33 ComboFix2.txt 2009-04-11 09:45:27 ComboFix3.txt 2009-04-11 07:02:41 Pre-Run: 57,473,953,792 bytes free Post-Run: 57,458,974,720 bytes free 191 --- E O F --- 2009-03-15 10:15:23
|
|
#12
April 12th, 2009, 06:32 AM
|
|||
|
|||
|
Malwarebytes' Anti-Malware 1.36
Database version: 1970 Windows 5.1.2600 Service Pack 3 4/11/2009 10:32:14 PM mbam-log-2009-04-11 (22-32-14).txt Scan type: Quick Scan Objects scanned: 71933 Time elapsed: 6 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
|
|
#13
April 12th, 2009, 07:52 AM
|
||||
|
||||
|
Good. Run ComboFix again but use the below script this time.
Code:
File:: C:\pv.exe After ComboFix has completed, go here and download ATF cleaner. Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser. Next, disable your antivirus program and go here -> http://www.eset.com/onlinescan and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here. Also tell me if you still have any problems.
|
|
#14
April 12th, 2009, 08:09 AM
|
|||
|
|||
|
ComboFix 09-04-04.01 - Michael 2009-04-12 0:02:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1526 [GMT -7:00] Running from: C:\ComboFix.exe Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point FILE :: C:\pv.exe . ((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))))) . 2009-04-10 23:30 . 2009-04-10 23:30 3,067,803 -ra------ C:\ComboFix.exe 2009-04-09 00:17 . 2009-04-09 00:17 <DIR> d-------- c:\documents and settings\Michael\Application Data\Jasc 2009-04-05 10:37 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-04-05 10:27 . 2009-04-05 10:27 <DIR> d--hs---- C:\found.003 2009-04-05 00:28 . 2009-04-05 00:28 <DIR> d-------- c:\program files\Jasc Software Inc 2009-04-03 18:43 . 2009-04-03 18:43 <DIR> d--hs---- C:\found.002 2009-04-03 18:15 . 2009-04-03 18:15 <DIR> d-------- c:\documents and settings\Frank\Application Data\AdobeUM 2009-03-24 22:09 . 2009-03-24 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm 2009-03-24 22:08 . 2009-03-27 16:26 <DIR> d-------- c:\program files\Last.fm 2009-03-22 00:03 . 2009-03-22 00:02 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 00:03 . 2009-03-22 00:02 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-21 23:52 . 2009-03-21 23:52 <DIR> d--hs---- C:\found.001 2009-03-17 21:50 . 2009-03-17 21:50 <DIR> d-------- c:\documents and settings\Michael\Application Data\AdobeUM 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\program files\Notepad++ 2009-03-17 12:54 . 2009-03-17 12:54 <DIR> d-------- c:\documents and settings\Michael\Application Data\Notepad++ 2009-03-13 12:56 . 2009-03-13 12:56 <DIR> d-------- c:\program files\iPod 2009-03-13 12:55 . 2009-03-15 05:51 <DIR> d-------- c:\program files\iTunes 2009-03-13 12:55 . 2009-03-13 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 10:26 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:26 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\windows\system32\windows media 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-12 13:32 . 2009-03-12 13:32 <DIR> d-------- c:\program files\Windows Media Components 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\program files\Huelix Solutions 2009-03-12 13:31 . 2009-03-12 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Huelix Solutions 2009-03-12 13:21 . 2009-03-12 13:21 <DIR> d-------- c:\documents and settings\Michael\dwhelper 2009-03-12 13:08 . 2009-03-12 13:08 <DIR> d-------- c:\documents and settings\Michael\Tracing 2009-03-12 12:58 . 2009-03-12 12:58 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-12 11:00 . 2009-03-12 11:00 <DIR> d-------- c:\documents and settings\Michael\Application Data\acccore 2009-03-12 10:59 . 2009-03-12 11:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP 2009-03-12 10:59 . 2009-03-12 10:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-03-12 10:57 . 2009-03-12 10:59 <DIR> d-------- c:\program files\AIM6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-04-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-11 09:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-11 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-06 22:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 22:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-27 20:42 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-22 07:02 --------- d-----w c:\program files\Java 2009-03-15 10:34 --------- d-----w c:\program files\Sonic 2009-03-15 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-03-15 10:23 --------- d-----w c:\program files\Common Files\Intuit 2009-03-15 10:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 10:17 --------- d-----w c:\program files\MUSICMATCH 2009-03-13 20:13 --------- d-----w c:\program files\Microsoft Works 2009-03-13 19:56 --------- d-----w c:\program files\Common Files\Apple 2009-03-13 18:36 --------- d-----w c:\program files\Rainlendar2 2009-03-12 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-12 17:58 --------- d-----w c:\program files\Common Files\AOL 2009-03-10 06:20 --------- d-----w c:\documents and settings\Frank\Application Data\Apple Computer 2009-03-08 10:18 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-08 10:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-08 10:18 --------- d-----w c:\program files\AVG 2009-03-07 03:31 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-07 03:31 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-07 03:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-07 03:26 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-07 03:26 --------- d-----w c:\program files\Lavasoft 2009-03-07 03:13 --------- d-----w c:\documents and settings\Michael\Application Data\Malwarebytes 2009-03-07 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 00:35 --------- d-----w c:\documents and settings\Michael\Application Data\Apple Computer 2009-03-07 00:34 --------- d-----w c:\program files\QuickTime 2009-03-07 00:33 --------- d-----w c:\program files\Apple Software Update 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-07 00:33 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-03-06 00:16 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 15:21 --------- d-----w c:\documents and settings\Frank\Application Data\CyberLink 2009-03-04 15:17 --------- d-----w c:\program files\Common Files\L&H 2009-03-04 15:16 --------- d-----w c:\program files\Microsoft ActiveSync 2009-03-04 15:15 --------- d-----w c:\program files\Microsoft.NET 2009-03-04 05:58 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-04 04:01 --------- d-----w c:\program files\MSXML 4.0 2009-03-04 03:32 --------- d-----w c:\program files\McAfee.com 2009-03-04 03:32 --------- d-----w c:\program files\Common Files\SWF Studio 2009-03-04 00:20 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall 2009-03-04 00:20 --------- d-----w c:\documents and settings\Frank\Application Data\McAfee.com Personal Firewall 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-11_ 0.00.00.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-12 06:19:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-06 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-08 1932568] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-10 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-08 03:18 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-06-10 03:12 26112 c:\program files\Real\RealPlayer\realplay.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-06 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-08 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-08 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-08 298264] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120] . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-06 20:29] 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ FF - prefs.js: browser.search.selectedEngine - Bomb-mp3 FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\9u3k4bib.default\ext ensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************** ************************ catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-12 00:04:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1016) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-04-12 0:07:29 ComboFix-quarantined-files.txt 2009-04-12 07:07:26 ComboFix2.txt 2009-04-12 03:51:39 ComboFix3.txt 2009-04-11 09:45:27 ComboFix4.txt 2009-04-11 07:02:41 Pre-Run: 57,389,297,664 bytes free Post-Run: 57,380,229,120 bytes free 190 --- E O F --- 2009-03-15 10:15:23
|
|
#15
April 12th, 2009, 10:53 AM
|
|||
|
|||
|
# version=4
# OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=4002 (20090411) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=eff85559fd20634ba90f5befa09e4c5a # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-04-12 09:18:59 # local_time=2009-04-12 02:18:59 (-0800, Pacific Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=273886 # found=0 # scan_time=7267
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Mozilla Help!!! | Compguy1123 | Windows XP | 4 | August 25th, 2008 02:36 AM |
| mozilla and ie help!!!!!!!! | Silverflame | Internet / Browsers | 11 | February 6th, 2006 09:47 PM |
| IE or Mozilla? | blakey81 | Internet / Browsers | 11 | June 28th, 2004 05:24 AM |
| Mozilla help | Jas | Linux | 8 | February 29th, 2004 11:38 PM |
All times are GMT +1. The time now is 12:04 PM.